-
Virtumode.dll
Hello,
Spybot found this trojan but was unable to remove it. This is my Hijack This log. Any help much appreciated!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:22, on 27/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage
Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch
Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0
\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP wireless
Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-
Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Presario&pf=lap
top
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Presario&pf=lap
top
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Presario&pf=lap
top
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0
-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-
2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1
\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-
90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-
95DAC4DFA408} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464
-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-
4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8
\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-
7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.3572
\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD
-4243D8127440} - C:\Program
Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-
A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-
FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-
4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8
\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD
-4243D8127440} - C:\Program
Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program
Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program
Files\Intel\Intel Matrix Storage
Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program
Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-
Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program
Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe"
"C:\Program Files\CyberLink\YouCam" update
"Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%
\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health
Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program
Files\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common Files\Real\Update_OB\realsched.exe" -
osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8
\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32
\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32
\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32
\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0
\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32
\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows
Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows
Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%
\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]
rundll32.exe oobefldr.dll,ShowWelcomeCenter (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%
\Windows Sidebar\Sidebar.exe /detectMem (User
'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program
Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft
Excel - res://C:\PROGRA~1\MICROS~3\Office12
\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-
4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3
\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1
\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-
B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11
\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-
A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1
\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &
Destroy Configuration - {DFB852A3-47F8-48C4-A200-
58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-
A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8
\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG
Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8
\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development
Company, L.P. - C:\Program Files\Hewlett-Packard\HP
Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc.
- C:\Program Files\HP Games\My HP Game
Console\GameConsoleService.exe
O23 - Service: Google Update Service
(gupdate1ca12d34445c130) (gupdate1ca12d34445c130) -
Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) -
Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-
Packard - c:\Program Files\Hewlett-Packard\HP Health
Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development
Company, L.P. - C:\Program Files\Hewlett-
Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor
(IAANTMON) - Intel Corporation - C:\Program
Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT)
- Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS)
(RichVideo) - Unknown owner - C:\Program
Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc.
- C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8918 bytes
Katie
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules