InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : BHO just won't quit? |
|
Answer» nnnlmmm.dll IS GONE!!!!! I also was able to delete C:\WINDOWS\system32\ddcyxya.dll So, I guess my comp is good! I'll take a look back here to see if you guys have any more comments for me. But, again... a big "thank-you" for all the help. Especially, CBMatt Also, I had no idea that alcx monitor did that!!! I'm glad it's gone! ALRIGHT! and here's my (hopefully) clean HJT log: --------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 9:29:57 AM, on 5/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\VisualZone\VisualZone.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/ O2 - BHO: (no name) - {058FC709-D5CD-4A95-92DB-59E6488ECDA4} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file) O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [CookieJar] C:\Program Files\Cookie Jar\CookieJar.exe /qd_banned O4 - Global Startup: VisualZone.lnk = C:\Program Files\VisualZone\VisualZone.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O16 - DPF: ppctlcab - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} - O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe --------------------------------------------------------------------Alright, it's looking pretty good! Definitely a relief. The particular infection you had has actually been known to cripple a few systems. If we hadn't gotten rid of it, your computer lag might've kept getting worse. The VirtumondeBeGone log mentioned that the file was renamed to: C:\WINDOWS\system32\nnnlmmm.dll.vir Does this file still exist on your computer? If so, it should be safe to go ahead and delete it. Make sure you keep up with your regular anti-virus updates and scans. You'll also want to install the latest version of Java as soon as you can; this will help prevent future infections. And for safer browsing, I suggest downloading SiteAdvisor and Spware Blaster. How are things running now? Have you noticed an improvement?Yeah, the speed's back up, and I'm booting-up fine. I almost forgot about updating java. I used to have spywareblaster, but I got rid of it. Maybe it's time for another try. I'll also try site advisor. Thanks, -dudemanGood, glad to hear it. As long as you go through the options and enable EVERYTHING in SpywareBlaster (I'm not sure why it doesn't do it automatically), it's really handy to have. And I really feel naked if I surf WITHOUT SiteAdvisor. Even when I'm not naked... *cough* Be sure to come back if you have any other issues.also dl superantispyware like i SAID earlier and give that a go just to help clean up |
|