Tuesday, July 14, 2009

Please read details involves NT_Kernel?

Ive got the NT_Kernel and I use Vundo to try and remove and it continually comes back, with the Windows Update and Help and Support Icons on my desktop....Please help need my PC for doing huge project this weekend don't want to reinstall windows xp...here is my hijackthis log:





Logfile of HijackThis v1.99.1


Scan saved at 7:25:24 AM, on 2/14/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)





Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\ZCfgSvc.exe


C:\WINDOWS\Explorer.EXE


C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe


C:\PROGRA~1\McAfee.com\Agent\mcagent.e...


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Program Files\McAfee\MSC\mcuimgr.exe


C:\Program Files\Hijackthis\HijackThis.exe





R1 - HKCU\Software\Microsoft\Windows\CurrentV... Settings,ProxyOverride = *.local


O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll


O3 - Toolbar: (no name) - {3F756BC4-26CB-497E-9409-8F09C1850C80} - (no file)


O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe


O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe


O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe


O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe


O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86...


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"


O4 - HKLM\..\Run: [f821ce83] rundll32.exe "C:\WINDOWS\system32\pqveqhdr.dll",b


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"


O8 - Extra context menu item: E%26amp;xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCE...


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.d...


O9 - Extra 'Tools' menuitem: S%26amp;end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.d...


O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll


O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll


O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D...


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


O17 - HKLM\System\CCS\Services\Tcpip\..\{1A735... Domain = hsd1.pa.comcast.net.


O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll


O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll


O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll


O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\M...


O21 - SSODL: WinMain - {C231CF11-134F-3552-44AC-E685D962C63C} - C:\WINDOWS\system32\adduser32.dll


O23 - Service: McAfee Application Installer Cleanup (0239191195691706) (0239191195691706mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023919~1.EXE (file missing)


O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe


O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\empr...


O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe


O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)


O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe


O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe


O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe


O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe


O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe


O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe


O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe


O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe


O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe


O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe


O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows


O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\oracle\product\10.2.0\db_1\bin\nmesrv... (file missing)


O23 - Service: OracleOraDb10g_home1iSQL*Plus - Unknown owner - C:\oracle\product\10.2.0\db_1\bin\isqlpl... (file missing)


O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSN... (file missing)


O23 - Service: OracleServiceORCL - Unknown owner - c:\oracle\product\10.2.0\db_1\bin\ORACLE... (file missing)


O23 - Service: RDM+ Local Service (RDMPLocalService) - SHAPE Services GmbH - C:\Program Files\RDM+\rdmpserv.exe


O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe


O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe


O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

Please read details involves NT_Kernel?
I looked over this log and it appears to be a pretty much standard and nothing suspicious. Though I would tell you if you are going to run Java at least download script block for your Firefox browser. That and McAffe anti virus SUCKS. Try Avast Anti-virus. It's free and does a MUCH better job at blocking, detecting viruses and spyware.





You aren't EVER going to remove NT_Kernel. It's the core of Windows XP. The Kernel contains all the vital instructions and programming that allows your computer to be something more than an expensive paperweight. Windows will NOT allow you to delete it short of formatting the HDD. You can however change your windows update options from the control panel to not update or notify you when updates are available but not download them and auto install.


No comments:

Post a Comment