Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vundo - Please help!


  • Please log in to reply

#1
cestmoi1337

cestmoi1337

    New Member

  • Member
  • Pip
  • 1 posts
Hi,
I have a big problem with my computer running Vista Ultimate. I have this blank pop-ups coming up all over the place and all my true pop-ups have become blank as well, I tried to run the Panda online scanner but since it runs in a pop-up I couldn't run it. Every time I try to open Windows Explorer, it closes itself so I can't access the Control Panel. The Explorer.exe process keeps shuting down. I already ran my Avast, Spybot, Ad-Aware without any luck. I ran the VundoFix and it finds a dll bu when I hit the delete button, the program just hangs. I also tried the Virtumundobegone without any luck. I'm running a program called BHO Demon and it tells me all the time that there are this BHOs adding themselves with random names but there is one that doesn't change called vtsqn.dll. I've tried disabling this dll with msconfig, BHO Demon without any luck. This is my HijackTHis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:04 PM, on 3/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
I:\Windows\system32\taskeng.exe
I:\Windows\system32\Dwm.exe
I:\Program Files\Windows Defender\MSASCui.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\Program Files\Alwil Software\Avast4\ashDisp.exe
I:\Program Files\LogMeIn\x86\LogMeInSystray.exe
I:\Program Files\Unlocker\UnlockerAssistant.exe
I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
I:\Program Files\Windows Media Player\wmpnscfg.exe
I:\Program Files\BHODemon 2\BHODemon.exe
I:\Windows\system32\rundll32.exe
I:\Windows\system32\rundll32.exe
I:\Windows\system32\NOTEPAD.EXE
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Windows\system32\rundll32.exe
I:\Windows\system32\rundll32.exe
I:\Windows\system32\rundll32.exe
I:\Windows\system32\Taskmgr.exe
I:\Windows\system32\rdpclip.exe
I:\Windows\system32\wuauclt.exe
I:\Windows\explorer.exe
I:\Windows\system32\SearchFilterHost.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "I:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] I:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [UnlockerAssistant] "I:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE I:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe I:\Windows\system32\ddaby.dll,#1
O4 - HKLM\..\Run: [THGuard] "I:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [BMfb32c8ed] Rundll32.exe "I:\Windows\system32\kbpeskfk.dll",s
O4 - HKLM\..\Run: [7dcdcfef] rundll32.exe "I:\Windows\system32\qgkelrqc.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] I:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] I:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = I:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - I:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - I:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - I:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - I:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - I:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 6413 bytes

This is the VBG.txt log:

[03/21/2008, 17:51:45] - VirtumundoBeGone v1.5 ( "I:\Users\Gus Revolorio\Desktop\VirtumundoBeGone.exe" )
[03/21/2008, 17:51:49] - Detected System Information:
[03/21/2008, 17:51:49] - Windows Version: 6.0.6000,
[03/21/2008, 17:51:49] - Current Username: Gus Revolorio (Admin)
[03/21/2008, 17:51:49] - Windows is in SAFE mode.
[03/21/2008, 17:51:49] - Searching for Browser Helper Objects:
[03/21/2008, 17:51:49] - BHO 1: {22342B44-5B98-4B30-9D53-C182AD8DF217} ()
[03/21/2008, 17:51:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/21/2008, 17:51:49] - Checking for HKLM\...\Winlogon\Notify\ddcya
[03/21/2008, 17:51:49] - Key not found: HKLM\...\Winlogon\Notify\ddcya, continuing.
[03/21/2008, 17:51:49] - BHO 2: {453523B8-1CE9-477B-9ADA-AB1DFFEE95C1} ()
[03/21/2008, 17:51:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/21/2008, 17:51:49] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[03/21/2008, 17:51:49] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[03/21/2008, 17:51:49] - BHO 3: {46c5e391-c6af-4f1b-ba2e-f0f7b325643f} ()
[03/21/2008, 17:51:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/21/2008, 17:51:49] - Checking for HKLM\...\Winlogon\Notify\klomgyvx
[03/21/2008, 17:51:49] - Key not found: HKLM\...\Winlogon\Notify\klomgyvx, continuing.
[03/21/2008, 17:51:49] - BHO 4: {4A196E89-906F-4150-9A52-A41BF6EA16FB} ()
[03/21/2008, 17:51:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/21/2008, 17:51:49] - No filename found. Continuing.
[03/21/2008, 17:51:49] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/21/2008, 17:51:49] - BHO 6: {a8a6d753-d61e-4a1b-a5bc-74566c2df6d8} ()
[03/21/2008, 17:51:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/21/2008, 17:51:49] - No filename found. Continuing.
[03/21/2008, 17:51:49] - Finished Searching Browser Helper Objects
[03/21/2008, 17:51:49] - Finishing up...
[03/21/2008, 17:51:49] - Nothing found! Exiting...


Please advise...



Thanks in advance,

Cestmoi1337
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP