Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan, lots of popups, possibly vundo


  • Please log in to reply
10 replies to this topic

#1 solonvt

solonvt

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 29 March 2009 - 04:50 PM

Hi, my computer seems to have some sort of trojan or other malware, possibly vundo. Im running XP SP2. I get lots of popups for anti virus software and once one for a search engine. problem occurs when using both Google Chrome and Firefox. Computer is running slow. I got a blue screen of death when running GMER and on a separate occasion it wanted me to boot in safe mode. I also need to select end now on rundll32.exe when shutting down. I also got a message upon start up that the system has recovered from a serious error and if I wanted to send an error report or not. I pressed send and got this reply... I am also unable to close that window:

"Windows cannot find
'hxxp://oca.microsoft.com/resredir.aspx?sid=685&bucket=0x7f_8_STACKPTR_ERROR&State=1&1D=528908ef-94e3-4c0f-b724-fa6f61ab4e0e&LCID=1033&OS=5.1.2600.2.00010300.3.0'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, then click search."

here's the DDS log, any help would be greatly appreciated.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Noah at 22:00:34.78 on Sat 03/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2307 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noah\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {674d1b16-4d68-4169-a082-7a1504340343} - c:\windows\system32\sizehawi.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [Google Update] "c:\documents and settings\noah\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [nwiz] nwiz.exe /install
mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [zuhahewana] Rundll32.exe "c:\windows\system32\vumehijo.dll",s
mRun: [ec19b60e] rundll32.exe "c:\windows\system32\gowoyisa.dll",b
mRun: [CPMef2a8592] Rundll32.exe "c:\windows\system32\nobiwuna.dll",a
StartupFolder: c:\docume~1\noah\startm~1\programs\startup\gamesp~1.lnk - c:\program files\gamespot\GameSpotDownloadManager_Win32.exe
StartupFolder: c:\docume~1\noah\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\jebufijo.dll c:\windows\system32\nobiwuna.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nobiwuna.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\nobiwuna.dll
LSA: Notification Packages = scecli c:\windows\system32\jebufijo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\noah\applic~1\mozilla\firefox\profiles\okwlyfjq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\noah\application data\mozilla\firefox\profiles\okwlyfjq.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\noah\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-23 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-30 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-23 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-23 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-23 298264]
S3 cdrmkaun;cdrmkaun;c:\docume~1\noah\locals~1\temp\cdrmkaun.sys [2004-6-16 31744]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest home edition\kerneld.wnt --> c:\program files\lavalys\everest home edition\kerneld.wnt [?]

=============== Created Last 30 ================

2009-03-28 16:36 3,290,752 ---sh--- c:\windows\system32\asiyowog.ini
2009-03-27 15:07 208,744 a------- c:\windows\system32\muweb.dll
2009-03-27 15:07 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-27 15:07 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-24 12:38 <DIR> --d----- c:\docume~1\noah\applic~1\AVGTOOLBAR
2009-03-23 22:46 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-23 20:13 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-23 20:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-23 20:13 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-23 20:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-23 20:13 <DIR> --d----- c:\program files\AVG
2009-03-23 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-16 19:43 <DIR> --d----- c:\program files\iTunes
2009-03-16 19:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 19:32 <DIR> --d----- c:\program files\Bonjour
2009-03-03 19:24 <DIR> --d----- c:\docume~1\noah\applic~1\The Creative Assembly
2009-03-03 19:23 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-03 19:23 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-03 19:23 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-03 19:23 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-03 19:23 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-03 19:23 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-03 19:23 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-03 17:51 <DIR> --d----- c:\program files\Steam

==================== Find3M ====================

2009-03-28 16:36 89,088 a--sh--- c:\windows\system32\nobiwuna.dll
2009-03-28 16:36 81,408 a--sh--- c:\windows\system32\gowoyisa.dll
2009-03-28 16:36 61,440 a--sh--- c:\windows\system32\musowewo.exe
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-14 12:24 201,352 a------- c:\windows\system32\PnkBstrB.exe
2008-12-12 17:54 31 a------- c:\documents and settings\noah\jagex_runescape_preferences.dat
2008-10-22 17:57 22,328 a------- c:\docume~1\noah\applic~1\PnkBstrK.sys
2002-07-31 20:55 106 ---sh--- c:\windows\WSYS049.SYS
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\jebufijo.dll
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\sizehawi.dll
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\vumehijo.dll
2008-09-14 13:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 22:01:02.25 ===============

Attached Files


Edited by solonvt, 29 March 2009 - 06:23 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:13 PM

Posted 29 March 2009 - 07:54 PM

Hello solonvt,

Posted Image

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 solonvt

solonvt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 30 March 2009 - 02:21 PM

Thank you for your timely response! Before you responded though I decided to run Malwarebytes' anti-malware. It found 50 infected files many of which were the vundo trojan, so I deleted them. This seems to have solved the problem! However, I'm not sure its all the way gone. I have another symptom. When The computer is trying to go on stand by it gets stuck at the screen that says "preparing to standby..." and I am forced to turn off the computer by holding down the power button. I think this started when I had the problem of the pop ups. Also, I get a bubble from the task bar when I first log in telling me my windows firewall is off but when I go to change it it is always on. This didnt start untill after I used Malwarebytes.

So... I havent run combo fix yet due to my new condition but I am attaching the log from Malwarebytes and a new Hijackthis log I just recorded.

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:13 PM

Posted 30 March 2009 - 05:21 PM

Hello,

You're welcome. :thumbup2:

I would have had you run MBAM anyway.....just not this soon. I see a lot of files listed to delete on reboot, so I suspect some of those, and possibly some that didn't show there, are causing the problems.

Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 solonvt

solonvt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 30 March 2009 - 08:59 PM

Alright, I have attached the combo fix log and Hijackthis log.

Attached Files



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:13 PM

Posted 30 March 2009 - 09:30 PM

Hello,

Both of those look pretty good. :thumbup2:

How is it running now please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 solonvt

solonvt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 31 March 2009 - 04:10 PM

well it actually still wont go on stand by. When it is on the "preparing to stand by..." screen I can still see and move the mouse cursor, I don't remember if this is normal though. Do you think this is caused by a trojan or did I delete some necessary file while trying to get rid of it?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:13 PM

Posted 31 March 2009 - 04:24 PM

Hi,

Let's have a funny little test : unplug your mouse and see if the computer will go into standby on its own then. :thumbup2:

Let me know.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 solonvt

solonvt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 01 April 2009 - 04:30 PM

Unfortunately that didn't help. However a new thing is happening. When I turn the computer on, for a split second a black and white screen flashes asking me weather I want to boot up with Windows XP or microsoft windows recovery console. There is more text but it flashes too fast for me to read it. whats with this?

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:13 PM

Posted 01 April 2009 - 04:36 PM

That's normal now because you installed the Recovery Console. :thumbup2:

I'm kind of at a loss for the standby problem. I'll see what I can find and post back here for you. How is it running otherwise? :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 solonvt

solonvt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 01 April 2009 - 06:21 PM

otherwise I think its good :thumbup2:. If the stand by problem is unrelated to any sort of Trojan or virus than I think I can deal with it. But how does this recovery console thing work, do I do something with it if I have a problem in the future?

update: something weird just happened. As I was browsing the internet pages stopped loading and then a minute later I got a window telling me avgnsx.exe encountered a problem and had to close. is this bad? is it related to my AVG anti virus?

Edited by solonvt, 01 April 2009 - 08:27 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users