Technology Forum

Technology Forum


virtumonde virus removed but problems with Firefox and HD

This is a discussion on virtumonde virus removed but problems with Firefox and HD within the Spyware forums, part of Technology category; I removed the virus with all the recommended products and know its virus/Spyware free but I still think there ...




Go Back   Technology Forum > Technology > Spyware

virtumonde virus removed but problems with Firefox and HD virtumonde virus removed but problems with Firefox and HD

Register FAQ Members List Calendar Search Today's Posts Mark All Read

Reply

 

Thread Tools Display Modes
  #1  
Old 04-19-2008, 10:22 PM
Tech Ace Tech Ace is offline
Senior Member
  
Join Date: Apr 2008
Posts: 30,703
Default virtumonde virus removed but problems with Firefox and HD



I removed the virus with all the recommended products and know its virus/Spyware free but I still think there something scenning my HDI removed the virus with all the recommended products and know its virus/Spyware free but I still think there something scanning my HD as its constantly activeLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:38:41, on 18/04/2008Platform: windows vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\s ystem32\csrss.exeC:\Windows\system32\wininit.exeC: \Windows\system32\csrss.exeC:\Windows\system32\ser vices.exeC:\Windows\system32\lsass.exeC:\Windows\s ystem32\lsm.exeC:\Windows\system32\winlogon.exeC:\ Windows\system32\svchost.exeC:\Windows\system32\sv chost.exeC:\Windows\System32\svchost.exeC:\Windows \System32\svchost.exeC:\Windows\system32\svchost.e xeC:\Windows\system32\SLsvc.exeC:\Windows\system32 \svchost.exeC:\Windows\system32\svchost.exeC:\Prog ram Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exeC:\Windows\system32 \Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Winamp\winampa.exeC:\Windows\RtHDVCpl.exeC:\ Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\VMware\VMware Workstation\vmware-tray.exeC:\Program Files\VMware\VMware Workstation\hqtray.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Registry Clean Expert\RCHelper.exeC:\Windows\System32\rundll32.ex eC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32 \dlbkcoms.exeC:\Windows\system32\lxdacoms.exec:\PR OGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGR A~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Windows\system32\s vchost.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Windows\system32\svchost.exeC :\Program Files\VMware\VMware Workstation\vmware-authd.exeC:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeC:\Windows\system32\vmnat.exeC: \Windows\system32\svchost.exeC:\Windows\System32\s vchost.exeC:\Windows\system32\SearchIndexer.exeC:\ Windows\system32\vmnetdhcp.exeC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Windows\system32\taskeng.ex eC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exeC:\Windows\sy stem32\wbem\wmiprvse.exeC:\PROGRA~1\McAfee\VIRUSS~ 1\mcsysmon.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcna svc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\NewsLeecher\newsLeecher.exeC:\Windows\system 32\rundll32.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32 \wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itv.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 129.12.3.74:3124R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hideO4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startupO4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Mike\AppData\Local\Temp\efccdecb.dll,cO4 - HKCU\..\Run: [90180207] rundll32.exe "C:\Users\Mike\AppData\Local\Temp\pxnkylyy.dll",bO 4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mike\appdata\local\temp\VMWARE~1.SH! (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mike\appdata\local\temp\VMWARE~1.SH! (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO13 - Gopher Prefix:O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../crlocx.ocxO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: McAfee Application Installer Cleanup (0107191208511577) (0107191208511577mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\010719~1.EXEO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: dlbk_device - - C:\Windows\system32\dlbkcoms.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: lxda_device - - C:\Windows\system32\lxdacoms.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exeO23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe--End of file - 12367 bytes
Reply With Quote
Reply

« Paifully Slow | Yourprivacyguard/systemerrorfixer/... »
Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads

Thread Thread Starter Forum Replies Last Post
virtumonde removed (i think) but possible port issues/blocking? Tech Ace Spyware 0 09-17-2008 07:57 PM
I have removed the soundmix.exe virus, and it has become even more lethal! Tech Ace Windows XP 0 08-18-2008 04:44 PM
Virtumonde removed? userinit and rundll32 application errors Tech Ace Spyware 0 07-21-2008 05:51 AM
Help pl > Virus removed but still troubling Tech Ace Spyware 0 06-08-2008 04:40 PM
Unable to set system restore point, had 'virus heat', I then removed it... Tech Ace Spyware 0 04-25-2008 05:06 AM

Networking | Windows Vista | Motherboards | Hard Drives | Virus Information | 0x8007f0f1 | hellzlittlespy | Chrome Plugins

Your Computer Networking, Hardware, Software, Windows, Spyware and Malware Info source.


Tech Articles: Cameras | Cell Phones | Security | Hardware | Software | Television

SEO | Domain Forum


All times are GMT. The time now is 02:53 PM.

Contact Us - Tech Forum - Sitemap - Tags - Privacy Statement - Top


Powered by vBulletin® Version 3.7.3