Jump to content

Vundo/redirect virus won't go away!


yoodle

Recommended Posts

Hello everyone. I've been having some problems with my computer for a few weeks now. It started with a lot of redirects when I would search google. I noticed that and decided to scan with Malawarebytes, which I use and update often.

All the scans I ran said everything was ok. Until one day I click on my MB icon and my computer can't find the program. Code 2 error. So I downloaded a randomly named MB and installed it in the MB program file and run the scan and the scan finds 28 vundo. h viruses. I quarantine and delete them and think everythin is ok.

But the redirects have started up again. MB doesn't find any viruses when I scan and I'm at a loss as to what to do. Thank you so much for any help you might be able to give me.

I've attached the "ark.txt" and "attach files."

Here is the DDS text:

DDS (Ver_09-12-01.01) - NTFSx86

Run by Chris at 19:04:44.50 on Tue 01/26/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.66 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com

uInternet Settings,ProxyOverride = localhost

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [LogitechGalleryRepair] c:\program files\logitech\video\ISStart.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

StartupFolder: c:\docume~1\chris\startm~1\programs\startup\2wires~1.lnk - c:\program files\2wire\WebWorks.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: ezboard.com\p086

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37998.6649305556

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs:

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\ne3sr5ef.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\chris\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\chris\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-29 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-29 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-29 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-29 297752]

=============== Created Last 30 ================

2010-01-27 02:52:42 0 ----a-w- c:\documents and settings\chris\defogger_reenable

2010-01-26 04:08:07 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-01-26 04:08:04 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-01-26 04:08:04 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-01-26 04:08:01 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-01-24 20:10:10 0 d-----w- C:\VundoFix Backups

2010-01-24 07:46:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-24 07:45:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-24 05:29:03 0 d-----w- c:\program files\Minnie

2010-01-13 06:36:45 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

2005-10-20 02:02:07 20921040 ----a-w- c:\program files\AdbeRdr705_enu_full.exe

2005-10-20 01:59:54 7050552 ----a-w- c:\program files\psa30se_en_us.exe

2005-10-20 01:59:09 762512 ----a-w- c:\program files\ytb612_efgsip.exe

============= FINISH: 19:06:51.01 ===============

Here's the most recent MB log file:

Malwarebytes' Anti-Malware 1.44

Database version: 3639

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/25/2010 8:55:26 PM

mbam-log-2010-01-25 (20-55-26).txt

Scan type: Quick Scan

Objects scanned: 112913

Time elapsed: 24 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.