Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maybe I'm still infected with Vundo?


  • This topic is locked This topic is locked
3 replies to this topic

#1 PissedOffPCUser

PissedOffPCUser

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 February 2009 - 12:18 AM

Hello everyone,

First off, thanks again to the members of this forum for selflessly taking your own time to help out people with problems like myself. You guys ROCK! I'm posting here to make sure I'm no longer infected with the Vundo virus... In the past day or two, my computer has slowed considerably again. Also, now everyone once and a while a link I click from google will re-direct me to a completely unrelated ad website. I have run an AVG scan as well as a Spybot scan, with no luck.

Here is my log from the DDS.scr file. I will attach the "Attach.txt" file to this post:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Julian at 21:15:35.34 on 2009-02-03
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1451 [GMT -8:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Julian\Desktop\Spyware Files\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
StartupFolder: c:\docume~1\julian\startm~1\programs\startup\dropbox.lnk - c:\program files\dropbox\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\julian\applic~1\mozilla\firefox\profiles\ljhjkcj0.default\
FF - component: c:\documents and settings\julian\application data\mozilla\firefox\profiles\ljhjkcj0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\julian\application data\mozilla\firefox\profiles\ljhjkcj0.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {2DA59B88-B14E-4487-8B85-2E83E5B49DCF} - c:\documents and settings\julian\local settings\application data\{2DA59B88-B14E-4487-8B85-2E83E5B49DCF}
FF - HiddenExtension: XUL Cache: {334D02E0-E151-44AF-B434-F06C1CAAE076} - c:\windows\system32\config\systemprofile\local settings\application data\{334d02e0-e151-44af-b434-f06c1caae076}\

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-3-6 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-3-6 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-6 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-3-6 107272]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-9-26 21920]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-7 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-7 298264]
R4 Cepstral License Server;Cepstral License Server;c:\program files\cepstral\bin\CepstralLicSrv.exe [2007-3-15 57344]
R4 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-6-8 11776]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2008-6-16 141056]
S3 w828drvr;w828drvr;c:\windows\system32\drivers\w828drvr.sys [2007-9-11 96892]
S3 Wave828;Wave Driver for MOTU 828;c:\windows\system32\drivers\wave828.sys [2007-9-11 41096]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-5-31 2560]
S4 oriieke2e149e9;oriieke2e149e9;\??\c:\windows\system32\oriieke2e149e9.sys --> c:\windows\system32\oriieke2e149e9.sys [?]
S4 oriieke560329;oriieke560329;\??\c:\windows\system32\oriieke560329.sys --> c:\windows\system32\oriieke560329.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-2 24652]

=============== Created Last 30 ================

2009-02-02 19:18 <DIR> --d----- c:\program files\Riva
2009-01-28 18:25 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-01-28 18:25 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-01-28 18:25 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-01-28 18:25 44,544 a----r-- c:\windows\system32\MSXML4a.dll
2009-01-28 18:25 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-01-28 18:24 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-01-28 18:24 51,056 a----r-- c:\windows\system32\drivers\hpzid412.sys
2009-01-28 18:24 21,488 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-01-28 18:24 <DIR> --d----- c:\program files\common files\HP
2009-01-28 18:22 43,488 a------- c:\windows\system32\drivers\AFS2K.SYS
2009-01-28 18:21 <DIR> --d----- c:\windows\system32\URTTEMP
2009-01-28 18:17 <DIR> --d----- c:\program files\HP
2009-01-28 18:12 28,947 a------- c:\windows\hpoins03.dat
2009-01-28 18:12 34,468 -------- c:\windows\hpomdl03.dat
2009-01-28 18:10 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-01-28 18:10 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-28 14:09 <DIR> --d----- c:\program files\Advanced System Optimizer
2009-01-20 17:05 93 a------- c:\windows\BBW_INFO.INI
2009-01-20 17:05 <DIR> --d----- c:\docume~1\julian\applic~1\Plogue
2009-01-20 17:03 <DIR> --d----- c:\windows\Time Stopper
2009-01-20 17:03 <DIR> --d----- c:\program files\Time Stopper
2009-01-20 16:37 <DIR> --d----- c:\program files\Songsmith
2009-01-18 15:52 <DIR> --d----- c:\program files\Photosynth
2009-01-17 16:06 <DIR> --d----- c:\docume~1\julian\applic~1\Dropbox
2009-01-17 16:06 <DIR> --d----- c:\program files\Dropbox
2009-01-13 15:14 <DIR> --d----- c:\program files\Crayon Physics Deluxe
2009-01-13 13:33 <DIR> --d----- c:\docume~1\julian\applic~1\Crayon Physics Deluxe
2009-01-09 21:38 <DIR> --d----- c:\documents and settings\julian\DoctorWeb
2009-01-08 00:54 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-08 00:43 3,038 a------- c:\windows\system32\tmp.reg
2009-01-08 00:07 <DIR> --d----- c:\windows\ERUNT
2009-01-07 23:58 <DIR> --d----- C:\SDFix
2009-01-07 23:37 <DIR> --d----- C:\ComboFix
2009-01-07 23:37 388,608 a------- c:\windows\system32\CF11752.exe
2009-01-07 23:36 <DIR> --d----- C:\cmdcons
2009-01-07 23:33 161,792 a------- c:\windows\SWREG.exe
2009-01-07 23:33 98,816 a------- c:\windows\sed.exe
2009-01-07 23:20 <DIR> --d----- c:\docume~1\julian\applic~1\Malwarebytes
2009-01-07 23:20 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-07 23:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 23:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 23:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-06 20:58 93 a------- c:\windows\wininit.ini
2009-01-06 19:52 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-01-28 20:08 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-15 08:04 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-07 23:31 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-07 23:31 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-07 23:31 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-07 00:49 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-07 00:49 202,000 a------- c:\windows\system32\PnkBstrB.exe
2008-12-30 21:00 22,328 a------- c:\docume~1\julian\applic~1\PnkBstrK.sys
2008-12-30 21:00 682,280 a------- c:\windows\system32\pbsvc.exe
2008-11-21 13:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 13:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-04-27 21:30 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-01-03 02:09 6,844 ac------ c:\program files\mbsuite20.log
2007-12-24 00:59 47,360 a------- c:\docume~1\julian\applic~1\pcouffin.sys
2003-05-30 09:22 344,064 a----r-- c:\program files\msvcr70.dll
2002-01-05 03:40 487,424 a------- c:\program files\msvcp70.dll
2008-06-30 15:57 1,457 a--sh--- c:\windows\system32\mmf.sys

============= FINISH: 21:16:11.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 PissedOffPCUser

PissedOffPCUser
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 February 2009 - 05:06 PM

I know bumps are discouraged, but this got dropped to the 4th page.

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:22 AM

Posted 05 February 2009 - 09:26 AM

Hello,

Leaving your Helper hanging like you did last time is discouraged as well. :thumbup2: You already have a thread here : http://www.bleepingcomputer.com/forums/t/193326/help-im-under-a-deadline-popups-problem/ that you never answered. Lots of good advice given you there.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:22 AM

Posted 15 February 2009 - 10:26 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users