Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Infection?


  • This topic is locked This topic is locked
2 replies to this topic

#1 piouy

piouy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 03 May 2009 - 08:35 PM

I have been removing malware and viruses from my mother's computer but I can't fix the rest. I would appreciate any help.




DDS (Ver_09-03-16.01) - NTFSx86
Run by Nancy at 20:30:26.32 on Sun 05/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.192 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nancy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: : {f16b6dda-48f0-4531-abe5-859f120858a1} - c:\windows\system32\pqimxfr.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: fentrzzz - pqimxfr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nancy\applic~1\mozilla\firefox\profiles\uuej1wua.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll

============= SERVICES / DRIVERS ===============

R0 iufbwuud;iufbwuud;c:\windows\system32\drivers\iufbwuud.sys [2004-8-4 23424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-2 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-2 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-2 298776]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-20 1251720]

=============== Created Last 30 ================

2009-05-03 20:12 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-03 18:22 161,792 a------- c:\windows\SWREG.exe
2009-05-03 18:22 98,816 a------- c:\windows\sed.exe
2009-05-03 12:24 <DIR> --d----- c:\docume~1\nancy\applic~1\Malwarebytes
2009-05-03 12:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-03 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-03 11:44 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-03 11:44 <DIR> --d----- c:\docume~1\nancy\applic~1\SUPERAntiSpyware.com
2009-05-02 19:50 <DIR> --d----- c:\docume~1\nancy\applic~1\Uniblue
2009-05-02 17:52 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-05-02 17:52 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-05-02 17:52 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-05-02 17:52 75,264 a------- c:\windows\system32\unacev2.dll
2009-05-02 17:52 153,088 a------- c:\windows\system32\unrar3.dll
2009-05-02 17:51 <DIR> --d----- c:\docume~1\nancy\applic~1\Simply Super Software
2009-05-02 17:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-05-02 17:04 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-02 16:38 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-02 16:38 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-02 16:38 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 16:37 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-02 16:37 <DIR> --d----- c:\docume~1\nancy\applic~1\AVGTOOLBAR
2009-05-02 16:37 <DIR> --d----- c:\program files\AVG
2009-05-02 16:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-02 16:09 <DIR> --d----- c:\program files\Trend Micro
2009-05-02 16:08 <DIR> --d----- c:\program files\CCleaner
2009-05-02 16:08 <DIR> --d----- c:\docume~1\nancy\applic~1\dvvabftb
2009-05-02 15:49 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-05-02 15:49 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-02 15:49 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-05-02 15:49 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-22 20:23 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-21 07:49 <DIR> --d----- c:\program files\MSECache
2009-04-17 08:24 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 08:24 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 08:24 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 08:24 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 08:24 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 08:24 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 08:24 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 08:24 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 08:24 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 08:24 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-17 08:24 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 08:24 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-06 13:36 91,520 a------- c:\windows\system32\WebIQEngineSetup.exe
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 13:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2008-09-14 15:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 20:30:53.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 piouy

piouy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 11 May 2009 - 12:18 AM

close please. I had it fixed.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:59 PM

Posted 14 May 2009 - 10:24 PM

Thank you for letting us know. This topic shall now be closed. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users