Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:30:24 PM, on 12/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\winlogonsys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Microsoft] winlogonsys.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [Microsoft] winlogonsys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- End of file - 4301 bytes
Oh really? Hmm....then I'll just to find an alternative reason that my programs and mozilla firefox/internet explorer has been starting up slowly. By the way, what is the Vondo Trojan? Is it something thats easily terminated?
Here's the info: http://en.wikipedia.org/wiki/Vundo_trojan http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99 Run a Virus scan and remove any issues. Download the free CCleaner http://www.ccleaner.com/download and clean up your registry. Run Disc Cleanup and Disc Defragmenter. May need to configure startups and auto start services. We can talk about that later, after you've tried these other fixes. A slow running PC can be caused by a combination of several things. Running two browsers. First I would delete firefox for now, you can download it again later. Next, go to Start> Control Panel> Internet Options> Advanced Tab> Reset Internet Explorer. After doing this you may possibly need to download IE7, then reset your home page. Go back to Internet Options> General Tab> Home Page. Type in your regular home page address. Example: Comcast.net> click apply. Open your browser. Your new home should be there if you typed the correct address. Note: If your not sure what the home page is. Go there first, write is down, before reseting the Internet Explorer. Now go to Start> Run> type, sfc /scannow, this will also clean things up.
My man, I really want to take time to thank you for simply reading and responding to my thread. This certainly was most helpful. Now, to try the last step you mentioned. Thank you again, you've single-handedly made us newbies feel safe to be just that.
uh ohhhh Key Logger: (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans). Password Capture: A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password.
CPUNuBee, No problem at all, helping people is what it's all about. This is why I donate much of my free time to these help forums. I'm retired so gives me something useful to do. LOL Yesterday, I answered more than two dozen questions, spanning over four different help forum websites. Sometimes, when I make my first assessment I tend to miss a couple of things. As echoreply, was so kind to point out. Thank you, for the heads up! uh ohhh LOL The two items he suggested I agree should also be removed. I put in a half day of yard work, at my age really took it out of me. I should of bought a smaller property. Feels good to sit down with a hot cup of coffee and play a bit on the computer. So, how are you comming along with your computer, are we having fun yet? LOL After you get done, generate another log and post it here. Well it's off to another website, the emails are stacking up. Take care...
CPUNuBee, you have a keylogger on your computer, clearly showing in the hjt log. i suggest a online scan or two: F-secure scan: http://support.f-secure.com/enu/home/ols.shtml uses Internet Explorer only click on the "start scanning button" near bottom of page. click to accept/install the ActiveX applet "accept" the License Agreement, click "full system scan" Once the download of files completes,the scan will begin automatically. The scan may take some time to finish. When the scan completes, click the Automatic cleaning (recommended) button. ----------------------------------------------------------- ESET online scanner: http://www.eset.com/onlinescan/ uses Internet Explorer only check "YES" to accept terms click start button allow the ActiveX component to install click the start button. the Scanner will update. check both "Remove found threats" and "Scan unwanted applications" click scan when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
