im going restart and update with my hijackthis log here is my hijack this log and scan log thanks again is it fine to turn my system restore back one? As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Login now. Type : IECache Entry Data : [email protected].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:[email protected]/ Expires : 7-18-2008 1:22:46 PM LastSync : Hits:5 UseCount : http://softsystechnologies.com/hijackthis-log/hijackthis-log-please-diagnose-vundo-was-a-problem.html
Back to top #10 GACGustie GACGustie Member Full Member 6 posts Posted 05 July 2007 - 05:37 PM Everything seems to be running smoothly. OriginalFilename : PRISMsvr.exe Comments : Conexant Systems, Inc. (www.conexant.com) #:20 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 672 ThreadCreationTime : 7-20-2007 12:28:42 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) Jan 6, 2009 #22 kimsland Ex-TechSpotter Posts: 14,524 Oh I've just been emphasizing on Malware removal Try this: http://www.techspot.com/vb/post662504-2.html And let me know the outcome Jan 6, 2009 #23 gubhenheim I thought the Virus was gone when I used Hijackthis as well as many other anti-spyware programs(superantispy, malware, adaware, spybot) to get rid of it a few weeks ago.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! I'm pretty sure this is related to the virus. Click Start, and then follow the instructions. Back to top #9 miekiemoes miekiemoes Malware Killer Dog Malware Response Team 19,420 posts OFFLINE Gender:Female Location:Belgium Local time:12:04 AM Posted 09 June 2008 - 07:31 AM Since this issue
Several functions may not work. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1136 ThreadCreationTime : 7-20-2007 12:28:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating Please do not run any of these yet!1) Download and install CleanUp!2) Please download VundoFix by Atribune from here:http://www.atribune..../click.php?id=4 and place it on your desktop.3) Please download ComboFix from Here or Once you select where you would like to save the file it will open in your systems default text editor.
Jan 2, 2009 #14 BlkHeartWolf TS Rookie Posts: 151 NO Right Click on MyComputer icon and go to properties Turn Off system restore open IE and go to TOOLS OPTIONS delete Attach the report Jan 6, 2009 #17 gubhenheim TS Rookie Topic Starter Posts: 23 SCANS FOR VUNDO w/REPORTS Here are my scans and vundo program reports Jan 6, 2009 FileDescription : Corel Photo Album 6 Application InternalName : Corel Photo Album 6 LegalCopyright : Copyright © 1995-2005 OriginalFilename : MediaDetect.exe #:28 [apdproxy.exe] FilePath : C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\ ProcessID When turning off System Restore, the existing Restore Points will be deleted.
This is w Skip to main content Norton.com Norton Community Home Forums Blogs Search HelpWelcome Message FAQs Search Tips Participation Guidelines Terms and Conditions MenuUserLog in Sign up English简体中文 Français Deutsch Click here to Register a free account now! Any other advice that might help prevent another infection like this? Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?
If an update is found, it will download and install the latest version. navigate here No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and Trojan Vundo Problem Started by DarthNole , Jul 23 2007 09:42 PM This topic is locked 8 replies to this topic #1 DarthNole DarthNole Member Members 20 posts Posted 23 July OriginalFilename : realsched.exe #:40 [outlook.exe] FilePath : C:\PROGRA~1\MICROS~2\OFFICE11\ ProcessID : 2200 ThreadCreationTime : 7-23-2007 1:01:43 PM BasePriority : Normal #:41 [winword.exe] FilePath : C:\Program Files\Microsoft Office\OFFICE11\ ProcessID : 2268 ThreadCreationTime :
FileDescription : PcScnSrv InternalName : PcScnSrv.exe LegalCopyright : Copyright © 1995-2006 Trend Micro Incorporated. Preview post Submit post Cancel post You are reporting the following post: VUNDO problem This post has been flagged and will be reviewed by our staff. Mieke. Check This Out It works by changing settings in your registry.
Windows is a trademark of Microsoft Corporation OriginalFilename : SQLMANGR.exe Comments : NT INTEL X86 #:34 [wzqkpick.exe] FilePath : C:\Program Files\WinZip\ ProcessID : 2516 ThreadCreationTime : 7-20-2007 12:30:00 AM BasePriority : Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started and just checked, malwarebytes says i have the latest database version sooo....
So right now im gonna reboot in safe mode and be offline running hijack this after deleting the folder thanks UPDATE- ok, will this resolve my problems? No, create an account now. Register now! this contact form Several functions may not work.
All rights reserved. FileDescription : PRISM Server Service Module InternalName : Conexant LegalCopyright : Copyright © 2004, Conexant Systems, Inc. Click Yes to do this.Please give a moment as it will delete the old System Restore Points.6. Location: : S-1-5-21-2985724562-2117968275-607952517-1006\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Click the System Restore tab.4. You may also... OriginalFilename : PCCGuide #:30 [jusched.exe] FilePath : C:\Program Files\Java\jre1.6.0_02\bin\ ProcessID : 2180 ThreadCreationTime : 7-20-2007 12:29:28 AM BasePriority : Normal #:31 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2208 ThreadCreationTime : 7-20-2007
Here are some tips for the future.THESE STEPS ARE VERY IMPORTANTLet's reset system restoreReset and Re-enable your System Restore to remove infected files that have been backed up by Windows. scanning hidden autostart entries ...scanning hidden files ... OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 872 ThreadCreationTime : 7-20-2007 12:28:37 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating Is this another topic?