Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

vturo problem


  • Please log in to reply

#1
ziele9333

ziele9333

    New Member

  • Member
  • Pip
  • 4 posts
having problem please help..here is the log file..thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:13 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spybot\SpybotSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vturo.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-682003330-1659004503-2147005927-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3411 bytes
  • 0

Advertisements


#2
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear ziele9333, :)

Welcome to the Geeks to Go forums.

We are currently studying your log. :)
  • 0

#3
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear ziele9333, :)

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop.
******************************

See the following link as a reference: http://www.atribune....tent/view/24/1/

VundoFix.exe is a removal tool developed to remove Virtumonde infections. To use the tool follow the instrctions below.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#4
ziele9333

ziele9333

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
first let me tell you the situation...when i load windows it takes forever and i have no icons on desktop,everything disappears...the only way i can open certain programs is with the task manager...hijack can be opened...but when i try to load VundoFix i get this message..Run-time error'--2147023174 (800706ba)' System Error &H800706BA (-2147023174) The RPC server is unavailable..there are other files that im pretty sure are associated with vturo.exe like vturo.dll/orutv.ini/orutv.ini2 and there might be others..but i can't run VundoFix..
  • 0

#5
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear ziele9333, :)

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop.
******************************

Dear ziele9333, try this: press CTRL+ALT+DEL to fire up the task manager. Now on the File menu, select New Task (Run...). Type in "explorer" (without the quotes) and press OK. That should restart explorer and re-display your taskbar.

See the following link as a reference: http://ask-leo.com/m...at_do_i_do.html

*************************

Please restart your computer.

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

F3 - REG:win.ini: load=C:\WINDOWS\system32\vturo.exe

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Next, make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Delete the following file/files marked in blue (if they exist):

C:\WINDOWS\system32\vturo.exe

Delete the following folder/folders marked in blue (if they exist):

Finally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3

are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#6
ziele9333

ziele9333

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
same results...no change

Logfile of HijackThis v1.99.1
Scan saved at 3:41:27 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\WINDOWS\SOUNDMAN .EXE
C:\hijack\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vturo.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#7
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear ziele9333, :)

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop.
******************************

At this point, I would like to see if your computer is set up to start in "normal" startup or "selective" startup. I would like you to put your computer into "normal" startup, if it is not selected already, so as to better analyze your HijackThis log. You can change it back to selective startup later, once your computer system is spyware free.

If you are running your computer in "Selective startup", go to start -> run -> type "msconfig" (without the quotes), the System Configuration Utility dialog box should pop up, go to the "General tab" and select "normal startup" and then press the "OK" button and let it restart your computer.

Please restart your computer and then post a new HijackThis log. :)
  • 0

#8
ziele9333

ziele9333

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
im already in normal startup mode
  • 0

#9
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear ziele9333, :)

We came across the following links:

http://www.bleepingc...opic121944.html
http://www.geekstogo...em-t180642.html
http://forums.techgu...-need-help.html
http://forums.spybot...ead.php?t=21599


Do these posts look familiar?

How do you want me to proceed?

If you want me to continue with this thread in the geekstogo forum please post a note in the other threads that he will continue directions from this forum. Otherwise A LOT of helpers would be wasting their time with you.

rambro
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP