Malware That I cant Get Rid Of HELP
01-04-2008, 21:41
|
#1
|
|
cf.member
Join Date: Mar 2008
Posts: 1
|
Malware That I cant Get Rid Of HELP
Hi Please Help I know where it is and what its called but cant get rid of it Its in system 32 folder and its called ljjijkj.dll spybot picks it up but cant delete it and i found it using hijack this and that wont fix checked what do I do.....???? It keeps bringing up random sites on iexplorer.
Many Thanks
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:07, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22342B44-5B98-4B30-9D53-C182AD8DF217} - C:\WINDOWS\system32\ljjijkj.dllO2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {4E1EF903-6327-4EF4-B663-3299D0CABE64} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AE3D95CA-F750-4475-B0CC-4ED85E8CB745} - C:\WINDOWS\system32\wvuro.dll (file missing)
O2 - BHO: (no name) - {D267B2DA-8637-40E9-8F43-4268EEE09DCA} - C:\WINDOWS\system32\rqool.dll (file missing)
O2 - BHO: (no name) - {d68f85f5-21db-4596-a7db-27d65da6b268} - (no file)
O2 - BHO: (no name) - {E90E8BCD-3E2F-4B70-BB9B-F4AF5AB0DD48} - (no file)
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [2c231256] rundll32.exe "C:\WINDOWS\system32\ompchqfg.dll",b
O4 - HKLM\..\Run: [BM2f1021ca] Rundll32.exe "C:\WINDOWS\system32\fscgvpfn.dll",s
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1633] command /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3224] cmd /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3174] command /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4291] cmd /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1478] command /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC339] cmd /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5766] command /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6443] cmd /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1553] command /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1031] cmd /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8536] command /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD985] cmd /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-746137067-1060284298-854245398-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User 'Fran')
O4 - HKUS\S-1-5-21-746137067-1060284298-854245398-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Fran')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9x NetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9x NetworkPrinters (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126195214693
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138611990524
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37710.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/557.../java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
O20 - Winlogon Notify: ljjijkj - C:\WINDOWS\SYSTEM32\ljjijkj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfService.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11804 bytes
|
|
|
|
01-04-2008, 21:50
|
#2
|
|
cf.mega poster
Join Date: Apr 2004
Location: Minas Tirith, Gondor
Age: 43
Posts: 2,548
|
Re: Malware That I cant Get Rid Of HELP
First thing would be to run HJT in safe mode (hit F8 during windows restart).
If that also fails to get rid of it look at the page on ComboFix and run that.
BTW, do you know you have two firewalls (McAfee & PCGuard)? |
|
|
|
01-04-2008, 22:03
|
#3
|
|
Cable Forum Team
Join Date: Feb 2005
Location: midlands
Age: 38
Services: Mummy that man was nasty to me!!!
Posts: 17,317
|
Re: Malware That I cant Get Rid Of HELP
hirens boot disc anyone lol this is a live cd that should lalow you to delete the files white running outside of windows
Run a search for the file name in regedit and delete any keys pertaining to it (back up reg first) also check start up in msconfig ,this should stop i running from boot and should in theory allow you to delete it from inside windows
|
|
|
|
|
02-04-2008, 00:37
|
#4
|
|
 
Join Date: Nov 2003
Location: Leeds - the dog house
Age: 31
Services: Email me for a current price list
Posts: 8,132
|
Re: Malware That I cant Get Rid Of HELP
I use this:
http://technet.microsoft.com/en-us/s.../bb896653.aspx
to work out what is using the DLL. Run it and click on "Find" at the top - type in the DLL name. With luck, it may be a process (or two) you can kill, allowing you to delete the DLL. Failing that, you may be able to delete the file on boot using this:
http://technet.microsoft.com/en-us/s.../bb897556.aspx
I tried it once but didn't have a lot of luck - that may have been because I was working on a Windows 2000 PC (heavily wrecked - mucho spyware. Now sorted).
__________________
Consistency is the last refuge of the unimaginative [Wilde]
|
|
|
|
|
07-04-2008, 15:01
|
#5
|
|
cf.addict
Join Date: Jul 2006
Location: Cardiff
Age: 57
Services: V + Virgin XL. Phone Broadband. freeview
Posts: 289
|
Re: Malware That I cant Get Rid Of HELP
Quote:
Originally Posted by Aragorn
BTW, do you know you have two firewalls (McAfee & PCGuard)? |
Is this a real problem or just over kill? I ask because I really dont know the answer, I am not trying to be funny |
|
|
|
|
07-04-2008, 15:13
|
#6
|
|
cf.mega poster
Join Date: Apr 2004
Location: Minas Tirith, Gondor
Age: 43
Posts: 2,548
|
Re: Malware That I cant Get Rid Of HELP
I would call it more an overhead than a problem. Basically any incoming or outgoing traffic will have to pass through two sets of rules, hence slowing down all network traffic. If the PC has a lot of headroom it shouldn't make too much difference but might be noticeable with a slower system.
|
|
|
|
|
07-04-2008, 15:31
|
#7
|
|
Cable Forum Team
Join Date: Jul 2003
Location: Poole, Dorset
Age: 23
Services: Sky+
V-Box
VM 10MBit
Posts: 9,323
|
Re: Malware That I cant Get Rid Of HELP
Definite Overkill however  |
|
|
|
|
07-04-2008, 16:03
|
#8
|
|
cf.addict
Join Date: Jul 2006
Location: Cardiff
Age: 57
Services: V + Virgin XL. Phone Broadband. freeview
Posts: 289
|
Re: Malware That I cant Get Rid Of HELP
Quote:
Originally Posted by Aragorn
I would call it more an overhead than a problem. Basically any incoming or outgoing traffic will have to pass through two sets of rules, hence slowing down all network traffic. If the PC has a lot of headroom it shouldn't make too much difference but might be noticeable with a slower system.
|
So I guess a Compaq with this
Intel Dual Core E2140 Processor (1.6GHz, 800MHz FSB 1MB Cache) 2GB Memory 360GB Hard Drive . will not present (to me ) any noticable difference. do bit of googling ,shopping & looking at sites like this.
McAfee is a one year deal, AVG as I say fails a lot ( since having Vista) & to be honest If all else fails I can always fall back on to PC guard as a temp.  Seen post above Can I remove PC guard( OK I Know I Can) but if needs be pull it back again ( Lord knows why I would need too- guess I worry to much. Always have two belts on + bracers & some string in my pocket!!! ) SEE PC guard on this forum- that worrys me! as I say (AVG dont seem to be happy, the reason I put McAfree on , PC guard was just there with BB)
Last edited by Itshim; 07-04-2008 at 16:11.
Reason: Seen posting above
|
|
|
|
|
02-05-2008, 23:18
|
#9
|
|
Duh !
Join Date: Jun 2003
Location: S Manchester
Age: 59
Posts: 1,678
|
Re: Malware That I cant Get Rid Of HELP
Quote:
Originally Posted by Aragorn
I would call it more an overhead than a problem. Basically any incoming or outgoing traffic will have to pass through two sets of rules, hence slowing down all network traffic. If the PC has a lot of headroom it shouldn't make too much difference but might be noticeable with a slower system.
|
I would suggest it is a definite hazard  and quite pointless). I actually haven't used any firewall for two years as I use a NAT router and XP firewall.
__________________
Tone
Think outside the Fox
|
|
|
|
|
05-05-2008, 13:54
|
#10
|
|
Ev1L Is As Ev1L DoEs
Join Date: May 2008
Location: Hagley, Birmingham
Age: 40
Services: Virgin Plus XL
Broadband L
I Miss My Sky + And Bt Business Broadband.
Posts: 49
|
Re: Malware That I cant Get Rid Of HELP
Hi djkipper
Find the file
Rename it to anything u like .dll
Reboot and then delete it. It is probably a mirc windows kit.
Prog wont run but it may bring up a warning on your screen which will tell you where it is hiding in the memory. If that's the case, find the .exe and change that as well and then reboot and delete.
Neil
|
|
|
|
|
05-05-2008, 16:00
|
#11
|
|
PHIL O'DONNELL R.I.P
Join Date: Jun 2007
Location: WISHAW
Age: 46
Services: VIP PACKAGE, FREEVIEW
Posts: 144
|
Re: Malware That I cant Get Rid Of HELP
Quote:
Originally Posted by djkipper
Hi Please Help I know where it is and what its called but cant get rid of it Its in system 32 folder and its called ljjijkj.dll spybot picks it up but cant delete it and i found it using hijack this and that wont fix checked what do I do.....???? It keeps bringing up random sites on iexplorer.
Many Thanks
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:07, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22342B44-5B98-4B30-9D53-C182AD8DF217} - C:\WINDOWS\system32\ljjijkj.dllO2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {4E1EF903-6327-4EF4-B663-3299D0CABE64} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AE3D95CA-F750-4475-B0CC-4ED85E8CB745} - C:\WINDOWS\system32\wvuro.dll (file missing)
O2 - BHO: (no name) - {D267B2DA-8637-40E9-8F43-4268EEE09DCA} - C:\WINDOWS\system32\rqool.dll (file missing)
O2 - BHO: (no name) - {d68f85f5-21db-4596-a7db-27d65da6b268} - (no file)
O2 - BHO: (no name) - {E90E8BCD-3E2F-4B70-BB9B-F4AF5AB0DD48} - (no file)
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [2c231256] rundll32.exe "C:\WINDOWS\system32\ompchqfg.dll",b
O4 - HKLM\..\Run: [BM2f1021ca] Rundll32.exe "C:\WINDOWS\system32\fscgvpfn.dll",s
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1633] command /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3224] cmd /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3174] command /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4291] cmd /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1478] command /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC339] cmd /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5766] command /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6443] cmd /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1553] command /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1031] cmd /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8536] command /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD985] cmd /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-746137067-1060284298-854245398-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User 'Fran')
O4 - HKUS\S-1-5-21-746137067-1060284298-854245398-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Fran')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9x NetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9x NetworkPrinters (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126195214693
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138611990524
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37710.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/557.../java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
O20 - Winlogon Notify: ljjijkj - C:\WINDOWS\SYSTEM32\ljjijkj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfService.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11804 bytes
|
download malwarebytes anti malware , found five lurking away im my sys32 and its free
__________________
MOTHERWELL FC FOREVER
|
|
|
|
|
05-05-2008, 16:35
|
#12
|
|
cf.addict
Join Date: Nov 2007
Location: stafford
Age: 70
Services: virgin 4Mbs ,now upgraded to 10Mbps
Posts: 204
|
Re: Malware That I cant Get Rid Of HELP
Quote:
Originally Posted by Itshim
So I guess a Compaq with this
Intel Dual Core E2140 Processor (1.6GHz, 800MHz FSB 1MB Cache) 2GB Memory 360GB Hard Drive . will not present (to me ) any noticable difference. do bit of googling ,shopping & looking at sites like this.
McAfee is a one year deal, AVG as I say fails a lot ( since having Vista) & to be honest If all else fails I can always fall back on to PC guard as a temp. Seen post above Can I remove PC guard( OK I Know I Can) but if needs be pull it back again ( Lord knows why I would need too- guess I worry to much. Always have two belts on + bracers & some string in my pocket!!! ) SEE PC guard on this forum- that worrys me! as I say (AVG dont seem to be happy, the reason I put McAfree on , PC guard was just there with BB) |
If you read the advice on any antivirus site you will see that they advise against having more than one ACTIVE antivirus program, antispyware program ,or firewall.One of each is fine. more is not only unnecessary, it's positively dangerous.If you want to run others as a check, then deactivate the ones you have installed. You will find the same advice on every help forum and in all computer magazines.
Of course if you prefer to disbelieve the experts, that's your privilege.Personally I'm inclined to believe they know what they are talking about.
---------- Post added at 16:35 ---------- Previous post was at 16:19 ----------
Quote:
Originally Posted by djkipper
Hi Please Help I know where it is and what its called but cant get rid of it Its in system 32 folder and its called ljjijkj.dll spybot picks it up but cant delete it and i found it using hijack this and that wont fix checked what do I do.....???? It keeps bringing up random sites on iexplorer.
Many Thanks
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:07, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22342B44-5B98-4B30-9D53-C182AD8DF217} - C:\WINDOWS\system32\ljjijkj.dllO2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {4E1EF903-6327-4EF4-B663-3299D0CABE64} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AE3D95CA-F750-4475-B0CC-4ED85E8CB745} - C:\WINDOWS\system32\wvuro.dll (file missing)
O2 - BHO: (no name) - {D267B2DA-8637-40E9-8F43-4268EEE09DCA} - C:\WINDOWS\system32\rqool.dll (file missing)
O2 - BHO: (no name) - {d68f85f5-21db-4596-a7db-27d65da6b268} - (no file)
O2 - BHO: (no name) - {E90E8BCD-3E2F-4B70-BB9B-F4AF5AB0DD48} - (no file)
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [2c231256] rundll32.exe "C:\WINDOWS\system32\ompchqfg.dll",b
O4 - HKLM\..\Run: [BM2f1021ca] Rundll32.exe "C:\WINDOWS\system32\fscgvpfn.dll",s
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1633] command /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3224] cmd /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3174] command /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4291] cmd /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1478] command /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC339] cmd /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5766] command /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6443] cmd /c del "C:\WINDOWS\SYSTEM32\wvuro.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1553] command /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1031] cmd /c del "C:\WINDOWS\SYSTEM32\ompchqfg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8536] command /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD985] cmd /c del "C:\WINDOWS\SYSTEM32\wspntrmp.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-746137067-1060284298-854245398-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User 'Fran')
O4 - HKUS\S-1-5-21-746137067-1060284298-854245398-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Fran')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9x NetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9x NetworkPrinters (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126195214693
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138611990524
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37710.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/557.../java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
O20 - Winlogon Notify: ljjijkj - C:\WINDOWS\SYSTEM32\ljjijkj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfService.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11804 bytes
|
go start, run .Type in services.msc. look for it on the list, set to disabled or inactive. You should then be able to delete it. It's come as part of a game you've downloaded. When my grandkids managed to get it on my computer, the steps I've given let me delete it using hijack this. |
|
|
|
|
05-05-2008, 16:53
|
#13
|
|
cf.addict
Join Date: Dec 2005
Posts: 296
|
Re: Malware That I cant Get Rid Of HELP
http://www.download.com/Unlocker/300...-10493998.html
Install. Right click the file, it will show you what process is stopping the Anti Virus deleting it. It will unlock it and let you delete it.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 11:20.
|
Join CF
You are here: 
