Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer not starting when Windows loads & alot of trojans that have appeared in the last 24 hours


  • This topic is locked This topic is locked
3 replies to this topic

#1 Josh B

Josh B

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 March 2009 - 07:01 PM

Hi guys! Yesterday I was having a hard time burning a dvd. The dvd process would go through and say it was successful, but when the dvd was ejected it was still empty. The burner didnt write the data for some reason, and it wasn't telling me it was failing either. So I started uninstalling the dvdshrink and dvdfab and nero programs, and re-downloading them to reinstall. I did this and my computer started getting slow and wacky. I would go to shutdown and restart and the windows would load as usual until it got to my desktop, explorer will not load up. I have to load explorer through the task manager. Not only that but my AVG resident sheild has been constantly popping up over and over again with infected files, hundreds of them in the win32 and system32 areas. I cannot heal or vault these for some reason. I ran a malware program that removed some, and I can sit through AVG scanning for 2 hours and it comes up with 900+ infections and can only heal or remove 90% of these. I am at a loss for what to do, I just wanted to burn my dvd's!! and all Hell breaks loose on my laptop, help!! Thank you!!



DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 19:48:30.60 on Thu 03/26/2009
Internet Explorer: 6.0.2900.5512
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6436
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6436
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\deviceemulator.exe,c:\windows\system32\actcontroller.exe,c:\windows\system32\i386kd.exe,c:\windows\system32\actcontroller.exe,
mWinlogon: SFCDisable=4 (0x4)
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {b610cb3e-b7fe-4a67-aec9-e8d30aa1c8d6} - c:\windows\system32\vturq.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [Power2GoExpress] NA
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - hxxp://www.phoenix.aleks.com/aleks/j2re/install_j2re.cab?cache
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} - hxxp://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://mycampus.phoenix.edu/secure/PhxStudent15.CAB
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
STS: bestreak - No File

================= FIREFOX ===================

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qwfefwdv.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qwfefwdv.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-26 19:32 51,678 a------- c:\windows\services.exe
2009-03-26 19:32 31,744 a------- c:\windows\system32\6.tmp
2009-03-26 19:32 71,680 a------- c:\windows\system32\4.tmp
2009-03-26 19:32 124 a------- c:\windows\system32\3.tmp
2009-03-26 12:19 <DIR> --d----- c:\documents and settings\owner\application data\Malwarebytes
2009-03-26 12:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-26 12:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 12:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-26 03:23 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-26 03:22 0 a------- c:\windows\system32\214.tmp
2009-03-26 03:21 8,467 a------- c:\windows\system32\wf.exe
2009-03-26 03:20 71,680 a------- c:\windows\system32\20F.tmp
2009-03-26 03:20 28,672 a------- c:\windows\system32\20E.tmp
2009-03-26 03:20 124 a------- c:\windows\system32\20B.tmp
2009-03-26 01:14 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-26 01:14 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-26 01:14 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-26 01:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-26 01:13 <DIR> --d----- c:\program files\AVG
2009-03-25 23:51 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-25 23:51 208,744 a------- c:\windows\system32\muweb.dll
2009-03-25 23:51 144,896 -c------ c:\windows\system32\dllcache\schannel.dll
2009-03-20 11:42 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-19 22:06 27,496 a------- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2009-03-26 03:24 87,608 a------- c:\documents and settings\owner\application data\inst.exe
2009-03-26 03:24 47,360 a------- c:\documents and settings\owner\application data\pcouffin.sys
2009-03-26 03:11 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2006-11-12 23:40 1,102 a------- c:\documents and settings\owner\application data\wklnhst.dat
2006-06-06 10:50 10,920 a------- C:\aolconnfix.exe

============= FINISH: 19:49:45.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Josh B

Josh B
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 31 March 2009 - 01:35 PM

bump?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:25 PM

Posted 04 April 2009 - 06:00 AM

Hello Josh B,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:25 PM

Posted 14 April 2009 - 02:36 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users