Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Vundo Is Gone But Now My C: Drive Has Encountered A Problem And Needs To Close


  • This topic is locked This topic is locked
4 replies to this topic

#1 jdrumfury

jdrumfury

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 March 2007 - 11:39 PM

I seriously have tried every thing i have read about removing vundo and it seems so be gone but when i open windows explorer if i open C: the error will come up that says "windows explorer has encountered a problem and needs to close" I always get this error message- the wierd thing is that if i don't hit the close button on the error i can still browse my files for a few minutes untill i get three more error messages they don't stay up long enough for me to remember what they said butit closes the desktop clears for a second re-appears and then everything is back to normal except my sys tray i have to end my volumepanel and start it again to have it show back up in the sytem tray this is all so aggrevating!!

so i use avast, comodo firewall, spybot, adaware and super antispyware pro and wintasks is always fun

but since i started trying to get rid of vundo and a slew of other viruses month or two ago (haha) I have scanned with panda, housecall, windows live onecare Dr WebCureIt, vundofix, symantics vundo remover, virtumunde be gone, some other virus cleaner from avast, f-secureblacklight, Microworld Spyware utility kit v9.1.7 and of course Hijackthis
I think that's it.


i can't even try to start typing about my almost month long process of getting rid of this but i definantly did it in safe mode with system restore diabled and i supposedly have no viruses right now but i can't click through my files so something is up so thanks for you help here's my log





Logfile of HijackThis v1.99.1
Scan saved at 11:31:57 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLC.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\J\Desktop\hi\H.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O20 - AppInit_DLLs: ,
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

well this log has the error message on the screen oops heres one without after i hit close



Logfile of HijackThis v1.99.1
Scan saved at 11:35:47 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLC.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\J\Desktop\hi\H.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O20 - AppInit_DLLs: ,
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


thank you all so very much for your help

BC AdBot (Login to Remove)

 


m

#2 jdrumfury

jdrumfury
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 March 2007 - 11:42 PM

oh yeah, hi.exe is HJT I renamed the file does it matter where it is located as well does it?

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:59 PM

Posted 11 March 2007 - 12:21 PM

Hello jdrumfury and welcome to the BC HijackThis forum. I don't see any signs of any viruses or malware in the log. It is clean.

Let's check with a different scanner and see if it shows us anything.

Download wpf3u_new.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkbox in front of the following items to select them:
    • ColumnHandlers
    • ContextMenuHandlers
    • ControlSets
    • Disabled MS Config Items
    • File Associations
    • Policy Settings
    • Security Settings
    • Shell Spawning
    • Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes. It will be scanning a large amount of data so it could take some time to complete.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 jdrumfury

jdrumfury
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 11 March 2007 - 09:33 PM

I really appreceiate your help but since my last post I formatted my hard-drive and re-installed windows
(after finally recieving discs from dell and talk about getting angry i waited for 2 months with a messed up pc for discs from dell then the day i recieve them they tell me the reason my xps 400 didn't come with discs is because dell xps pc's have symantics PC restore so i didin't even need the friggin xp disc from the start i was hot!!!!

but yeah everything thing is working just fine and finally no more errors or viruses, I really appreciate your help and really like this site! any suggestions? on security since i re-installed windows i am using Avastv4.7,
comodo firewall, peergaurdian2 with 12 block lists and winpatrol any other suggestions thanks again

god forbid i ever get vundo or winfixer again that was crazy

Edited by jdrumfury, 11 March 2007 - 09:41 PM.


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:59 PM

Posted 12 March 2007 - 05:02 PM

Hi jdrumfury. You should be pretty well covered. I've never used Comodo, PeerGuardian or WinPatrol but they have pretty good reputations. I use Avast and Kerio for my AV and firewall and SpywareTerminator for an anti-spyware program and the MVP Hosts file for blocking websites.

Since this issue is now resolved I will close this topic. If you have any future malware related questions or issues please start a new topic.

Cheers and Happy Computing :B

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users