Over 1 million tech questions and answers.

Vundo Stinks

Q: Vundo Stinks

Hi, and thank you for your help (ahead of time). Contracted Trojan.Vundo somehow. Have run the Combofix, and Vundo is still showing up and corrupting my files. Here's my log. I'd appreciate next step directions and put Vundo to sleep forever!

ComboFix 07-12-12.3 - KCHijacked 2007-12-13 0:12:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.151 [GMT -8:00]
Running from: C:\Documents and Settings\Mary Myers\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts\Data\Mary Myers\avatar.dat
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts\Data\Mary Myers\corrupt.dat
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts\Data\Mary Myers\register.dat
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts\Data\Mary Myers\zbucks.dat
C:\Documents and Settings\Mary Myers\err.log
C:\Documents and Settings\Mary Myers\g2mdlhlpx.exe
C:\Documents and Settings\Mary Myers\ResErrors.log
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\0010951E
C:\Program Files\MyWebSearch\bar\Cache\005EACF0
C:\Program Files\MyWebSearch\bar\Cache\005EB1F1.bin
C:\Program Files\MyWebSearch\bar\Cache\005EB3C6.bin
C:\Program Files\MyWebSearch\bar\Cache\005EB6D3.bin
C:\Program Files\MyWebSearch\bar\Cache\005EDB34.bin
C:\Program Files\MyWebSearch\bar\Cache\005EDD08.bin
C:\Program Files\MyWebSearch\bar\Cache\00BB5B70.bin
C:\Program Files\MyWebSearch\bar\Cache\00BB61F8.bin
C:\Program Files\MyWebSearch\bar\Cache\00BB636F.bin
C:\Program Files\MyWebSearch\bar\Cache\00BB6534.bin
C:\Program Files\MyWebSearch\bar\Cache\00BB7215.bin
C:\Program Files\MyWebSearch\bar\Cache\00F6BC8D
C:\Program Files\MyWebSearch\bar\Cache\011A188D
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\newdotnet
C:\Program Files\newdotnet\nncore.dll
C:\Program Files\newdotnet\nnrun.exe
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atkdmcrc.dll
C:\WINDOWS\system32\axmltclf.exe
C:\WINDOWS\system32\bpfcefxe.dll
C:\WINDOWS\system32\bvamrwnr.dll
C:\WINDOWS\system32\crcmdkta.ini
C:\WINDOWS\system32\dkxtjdjy.dll
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\hybwdeha.dll
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\lissdoig.exe
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mochrnle.dll
C:\WINDOWS\system32\nbdjkbme.exe
C:\WINDOWS\system32\nwxkotxh.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qbsqumop.exe
C:\WINDOWS\system32\qiojgcqv.dll
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\system32\rqvmujwt.ini
C:\WINDOWS\system32\shdoxmwc.dll
C:\WINDOWS\system32\twjumvqr.dll
C:\WINDOWS\system32\ugieboht.dll
C:\WINDOWS\system32\uupygfsi.exe
C:\WINDOWS\system32\vbowowtr.dll
C:\WINDOWS\system32\vfwtojwh.dll
C:\WINDOWS\system32\vxoshxpj.dll
C:\WINDOWS\system32\whcpbben.dll
C:\WINDOWS\system32\wvarnjwy.dll
C:\WINDOWS\system32\wvhuqasg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR
-------\LEGACY_NNSERV
-------\NNServ


((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-12 20:38 . 2007-10-10 15:55 6,065,664 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-12 20:38 . 2007-06-30 19:31 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-12 20:38 . 2007-06-30 19:36 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-12 20:38 . 2007-10-10 15:55 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-12 20:38 . 2007-10-10 15:55 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-12 20:38 . 2007-10-10 15:55 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-12 20:38 . 2007-10-10 15:55 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-12 20:38 . 2007-10-10 15:55 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-12 20:38 . 2007-10-10 02:59 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-12 18:00 . 2007-12-12 18:04 <DIR> d-------- C:\Documents and Settings\Mary Myers\Application Data\OfficeUpdate12
2007-12-12 17:51 . 2007-12-12 17:51 127 --a------ C:\WINDOWS\system32\MRT.INI
2007-12-12 15:40 . 2007-12-12 15:40 <DIR> d-------- C:\Program Files\AskSBar
2007-12-12 13:05 . 2007-12-12 13:05 <DIR> d-------- C:\Program Files\Webroot
2007-12-12 13:05 . 2007-12-12 13:05 <DIR> d-------- C:\Documents and Settings\Mary Myers\Application Data\Webroot
2007-12-12 13:05 . 2007-12-12 13:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-12 13:05 . 2007-12-12 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-12 13:05 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-12 13:05 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-12 13:05 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-12 13:05 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-12 13:05 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-12 13:01 . 2007-12-12 15:38 164 --a------ C:\install.dat
2007-12-09 17:02 . 2007-12-09 17:02 <DIR> d-------- C:\Documents and Settings\Mary Myers\Application Data\Desktop Mechanic
2007-12-09 16:51 . 2007-12-09 21:28 <DIR> d-------- C:\Program Files\Desktop Maestro
2007-12-05 19:13 . 2007-12-05 19:13 807,468 --ahs---- C:\WINDOWS\system32\ghlipcjv.ini
2007-12-01 08:20 . 2007-12-01 08:20 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-29 09:38 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-29 09:38 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-29 09:36 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-29 09:36 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-28 10:47 . 2007-12-13 00:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-28 10:47 . 2007-11-28 10:47 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-27 19:25 . 2007-12-01 09:24 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-27 18:22 . 2007-11-27 18:22 326,459 --a------ C:\Temp\u900Y714.exe
2007-11-25 15:44 . 2007-12-03 19:08 770,471 --ahs---- C:\WINDOWS\system32\vyuseaje.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 22:23 --------- d-----w C:\Program Files\TurnOver
2007-12-12 22:03 --------- d-----w C:\Program Files\filesubmit
2007-12-12 21:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-02 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-01 16:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-01 16:51 --------- d-----w C:\Program Files\Norton Security Scan
2007-11-28 18:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-28 18:04 --------- d-----w C:\Program Files\COMPAQ
2007-11-28 17:54 --------- d-----w C:\Program Files\FirstClass
2007-11-28 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Borland
2007-11-28 15:14 --------- d-----w C:\Program Files\Common Files\Broderbund
2007-11-20 22:35 --------- d-----w C:\Program Files\AIM6
2007-11-20 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-20 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 05:39 --------- d-----w C:\Program Files\iTunes
2007-11-03 05:39 --------- d-----w C:\Program Files\iPod
2007-10-27 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-26 17:09 --------- d-----w C:\Program Files\Citrix
2007-10-22 18:57 524,288 ----a-w C:\WINDOWS\opuc.dll
2007-10-22 16:15 --------- d-----w C:\Program Files\Kodak
2007-10-20 15:05 --------- d-----w C:\Program Files\Java
2006-01-15 07:08 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-12-12 15:40 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{899bdb97-a5de-470d-9336-eca9f575656e}]
C:\WINDOWS\system32\wafidjds.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-12 15:40 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-12 15:40 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-12 15:40 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 06:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-07 05:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 13:34]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 14:45]
"OmniPage"="C:\Program Files\Caere\OmniPagePro90\opware32.exe" [1998-10-12 17:13]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 11:00]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 11:00]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 13:01]
"CARPService"="carpserv.exe" [2002-07-08 18:37 C:\WINDOWS\system32\carpserv.exe]
"AutoLogon"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2005-06-06 05:30]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2005-06-06 05:30]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2005-06-06 05:30]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2005-06-06 05:30]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [2005-06-06 05:30]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"DXDllRegExe"="dxdllreg.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 20:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"RegistryMechanic"="" []
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"DesktopMaestro"="" []
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8FB2D6CA-E258-48CF-9DAB-EEFB735E225C}"= C:\WINDOWS\system32\config\atww\ShellService.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"shellservice"= {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
C:\Program Files\Common Files\SpyGuardPro\bm.exe dm=http://spyguardpro.com; ad=http://spyguardpro.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
2002-01-22 15:46 131072 --a------ C:\Program Files\COMPAQ\Coloreal\coloreal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R2 filesvc;filesvc;\??\C:\WINDOWS\system32\config\atww\filesvc.sys
R2 procdrv;procdrv;\??\C:\WINDOWS\system32\config\atww\procdrv.sys
R2 regfil;regfil;\??\C:\WINDOWS\system32\config\atww\regfil.sys
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS
S2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
S3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINDOWS\system32\DRIVERS\epusbsto.sys
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-12 14:37:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 00:00:00 C:\WINDOWS\Tasks\Automatic Full Backup.job"
"2007-12-13 08:04:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-10-22 16:07:25 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2007-11-28 03:19:49 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2003-08-07 04:08:48 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-08-07 04:08:50 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-08-07 04:08:50 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2007-12-12 23:58:13 C:\WINDOWS\Tasks\wrSpySweeper_LA161958C879241D79AADF9DAE58A53B2.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- A:\
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 00:27:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2007-12-13 0:31:29 - machine was rebooted
.
2007-12-13 01:51:58 --- E O F ---

RELEVANCY SCORE 200
Preferred Solution: Vundo Stinks

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Vundo Stinks

Please download HijackThis to your desktop.. http://www.trendsecure.com/portal/en...HJTInstall.exe

Alternate link
http://download.bleepingcomputer.com...HJTInstall.exe

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.Just close it.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

If it gives you an intro screen, just close it


==========================


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:


Quote:





KillAll::
File::
C:\WINDOWS\system32\ghlipcjv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\Temp\u900Y714.exe
C:\WINDOWS\system32\vyuseaje.ini






Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Read other 5 answers
RELEVANCY SCORE 46.4

Hello,

Not sure if I'm writing for help in the correct category. Please let me know if I'm in the wrong place. I would also like to add that I am completely pc illiterate.

I recently lost my web cam connection. I've installed & reinstalled everything several times with no avail. I've even done a system recovery (boy was I was sweating when I did that) Thought that was the end of my pc! My friend is on a Mac notebook and is using aim 4.7 whom I am trying to connect with and I'm on a pc, (windows xp) Our connection (when we were able to connet a while back) was always very lousy but at least we were able to connect somewhat. We are both stay at home moms and we both really miss our web cam connection. I've tried to connect via aol, aim, aim 6.0 and aim pro which all did not work. I've called Labtec (web cam people) and they told me to call aol. I've called aol and they told me to call Labtec.

Any suggestions?

Regards,
Krisztina
 

Read other answers
RELEVANCY SCORE 46.4

The developer preview has been out for less than 24 hours. Nevertheless, let's start complaining!

I'll go first just to get the ball rolling...

The Metro UI absolutely sucks for any sort of computer other than a tablet/phone. I like my computers like I like my men: under the desk and connected to the power mains.

A:It Stinks!

Now that's funny right there.

Read other 61 answers
RELEVANCY SCORE 46

Hi All,I booted my pc and found that my home page had been changed to some kinda website called protect advanced cleaner. I downloaded some antivirus softwares and it removed some stuff and put my homepage back to msn.com but it's still grayed out and i can't change stuff cause it's telling me that i have to have administration priviledges to do that even though i am the administrator. Can someone look at my hijack log and see you can help me?I have a 13 year old daughter that uses my pc too and i would really hate for her to see some of the stuff pop up that i saw this morning. Oh and by the way, since i ran the anti virus programs and my homepage reappeared, every time i open IE i get the message that IE has encountered a problem and needs to close. I already had foxfire so that's what i'm using for now.Thank you in advance.TammyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:25 AM, on 2/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symant... Read more

A:Malware Stinks! Please Help Me

Hi tbrazel and Welcome to the Forums. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 15 answers
RELEVANCY SCORE 46

Hard drive froze last week, new drive, Windows 7 won't let me install IE8, only IE9. Really hate IE9 (tried the Beta when it came out). Just moved and all documents are 400 miles away. Would really like to download IE8. Not that computer literate. Thanks in advance.

A:IE 9 Stinks, can't get IE 8 to download.

IE8 is the default browser in Windows 7, just uninstall IE9 and then you have IE8.

Read other 6 answers
RELEVANCY SCORE 46

Trying to install photoshop with installshield.

My C: drive does not have enough room, so i tell it to install to a different drive, even after selecting one that DOES have enough space, it won't continue because it's STILL claiming the C: is the problem. I've changed my temp file directories under enviromental settings. But it still wants to install things on my C:
 

Read other answers
RELEVANCY SCORE 46

I have an Epson Stylus c80 inkjet printer that has never given me a good color print job. Mostly I always get those vertical bands and lines running through. I know that's probably a common thing, but I've tried every utility to solve it - the head cleaning, nozzle cleaning, etc. Nothing works. This has gone on since the day I brought it home, about 2 yrs ago. I only use Epson cartridges. I've contacted Epson..they just tell me to use Epson cartridges..I tell them I DO!..they just repeat themselves..so no help there.

I researched printers pretty thoroughly and thought I was getting a great printer. Now I don't trust myself! Any recommendations for a printer that does a good, reliable color printing? I've hung in with this disaster as long as I can.

I'm NOT doing any high-quality photo-type printing at all - - I'm just talking about printing quick, small things like jewel case covers, or things I do in Paint, or small pictures from the internet. The color itself is okay, but it's the bands and lines running vertically through them that are always present and I cannot solve. That's what I want to avoid in a new printer.
 

A:This printer stinks!

Read other 8 answers
RELEVANCY SCORE 46

Got the new FF update last night, what a bummer!!!  Many book marks disappeared, the look and feel has changed much to my dislike.  I wonder if I can revert to the last version?  Is anyone else not happy???
 
Phil 

A:New Fire Fox Stinks!

 My Firefox v56 updated yesterday to v57. My 'add-ons',the ones that i deem important ie. Ad-blocker & Privacy Badger were still there,so on that count everything was ok.
However,regarding the hoped for increase in broswer speed - it simply hasn't materialised !. It's as slow as v56,which was never that bad that i lost sleep over it.
 
   All my bookmarks are still in place,& the only thing that seems to have changed is the Homepage appearance. All in all,a waste of time - at the moment. I'll await further updates in the hope that eventually Firefox v57 will live up to the months  of 'hype'
 
   I had 'Auto update' turned on & it didn't update on the 14th. I turned auto UD 'off' & then had to turn it back on again for v57 to install,which it did within seconds.
 
  I suppose to give Mozilla the benefit of the doubt - this is a brand new version,'relatively' untried except for the Beta version,so we should expect a few glitches. However,since most of the hype was about 'speed' - i'd have expected that to be there from the first second it went live - it wasn't. Just something else that's been 'improved worse' !!!. (At the moment)

Read other 71 answers
RELEVANCY SCORE 46

Hello,
My computer is driving me crazy. I know its old but I cant buy a new one right now. It seams like something is always running in the backround. My AVG says that its not infected but I think it my be. Please help!
Dell dimension 8200
Win XP Service Pack 3
512 Ram
I know I dont have much RAM but the type this uses is expensive and I would have to buy it in pairs and the computer isnt worth the cost.
I downloaded the two scan to my desktop.
Thank you
Chris
here is my dds.txt.
i cant run the root reapel because it frezzes my computer
DDS (Ver_09-10-26.01) - NTFSx86
Run by chris at 21:25:34.73 on Sat 11/21/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.46 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hp... Read more

A:computer stinks

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 2 answers
RELEVANCY SCORE 45.2

First, forgive my if I have broken any posting rules. I'm not necessarily new at this, but I sure know how to make mistakes. Anyway here is a little information about what I'm working with:

ISP: Hughesnet

Software:
Avast Antivirus
AVG Anti-spyware
Webroot Spy Sweeper and of course
Hijackthis

Now, my computer is working fine, but I sense a parasite hoarding vital resources and thought maybe if my hijackthis log is analyzed, it could be found and killed.

I cannot express my gratitude as well as I should be able to, so I will say THANK YOU. Here is my hijackthis log:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO... Read more

A:Low Priority...Somthing stinks though...

Will anyone take my case? Please...

Read other 11 answers
RELEVANCY SCORE 45.2

I have been here, done this before, still need some advice.

I am using DirectCD 3.01C, on a PentiumII, 450 Mhz, Gateway PC with 256Mb RAM, and using a HP 9100 CD Burner. My Norton AV is updated weekly, so I know I don't have a virus.

I reformatted about a month ago because of this same problem. [you can look up my past letter on TSG] It was suggested I reformat the C: drive by a PC tech at a computer store after he played with my PC for a couple days, charged me $213, and didn't do a thing for me.

After I reformatted and reinstalled Adaptec DirectCD, I could copy small files and photographs neatly to a CD-RW and I could copy full CDs to CD-Rs with no problems. (I could alway copy full CDs with CloneCd without any problems.) Single file copying worked fine up until about yesterday, then I started getting the same problem ~ Adaptec DirectCD would not recognize an already formatted CD-RW with files on it. If it did recognize it, it would take a very, very long time to try to copy those few little files [10 to 300 kb long] and then it would quit with the standard error [it has become standard to me, I see it so much] "...this CD has an unrecoverable read/write error, you should move all your files off this disk, blah, blah, blah..."

Any suggestions or ideas out there? Am I one of the few [or many] that is beginning to think that this technology or the software is still in it's infancy and is not a really good way to backup or do I need another softw... Read more

A:Adaptec DirectCD STINKS!

Read other 16 answers
RELEVANCY SCORE 45.2

I have an Inspiron 1000. It originally had XP on it, but stupid me wanted the most updated OS so guess what I went and did?? That's right! I put vista on my lappy and now it just plain stinks! A slug moves faster than my laptop does!! How do I remove vista from my laptop and reinstall xp? I have tried reinstalling with cd and it doesn't give me the option to install(appears vista is alot harder to get rid of-kinda like the flu!) Can anyone give me instructions on how to do this? I have backed everything up so I am ready to dump! I am not a tech chick so go easy on me! Thanks a bunch!!!
 

A:Solved: Vista Stinks!

Read other 16 answers
RELEVANCY SCORE 45.2

Hey.. I've tried getting rid of cool web search so many times! I have adaware and run that.. and it get rids of it for awhile but then it comes back! i also run cool web search.. but hey.. does the same thing.. comes back!! I've tried to go thru that whole process of findnfix but i dont think the dude knew too much which i thought was fine.. cuz I'd try again.. but if anyone could help me it would be GREAT! Here is a fresh hijack log.. when its ON my computer.. if you want one when its not.. just tell me... by that i mean.. when i delete it for like 2 minutes
 

A:cool web search stinks! HELP!

Read other 10 answers
RELEVANCY SCORE 45.2

Okay. I want your opinions. I'm only going to use Vista for making screenshots and doing documentation. I wish I could avoid buying it, but I need it for an ongoing documentation project.

What version of Vista stinks the least?

I've ruled out Home Basic as too basic, and Ultimate as too expensive.

I'm trying to decide between Home Premium and Business.

Opinions?

Thanks!

 

A:Vista: Which version stinks less?

Read other 11 answers
RELEVANCY SCORE 44.8

I can't open a installasion, it closes change or remove programs, it closes most of the stuff!! Even it's own settings!!! So I'm asking if I can delete the DEP. Can I?
 

A:Data Execution Prevention Stinks

First make sure you are installing known good software (not something questionable).

You can disable DEP for the software you are installing by going to System Properties > Advanced tab > Performance settings button > Data Execution Prevention tab > tick the button for Turn on DEP for all programs and services except for those I select. Then Add the program you are having trouble with.

You can also completely disable DEP for all programs by editing the boot.ini file (C:\boot.ini) by changing /NOEXECUTE=OPTIN to /NOEXECUTE=ALWAYSOFF. You must reboot for the change to take effect.
 

Read other 3 answers
RELEVANCY SCORE 44.8

DSL (cable)- download speed is great, but the upload speed has gone away. Seems that I can send emails and such but at a much lower speed. I attached a log to look at. Any help is appreciated. Win98se and IE6

Logfile of HijackThis v1.97.7
Scan saved at 8:28:02 AM, on 5/6/04
Platform: Windows 98 SE (Win9x 4.10.1998A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\PROGRAM FILES\BITWARE\CBWATTN.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\BITWARE\CBWHOST.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\FOUR PURE FUNK\MAPIGREYBROWSE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY MUSIC\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/sea... Read more

A:Send speed stinks, recieve is ok though

fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.firstbankonline.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/...&query=%s&i=enu

also i believe this entry is bad:

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
 

Read other 3 answers
RELEVANCY SCORE 44.8

Last week i brought my 2.5 yrs old T440 to Lenovo Bugis suppt center to replace a cracked LCD back cover (one fine day i noticed a crack along the righthand side hinge and after opening, the cover was hard to close & open!). I had a queue tkt that said waiting tme approx 5 mins, but it took 20 mins for the front desk asst to call me. He rightly said the warranty had expired and they need to charge me $50 (+gst) to assess how much it would cost to fix it. When i asked what they want to assess as the laptop was working fine, he said in that case i should pay $30 - to source for the broken part and only after that they can tell how much would the total repair cost be! To me, it didn't make sense as they are the 'makers', but the guy started explaining the parts are made by 3rd party suppliers and and that's the process they hv to follow for 'older' models! Then another colleague of him came to explain, but he also couldn't tell me the rational for not able to tell me upfront the charge for replacing a 'highly visible' broken part! They are cheats in my opinion!! I have been a ThinkPad user for nearly 20 years and never experienced such poor quality machines and bad service!!! Hell with Lenovo.

A:Lenovo Singapore Support stinks

since your machine is already out of warranty, source it online for 3rd party and get it done. Im having hell with my Lenovo too.

Read other 1 answers
RELEVANCY SCORE 44

As online gaming grows in popularity ESET researchers found that cybersecurity measures haven't kept pace as 36 percent gamers reported actively turning off security software if they found it was slowing down their computer.

The study, conducted by Google Consumer Surveys, polled 500 gamers and found that 52 percent of respondents said they don't even use security software on their gaming computers, according to a Sept. 13 blog post.

Gamers stated numerous reasons for their lack cybersecurity hygiene with 20 percent saying they don't need it, 13 percent saying they don't like they pop ups, 12 percent saying it slowed down their computers, and eight percent saying that it interrupts their gaming experience.

Researchers warn whenever security settings are disabled, users run the risk of malware stealing their login credentials and using gaming accounts for malicious activity which could lead to the legitimate user getting banned from the gaming platform for someone else's actions.

The stolen accounts could be used for botting, item farming, and other activities without the account owner's knowledge.

Full Article. Study finds gamer cyber hygiene stinks
 

Read other answers
RELEVANCY SCORE 34.8

Deckard's System Scanner v20071014.68Run by korisnik on 2008-05-28 00:31:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-05-27 22:32:05 UTC - RP1 - Kontrolna točka sustavaBacked up registry hives.Performed disk cleanup.-- HijackThis (run as korisnik.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 0:32:58, on 28.5.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\nvsv... Read more

A:Infected With Vundo,vundo B,vundo.dll.,virtumonde

Hello dujma and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not cha... Read more

Read other 2 answers
RELEVANCY SCORE 34

I have tried to use SUPERAntiSpyware to remove this and each time I remove it and then reboot windows will not start...So I have to start windows from its last good configuration. My norton has also picked it up and tried to fix it doesn't seem to work either. I tried Vundofix as well..it found it and then fixed but still its there. I think there is also alot more going on besides that. My computer is running very slow..the background has changed to a antispyware add and I'm getting tons of popups as well as a rund.dll error message and my homepage has been changed. Thanks for reading hope you can help.Hijackthis log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:39:05 AM, on 4/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdat... Read more

A:Adware.vundo, Adware.vundo-variant/small A, Vundo Trojan..need Help

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved. Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter. Use fluffybunny.exe from now on.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt, rapport.txt and a new HijackThis log in your next reply.

Read other 21 answers
RELEVANCY SCORE 33.2

Greetings,I have been struggling for over a week to remove a bad infection of what seems to be multiple viruses, including Virtumonde, Vundo.H, Rootkit TDSServ, MS Juan, and MS Track System. (I had Super Super Anti Spyware 2008, at one point as well).I have read numerous forums, and have followed instructions to run the latest versions of SpyBoy S&D, Adaware, SuperAntiSpyware, MalwareBytes Anti-Spyware, and VundoFix 7.0.6. While I seemed to get the infection(s) against the ropes, it continues to persist and re-populate itself (and others) on my PC.The PC runs slow, I get Firefox pop up windows, and my Internet Explorer 6.0 settings have been dropped to accept all cookies (even when I change them back to default).I was running an older version of Java which I have since uninstalled. I have downloaded and installed the latest version.RSIT / HJT Data Report follows....Please help me!Logfile of random's system information tool 1.05 (written by random/random)Run by Robert at 2008-12-21 23:44:00Microsoft Windows XP Home Edition Service Pack 3System drive C: has 9 GB (25%) free of 38 GBTotal RAM: 511 MB (36% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:44:13 PM, on 12/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\sy... Read more

A:Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 2 answers
RELEVANCY SCORE 33.2

Hello, I inherited a computer and installed photo editing software and UN-installed other unneeded software. While surfing for photo editing tutorials I clicked on a link that looked promising and the mayhem started. All kind of popup windows. Warnings that asked me to click to scan the computer, adds etc. Now my google searches are all re-dirrected. Avg and superantispyware found these: Trojan Horse Crypt.mxcTrojan Horse SHeur2Vundo/Varient-SenoritaVundo -{Fixed}Avg and superantispyware reported these as quarantined but after reboot another one is found again.I disconnected the internet wire and all is calm but I expect the mayhem to start again when the internet is hooked back up. I hope you are able to help and do appreciate your time. And I hope I did my homework and that these are the files you need.Thank you in advance.DDS (Ver_09-12-01.01) - NTFSx86 Run by Dur at 15:31:27.67 on Tue 01/26/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2714 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost -k DcomLaunchsvchost.exeC:\Windows\System32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Windows\system32\s... Read more

A:Trojan Horse Crypt.mxc and SHeur2, Vundo/Varient-Senorita, Vundo -{Fixed}

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 33.2

I have Vista32 and managed to aquire some malware that is causing massive ammounts of popups and general mayhem when i try to remove it.
The malware found is Vundo.gen!R & Vundo.gen!H.

I have partially managed to clean the system however now i also get a rundll error.... c:\windows\system32\ssqNDvts.dll

Syware doctor doesnt find anything however Defender keeps on finding and trying to clean the file which caused my browser to completely crash everytime it was loaded so i had to use vista system restore to get it all working again, unfortunately the last known good restore point also has the malware on it so i just keep going round in circles.

If someone could please offer me a solution it would be much appreciated.

My Hijack this log looks like this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:16, on 26/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\... Read more

Read other answers
RELEVANCY SCORE 33.2

Hi.. I'm having problems with multiple virus/malware infections. My computer is running very slow at times and im limited as to what I can do at times also. For example, yesterday I couldn't click on any programs on my start list until I restarted my computer. I've uploaded the attach.txt file as well as my most recent log file from Malwarebyte's antimalware and hijack this. Thank you very much for your help... please let me know if there is anymore info needed from me. Take care -ShawnDDS (Version 1.1.0) - NTFSx86 Run by Home at 19:51:21.19 on Sun 01/04/2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uStart Page = hxxp://www.aol.com/?src=aimuURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dlluURLSearchHooks: H - No FilemURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dllmWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\wmsdkns.exe,BHO: {0a935262-9b91-4352-9c18-d679a63c682b} - c:\windows\system32\yatumeva.dllBHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dllBHO: Google To... Read more

A:Multiple virus help needed - vundo.h, vundo, trojan.agent

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Read other 6 answers
RELEVANCY SCORE 33.2

Please help!!!!

I have got the vundo!generic and Vundo.YF virus detected by ETrust Antivirus software that I have on my laptop. Now even though the antivirus is deleting the files on regular basis but the virus is still not gone.

I went through other forums and I am sure that this is the right place where I can get help. Advertisement pop up keep coming every now and then. Please help me get rid of it.

I installed HijackThis and please find below the log for the same.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:12 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\N... Read more

A:Solved: Please help to remove win32?vundo!generic and vundo.YF virus

Read other 11 answers
RELEVANCY SCORE 33.2

Hello.

I have started a new thread as my problems have changed. My previous thread was called "Bad Image Messages & Spybot Change Requests" of which I did not receive any response.

Problems: I was running anti-virus software Ad-Aware, Spybot, Malwarebytes, and F-Secure. I was continuously having Spybot popup and ask about registry changes which seemed suspicious. I uninstalled Ad-Aware and Spybot and am now only running Malwarebytes and F-Secure. I am working with Windows XP professional operating system.

I have run malwarebytes many times to remove trojans and after it finishes its scan, it will detect between 12-18 trojans. After using the program to remove them and restart the computer, an additional scan reveils they are still there. Additionally, after "removing" the trojans with Malwarebytes, my F-Secure pops up saying there is a "FakeAlert" and asks to quarentine it.

My main complains are popups (in both firefox and internet explorer) and the computer is running VERY slow. The bad image messages at startup have only reappeared once.

Trojans: (found by Malwarebytes) Vundo, Agent, BHO, Vundo.H

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:03 PM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\... Read more

A:Trojans: Vundo, BHO, Agent, Vundo.H HTLog Included! new thread

Read other 12 answers
RELEVANCY SCORE 32.8

Hi My system is ifected with spyware ,windows xp,sp2Intially i was unable to search google and yahoo then i installed auperantispyware,then Mcafee after i restated after installing both ,the desktop items and task bar disappeared,then i installed the malware anti bytes ,then i gor desktop and icons back but i got an error dll is missing,when i restated again i didnt get error,but pops increasedi have installed superantispyware,Malware antibytes,hijackthisPlease find the logsSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/18/2008 at 07:37 PMApplication Version : 4.15.1000Core Rules Database Version : 3483Trace Rules Database Version: 1474Scan type : Complete ScanTotal Scan Time : 00:31:29Memory items scanned : 466Memory threats detected : 1Registry items scanned : 6572Registry threats detected : 6File items scanned : 19162File threats detected : 34Adware.Vundo Variant/ResidentC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLTrojan.Vundo-Variant/Small-GENHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32#ThreadingModelAdware.Tracking CookieC:\Documents and Settings\kiran\Cookies\k... Read more

A:Please Help Infected With Adware.vundo Rel/variant And Trojon.vundo

Hello newmember123 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Addi... Read more

Read other 10 answers
RELEVANCY SCORE 32.8

Hi all at BleepingCounter,I have recently got infected with several nasty virus / worms and trojans from my school computers. I have since went to reformat my notebook along with my external hard disk (HDD).But when I did a virus scan with AVG, I found several infections, whereby I immediately google the possible solution to getting rid of these pesky troubles.From the SUPER Anti Spyware thorough scan, I have been infected with the Adware. tracking cookie and Adware. Vundo Varient/Rel. I have tried to delete it several times, but it refused to be deleted with SAS.Then I found this website offering great solutions, so I immediately downloaded the Malwarebyte's Anti-Malware which showed that the vendors were Trojan Vundo, Trojan Agent and Malware trace from the quick scan.And I also saved the logfile of the Trend Micro scan..My operating system is Windows XP, it was downgraded from Windows Vista Business. And I currently have AVG 7.5, Avast! Home Edition 4.0, SAS AND Malwarbyte's Anti-Malware.I am really quite new and ignorant of these viruses and programs, but I am doing whatever I can on my part to save my notebook and I hope that you guys might be able to save my notebook too, it is at present only 3 days old before I received all these nasty viruses!So I copied and pasted the Hijack file file below... And then I also copied and pasted the log from after I clicked removed selected during the Malwarebyte's scan..Am I being paranoid or do I have more viruses?Logfile of... Read more

A:Infected With Trojan.vundo / Adware Vundo Varient/rel

Hello Jacintha and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 10 answers
RELEVANCY SCORE 32.8

Ever since I returned home from break, I have this program that runs on startup that says "Security Warning: Your computer may be infected with harmful or unwanted software!" And whenever I run VundoFix, it does not find ljjiifc.dll, when i googled the .dll a bunch of german sites came up talking about how to get rid of it, however i don't speak German >.> After running VundoFix, it searches fine, cleanes just fine, but then the files come back. Randomly I get popups, firefox gets an 0x0xxxxxxxxx error every time i close it and my sound driver often has an error and closes, so that I don't have sound until i restart. Please help me! This is ruining my school work and leisure fun!

Logfile of HijackThis v1.99.1
Scan saved at 1:16:58 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0... Read more

A:VundoFix removes vundo, but the vundo reappears...ljjiifc.dll

I just noticed something else, in Firefox or Internet Explorer, if I'm viewing anything with audio, the audio will be barely audible. I have 5.1 speakers and I have to put the audio at 3x the norm to barely hear what is playing...not sure if that has anything at all to do with the Trojans but figured I would mention that.

Read other 13 answers
RELEVANCY SCORE 32.8

Hi everyone, this is my first post, thanks for reading.My new HP laptop runs Windows XP 32 bit. I have repeatedly contracted virtumonde and vundo in the past 6 months, and in past episodes I have used the factory-system restore CD to reset my hard drive and system settings, thereby erasing the virus.But earlier this week, I ended up with Vundo again. I have used Avira, Spybot, and Malwarebytes, but as I've learned through experience, they delete instances of vundo, but do not remove the root cause. Malwarebytes pulls up 7 files on each run, each named Trojan.Vundo.H or Trojan.Vundo.BOH or Trojan.VundoThis episode seems to be more complicated than earlier occasions. After performing a full restore, and before reloading software onto my machine, I plugged in my external hard drive - then Vundo infected my system again. It is completely impossible for me to reformat my external hard drive, as I have legally binding and career crucial documents on the external hard drive. I have run those programs on the external hard drive as well, and it does discover Malware files.If it might help, I have a mac computer as well, so if there is any way to run an antivirus program from the mac to clean the external hard drive, I can do that.Any help you can offer would be astoundingly appreciated. Best, BillWith the external unplugged, I just ran HijackThis, pasted below.I also ran Malwarebytes, and have pasted that log below as wellHIJACK THISLogfile of Trend Micro HijackThis v2.0.2Scan saved a... Read more

A:Vundo (Trojan.vundo.h) on XP and external hard dive

Hello.Re-run scan with MalwareBytes Anti-MalwareYour MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.Post back with a new DDS logs as well.With Regards,Extremeboy

Read other 3 answers
RELEVANCY SCORE 32.8

Hey guys. So recently I've been getting pop ups from my Norton 360 notifying me that there was a Trojan Vundo trying to access my computer and I kept trying to block it and it was successful but I keep getting annoying pop ups when I never had this before.

This is a brand new computer that I've had for maybe a month now. I've only started having problems this week after I re-downloaded Open Office.

I tried running the Vundo Fix but it couldn't find any infected files so I ran Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:20 PM, on 10/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Commo... Read more

A:Trojan Vundo Vista - Vundo Fix didn't find anything

I'm gonna run Norton 360 and then re-run Hijack This and see what I can come up with and then I'll re update you guys.
 

Read other 1 answers
RELEVANCY SCORE 32

My windows xp machine has a virus. It was running very slow. I ran combofix and it now runs much better, but my symantic still finds a few hundred vundo and vundo.b trojans. It cleans and quarentines them fine, but i'd likr to erradicate the root cause. Any help would be greatly appreciated.Thanks very much.Here is my dss log and dss extra log:Deckard's System Scanner v20071014.68Run by Louie on 2008-05-01 17:30:55Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --12: 2008-05-01 22:31:04 UTC - RP12 - Deckard's System Scanner Restore Point11: 2008-04-30 21:32:57 UTC - RP11 - System Checkpoint10: 2008-04-29 20:32:57 UTC - RP10 - System Checkpoint9: 2008-04-28 20:05:26 UTC - RP9 - System Checkpoint8: 2008-04-27 19:05:17 UTC - RP8 - System Checkpoint-- First Restore Point -- 1: 2008-04-23 02:32:31 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Louie.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:31:37 PM, on 5/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WI... Read more

A:Widows Xp Something Repeatedly Installs Vundo And Vundo.b

Hello Comicbook and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complet... Read more

Read other 5 answers
RELEVANCY SCORE 32

Hello, I read your rules and tried running everything you said. I removed viewpoint media player myself and installed the ie spyad.txt file as described. Pandascan and Deckard however wouldn't work for me. Panda's site wasn't responding and dss.exe crashes when it tries to clean my temporary files. I made sure nothing else was running when running DSS as well. As for the updates, unless they're critical to removing this virus, I can't even download them in a timely manner to keep up with you as I'm on 56k. Enough rambling, I ran your Vundo removal tool and it DID remove the Vundo virus, but I still have random popups in Firefox linking back to adult sites. It's not creating the IDKFA file it was before since I ran your Vundo tool, only popups are left. Sorry for rambling so much, here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:55 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Co... Read more

A:[SOLVED] Another Vundo Infection, Vundo.N variant

Just wanted to be sure you've intentionally marked this as solved.

If you still need help, or just want to be sure....

To run DSS, do this:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Please run Deckard's System Scanner once again, this time using these instructions (this assumes dss.exe is on your desktop):

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config UnTick Temp Cleanup on the left side, UnTick Event Logs on the right side.

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.

Read other 2 answers
RELEVANCY SCORE 32

Hello Team,
I have been affected witn vundo virus. When i start IE, a pop always appears to scan my laptop for free. I am running spybot and TeaTimer displays warning about BHO is being added, but if i denied that change it is again gives me warning that someting is being added with the same registry key. When i open and see the spy-bot's BHO section it is showing that registry entry as mllmj.dll for that regirstry key entry. Follwing is HIJackThis Log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:51 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Pr... Read more

A:Help me removing vundo and vundo.generic maleware

Hello shahankitb, and welcome to TSF.

My apologies for the delay. We're all volunteers, and we've been swamped.
We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/comb...o-use-combofixWhen the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317

Read other 16 answers
RELEVANCY SCORE 32

I just noticed today that I was getting strange popups on sites where their are none such as facebook and youtube. I scanned with Malawarebytes and it found a couple trojans. It restarted to delete them and on restart I got a RUNDLL error about the file that was just deleted and then a barrage of Avira warnings about the same DLL. When ever I try to delete it it just comes back.Thank you in advance,NecoLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:25:25 PM, on 11/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\IntelDH\CCU\AlertService.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHo... Read more

A:Vundo.H and Vundo infection / Random Popups

Hello Neco,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Do not attach your log, as that makes it hard to read. **********************Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply. Do not attach your log, as that makes it hard to read.**********************Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txt
Do not attach your logs, as that makes it hard to read.

Read other 2 answers
RELEVANCY SCORE 32

Over the past few weeks I keep getting a recurring Antivirus Pro 2010 infection. I've "cleaned" it with Malwarebytes, AdAware, and SpyBot. It keeps coming back! I subsequently ran StopZilla and was alerted to the additional infections of Vundo.A1, Vundo.A2, and PWS.ABD. I didn't want to purchase StopZilla to clean it due to my unsuccessful attempts with 3 other scanners, but it was interesting that the Vundo and PWS.ABD had not been founds with the former scanners and only StopZilla. I have run ComboFix and HijackThis logs and have attached them in the event you may find them useful. Thanks in advance for your assistance.

A:Antivirus Pro 2010, Vundo.A1, Vundo.A2, PWS.ABD Infection!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 32

Hi,

I'm running Windows XP on a netbook. As of yesterday, Symatec Endpoint Protection detected the Trojan.Vundo/Suspicious.Vundo viruses in almost all my system files. Sometimes, Symatec manages to clean one or two files, but it's detected 100+ that have been infected. I've tried System Restore but it wouldn't revert back to a previous state. I don't believe that this is the work of the virus, because I've tried using System Restore about 6-7 months ago with no luck. I've tried using VundoFixer to fix it but it did not detect anything.

The DDS, attach.txt and ark.txt are below/attached.

------------------------

DDS (Ver_09-10-26.01) - NTFSx86
Run by Cindy at 22:11:06.82 on Wed 10/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.217 [GMT -2.5:30]

AV: avast! antivirus 4.8.1356 [VPS 091028-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files&#... Read more

A:Trojan.Vundo/Suspicious.Vundo Virus

Hello paperstarsWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked b... Read more

Read other 11 answers
RELEVANCY SCORE 32

Hallo there,as you can see from the topic i have three trojans in my pc which i can't remove. I folowed the "Preparation Guide For Use Before Posting A Hijackthis Log" and i'm posting the log file.Any help appreciated!!!!Dimitris********************************************************************************Logfile of HijackThis v1.99.1Scan saved at 2:19:19 PM, on 5/4/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\lkcitdl.exeC:\WINDOWS\System32\lkads.exeC:\WINDOWS\System32\lktsrv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Fil... Read more

A:Infected With Vundo Dlm 13, Vundo Gen, Crypt Xpack Gen

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Dim Download SDFix and save it to your desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.zipPlease then reboot your computer into Safe Mode by doing the following :* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode, right click the SDFix.zip folder and choose Extract All,* Open the extracted folder and double click RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.****************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop C... Read more

Read other 9 answers
RELEVANCY SCORE 32

I am running XP sp3 on a Fujitsu 1610 laptop. Some of McAfee logs show many of the trademark dll's that I have read are specific to vundo (alternating connosonants and vowels); these also have the same modified date of around 24 July 2009.

McAfee now won't scan manually (comes up with an error message). I downloaded the McAfee virtual technician, and that won't run at all once I installed it. (no error messages, just an hourglass for a few seconds). Just checking again, McAfee wont start at all (although task manager shows McShield running).

Adaware at first found some of the bits and pieces, but now finds nothing, or asks to run again in safe mode, which vundo has apparently blocked somehow (if i try a safemode boot, it just reboots the whole machine again). I made the mistake of trying to force a safemode boot in msconfig, and was only able to get out of that fix by an external boot disk and editing the file.

Right now, msconfig.exe is chewing up about 90% of the cpu cycles.

I do have hijackthis and Malwarebytes loaded.

If someone could direct me to a process to get rid of this, I would much appreciate it!

Terry

A:Vundo: McAffe now won't scan, Vundo fix doesn't fix

Download this file and save it to your desktop:http://download.bleepingcomputer.com/grinler/rkill.scrDouble-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.

Read other 11 answers
RELEVANCY SCORE 32

Hello. For the past week I have been getting constant notifications that I'm infected with the Vundo trojan virus. I booted into safe mode, ran scans, and deleted parts of it (once the scan was over it would tell me to reboot so that it could delete the rest on boot up, but it hasn't every time) but it keeps coming back. I've read up a little on vundo and found that it is a registry virus but I have no idea what that means. I use AVG Free 8.5, SUPERAntiSpyware, and Malwarebytes' Anti-Malware but even with using these it still comes back. So could I please have a little help with getting this thing off of my computor once and for all?

Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 5:23:40 PM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\Viewpoin... Read more

Read other answers
RELEVANCY SCORE 32

I have Vundo & Vundo.H on my computer, I need help trying to get rid of it ASAP. Here is my hijack this log.

My AVG antivirus keeps telling me I have something called Adware Generic 3.AGIU or something like that in a file called C:\windows\system32\sqwgys.dll and when I did a scan with malwarebytes that same file came up with it being Vundo.H.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:56 PM, on 12/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHe... Read more

Read other answers
RELEVANCY SCORE 32

Hello,
My computer has been experiencing a number of problems over the past few days. McAfee Virus Scan has identified: Generic.dx, Vundo.gen.m, and Vundo.gen.k Trojans. Spybot is constantly detecting registry changes. The browsers were taken over at one point (i.e., popups, home page changes, etc). And on boot up I get a screen that comes up and tell me that I have “disk error” and “press any button to continue”- it always boots though and I am not sure of the real purpose of the screen. I have ran just about everything, but with little logic behind it (just hoping that I would be lucky resolving the problem): Spybot (running since before problems), Spyware Blaster (running since before problems), MCAfee(running since before problems), Ad-Aware, SuperAntiSpyware, etc… and although things are better, Virus Scan still catches a random file, still operating slowly, Spybot still identifies random problems, and the weird disk error screen came back. Clearly I need the help of some real experts, and I would greatly appreciate any help from those on this board. Below are the most recent HJT and ComboFix logs.
Thanks,
Tim


HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:25 PM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
... Read more

A:In need of help- Generic.dx, Vundo.gen.m, and Vundo.gen.k based problems (and more?)

Ok so no help I guess...
 

Read other 2 answers
RELEVANCY SCORE 30.8

Hi all,Just wanted to say thank you to all who participate on this and other forums like it. I can see the effort it takes to troubleshoot these problems and really appreciate the help!Anyway...My significant other uses this laptop with XP and is not the most computer literate when it comes to noticing bad links and the like. She noticed a lot of crazy popups and other strange behavior so I downloaded and ran AVG. Which found the trojans I listed in the Topic Title. I thought it fixed the issues, but still get "can't find c:\windows\system32\rafaweti.dll" at startup. I ran Trend Micro and attached the log here. I edited the beginning of the log file to show what AVG found initially.I'm afraid there are still some funky apps lurking in my PC. Please help!!Thanks much!!Bill

A:SHeur2.BHAH...Vundo.KC...Vundo.KE

Hi bunkyscottWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. Please do this.Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.Thanksmaranatha

Read other 3 answers
RELEVANCY SCORE 30.8

I have been getting fake spyware popups and off the wall ad popups. I ran Malware Bytes and SuperAntiSpyware to clear Vundo H a week ago,and tried to use the same scanners to clear this but I have run into a brick wall.

Would you review my HJT log (below) and help me thru this?

Thanks,

Candi

________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:48 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Ja... Read more

A:I killed Vundo H but now I have Vundo with possible MS Juan again...please help

Read other 10 answers
RELEVANCY SCORE 30.8

Compaq laptop
Windows XP home
MS Auto updates -- disabled on Win startup
Auto updates cannot be enabled
Auto updates process cannot be started
Browser hijacked
pop ups
blank "404" when navigating to search engines or virus detection sites
System is bogged down with 100% cpu activity -- if connected to internet
System available if internet connection is disabled, NIC / wireless unplugged

Symantec vundo scanner in safe mode turns up no hits
Eset may have quaranteed and deleted some of the malware -- msg regarding 'Virtumondo', though it did not prevent escalation of system takeover by attack.

When I found this site (techsupportforum.com), I followed instructions to provide attached files.

Thanks for any help identifying and eliminating this problem. I like the apparent 'upgrades' to the HJT file/logs (attached from your scanners -- nice job). Impressive. I would like to learn more from you. Thank you very much for being available.
Keith

A:Vundo symptoms -- not Vundo trojan

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system. It looks like Vundo is indeed still present on your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine befo... Read more

Read other 8 answers
RELEVANCY SCORE 30.8

I have the vondo and vondo h virus according to anti-malware bytes.

I have windows xp and have installed and run anti-malware bytes a number of times in safe mode. I still have the virus when I run a quick scan with AMBytes. I have also run boot-time scans with avast free home edition. (my AMB is also the free version).

I tried uninstalling ie 7, then downloading ie 8 and installing it, that did not help. I can't get windows update to load since I assume that resource is being blocked by the virus/worm.

I have service pack 3. I am looking for help please - what else can I provide for information?

thanks in advance, matthew

A:vundo and vundo h virus/worms

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally and try rescanning again.Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Please downl... Read more

Read other 19 answers