Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

No icons, No start menu... *Edit - now with logs attached!* Help appreciated

  • 09-02-2009 9:55am
    #1
    Registered Users, Registered Users 2 Posts: 842 ✭✭✭


    Hi all,

    Last port of call here before I bring my laptop in somewhere to be fixed. Basically, as the title suggests, when my laptop comes on only the wallpaper is displayed. I can access the taskmanager and from there and msconfig but, of course, nothing happens when I try to launch system restore. I've tried lots of things from the net with no success. Is it worth trying to use that Hijack this yoke? I can load some (basic) programs from msconfig alright.
    Oh yeah, in taskmanager this drwatson32 thing keeps coming up when I try to run something, multiple copies of it it the applications (or processes?) tab.

    Any suggestions would be appreciated, I'm about to give up on it at this stage.

    Thanks

    P.s. It's a Dell Inspiron, not sure of model name, have it about three years. Running Windows XP (sp2 i think:confused:)


Comments

  • Closed Accounts Posts: 22,565 ✭✭✭✭Tallon


    drwatson32 is a trojan, I had it a few years ago.
    Can you boot in safe mode?
    If not, Reinstall windows


  • Closed Accounts Posts: 303 ✭✭R3al


    System restore will not do you any good as these files will be infected also.

    You can get your icons and start menu back by accessing task manager ->file -> new task -> type in explorer.exe

    Do you have any anti virus software? try going into safe mode and running a scan form there, also follow the instructions in the sticky "you think you have a virus"


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    Tallon wrote: »
    drwatson32 is a trojan, I had it a few years ago.
    Can you boot in safe mode?
    If not, Reinstall windows


    Balls..

    Silly question alert: What exactly will reinstalling windows mean for all my "stuff"? As in what will I lose? All the programs I've installed I'd imagine...?

    Thanks for the reply


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    Regards to booting in safe mode: As far as I remember I tried this with no joy.

    Also, I tried to run explorer.exe and nothing happened.

    I'm running AVG 8


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Ignore Tallon's post he doesn't know what he is talking about

    drwatson32 is a windows file, you don't need to format your PC


    Read the Sticky thread and post your HJT Log


  • Advertisement
  • Closed Accounts Posts: 22,565 ✭✭✭✭Tallon


    Ignore Tallon's post he doesn't know what he is talking about

    drwatson32 is a windows file, you don't need to format your PC


    Read the Sticky thread and post your HJT Log

    I know that I did have drwatson32 before, and after a google search, deleted it and it fixed my issue!

    Second, I meant to say Format is a last resort.


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    Hi,

    I went through the suggestions in the sticky. Here are two logs, HiJack this and a malwarebytes one. Any suggestions very much appreciated.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:48:38, on 09/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Brian 1\Desktop\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    F2 - REG:system.ini: Shell=Explorer.exe
    O1 - Hosts: 60.12.193.37 auto.search.msn.com
    O1 - Hosts: 60.12.193.37 auto.search.msn.es
    O1 - Hosts: 60.12.193.37 ie.search.msn.com
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Windows Automatic Update] C:\RECYCLER\S-1-5-21-0382149955-3370416421-116233092-7452\mwau.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-2163025812-1970120947-3472986504-1006\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User '?')
    O4 - HKUS\S-1-5-21-2163025812-1970120947-3472986504-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-2163025812-1970120947-3472986504-1006\..\Run: [Microsoft Windows Automatic Update] C:\RECYCLER\S-1-5-21-0382149955-3370416421-116233092-7452\mwau.exe (User '?')
    O4 - HKUS\S-1-5-21-2163025812-1970120947-3472986504-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [dbuihiuw.exe] C:\WINDOWS\dbuihiuw.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [dbuihiuw.exe] C:\WINDOWS\dbuihiuw.exe (User 'Default user')
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll mhucxr.dll
    --
    End of file - 7695 bytes



    Malwarebytes' Anti-Malware 1.33
    Database version: 1654
    Windows 5.1.2600 Service Pack 2
    09/02/2009 18:21:49
    mbam-log-2009-02-09 (18-21-49).txt
    Scan type: Quick Scan
    Objects scanned: 88441
    Time elapsed: 21 minute(s), 9 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 10
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 109
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\WINDOWS\system32\mhucxr.dll (Trojan.Vundo) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26651737-b586-49a8-93a6-0585cfd14b4d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{26651737-b586-49a8-93a6-0585cfd14b4d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvukhatk -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Data: c:\windows\config\csrss.exe -> Quarantined and deleted successfully.
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\WINDOWS\system32\mhucxr.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\anxkjjss.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssjjkxna.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cknbpgyg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gygpbnkc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\csmyjfmp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmfjymsc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpjlutcv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vctuljpd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eyiwhvxi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ixvhwiye.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fevuuemq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qmeuuvef.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fpuxsyll.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\llysxupf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\girkrlaj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jalrkrig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kbntuqty.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ytqutnbk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kftpkfjd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\djfkptfk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kgpkhdlq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qldhkpgk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lfipqkbx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xbkqpifl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lklorwqa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aqwrolkl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lqdpgkte.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\etkgpdql.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlfmvumf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fmuvmflm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oqhlwxhh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hhxwlhqo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oxeuijsh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hsjiuexo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\prxdenvj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jvnedxrp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pxxpaima.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\amiapxxp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qqijssny.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ynssjiqq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ruqdqhnu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\unhqdqur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sljbpguw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wugpbjls.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svmdrkdw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wdkrdmvs.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ydafmbqq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qqbmfady.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aawnrfiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adygqfvr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\apoctj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtqpOfd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bvxtwz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcCVmkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drjkre.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\etdion.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eyphvy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fkhhmh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fsgaif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ftjuah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gdvvas.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\igiolm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ikmgeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iwijgq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iwxdwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\izdiay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jzuxua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\krihpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljukkr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lsgzay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcfyyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mjufrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mkyzke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mqints.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msyjga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nbqfcp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oiwacd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\olmxpk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pabdcq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rcbjsd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rdhlwq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rnazfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rnsemw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rsnufj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\saiyzh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sakkfs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\shalss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\szjwcs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tadkfi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taqtto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thywom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tsengx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tstiif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tzftso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uakfiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\udjlrt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uqzoko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uwzico.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vyavay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvnykh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUkHATk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxgemw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yinpaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zkwlxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Config\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    few things there

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum.




    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    Hi ActorSeeksWork,

    Thank you very much for your reply.

    Unfortunately, I couldn't get SDfix to work. When I try to start RunThis.bat, the following window opens C:\Windows\system32\cmd.exe (this disappears after a minute or so)

    There is no option to type "Y". (keyboard doesn't respond)

    Instead, multiple copies of drwtsn32.exe are visible in "processes" in taskmanager. These then disappear after a minute or so. (this same thing happens when I try to run some programs)

    Should I now proceed and try Combofix.exe?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    yes go ahead with ComboFix


  • Advertisement
  • Closed Accounts Posts: 303 ✭✭R3al


    Ignore Tallon's post he doesn't know what he is talking about

    drwatson32 is a windows file, you don't need to format your PC


    Are you sure about that? I believe that drwatson.exe and drwtsn32.exe are the microsoft windows files, drwatson32.exe is a known trojan:

    http://www.bleepingcomputer.com/startups/DrWatson32.exe-12989.html

    http://answers.yahoo.com/question/index?qid=20070907222135AAPnnhp

    http://www.symantec.com/security_response/writeup.jsp?docid=2005-022222-5440-99&tabid=2


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    R3al wrote: »

    Just to clarify, drwtsn32.exe is the process I'm seeing.


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    No luck with ComboFix either. Same thing again, hundreds of drwtsn32.exe this time!


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    yes I am sure

    Try this

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".
    2. During the download, rename Combofix to Combo-Fix as follows:

      CF_download_FF.gif

      CF_download_rename.gif

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    7. Double click on combo-Fix.exe & follow the prompts.
    8. When finished, it will produce a report for you.
    9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    thanks, will do this when I get home from work:)


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    yes I am sure

    Try this

    Please download ComboFix from Here or Here to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".
    2. During the download, rename Combofix to Combo-Fix as follows:

      CF_download_FF.gif

      CF_download_rename.gif

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    7. Double click on combo-Fix.exe & follow the prompts.
    8. When finished, it will produce a report for you.
    9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    Hi, no luck there either. I couldn't follow it exactly though. My internet connection isn't running so I'm transferring everything to the desktop via a memory stick (downloaded on another computer). I am then running them via taskmanager. Sorry if this wasn't clear. I also could not disable AVG8 as specified (end process would not work, I can't open the control center as the task bar is also missing so I can't right click the icon)

    Thanks for the help again. Is there a way I could get my internet connection up and running from the taskmanager?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    nope no way

    so you couldn't open ComboFix, or it wouldn't do anything when you opened it ?


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    nope no way

    so you couldn't open ComboFix, or it wouldn't do anything when you opened it ?

    Nothing happens when I double click on it. Multiple instances of drwtsn.exe instead appear under processes in taskmanager. These disappear after about two minutes. Eventually an error message appears (after about 10 minutes) saying "the application failed to initialize".


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    lets try something else

    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any
    "<--- ROOKIT" entries unless advised by a trained Security Analyst

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click NO
    • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
    • Now click the Scan button.
      Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
    • Save it where you can easily find it, such as your desktop.
    Post the contents of GMER.txt in your next reply.


  • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


    Same again.:( The "hourglass" appears for about thirty seconds like something is loading but nothing happens...


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    try it in safe mode, if that fails do this

    Please download ATF Cleaner by Atribune.
      Double-click
    ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browser
      Click
    Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click
    Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.




    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


      Okay, I could only get Malwarebytes to work. And I can't do the online scan because my internet connection isn't working. Here is the log anyway. Thanks for your continued help!


      Malwarebytes' Anti-Malware 1.33
      Database version: 1654
      Windows 5.1.2600 Service Pack 2
      12/02/2009 00:34:48
      mbam-log-2009-02-12 (00-34-48).txt
      Scan type: Quick Scan
      Objects scanned: 71098
      Time elapsed: 17 minute(s), 8 second(s)
      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 4
      Registry Values Infected: 1
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 63
      Memory Processes Infected:
      (No malicious items detected)
      Memory Modules Infected:
      (No malicious items detected)
      Registry Keys Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{420959a7-1b3f-49ee-848e-6de631a39223} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      Registry Values Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows automatic update (Trojan.Agent) -> Quarantined and deleted successfully.
      Registry Data Items Infected:
      (No malicious items detected)
      Folders Infected:
      (No malicious items detected)
      Files Infected:
      C:\WINDOWS\system32\cwoqghbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\cfjduutb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\dscoouvl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ewebyhtl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\oiblrcwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jgprinvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jrkrpuqb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jswyijrm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pdlnlotm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\slcwbpqi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\snekxrmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\svrwbcpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sywakvpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vcwaqvwj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\usgkkfkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\uysiuxjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\dfocgdni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\dyfvsqhs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\fymamxwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ndvbibwn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\oqlymkgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\oykfnofi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\rtsprjhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\gycsxssm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hcdpnxyl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hfepjrey.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\corlvaiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\bqtgolbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wduncbey.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\qdyukigy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\qlkmhhgv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\qnshnwhm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\qqppodid.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vullvyoq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\djiayekf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ppkssuwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\lqdutbqx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nogjmvmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\llsgsrpw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vhvcflio.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\rghfcljn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\rqlsqkdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jbbodvbm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\gmxsstmh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\godlbxqa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ygyjikdm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\yvusubkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\dtpqvcnu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hnnrcydx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\stavakyk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\2RUT8ZKX\aasuper2[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\3RT0PIUW\nddaa[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\ADVYTSTT\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\ADVYTSTT\aasuper0[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\ADVYTSTT\qjgguh[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\ADVYTSTT\islre[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\ADVYTSTT\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\Y5EV6GM3\dnxkllz[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\Y5EV6GM3\aasuper3[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\Y5EV6GM3\vbclmznn[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\Y5EV6GM3\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Brian 1\Local Settings\Temporary Internet Files\Content.IE5\Y5EV6GM3\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\RECYCLER\S-1-5-21-0382149955-3370416421-116233092-7452\mwau.exe (Trojan.Agent) -> Quarantined and deleted successfully.


    6. Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      do this

      Please click here to download AVP Tool by Kaspersky.
      • Save it to your desktop.
      • Reboot your computer into SafeMode.
        You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
        Use your up arrow key to highlight SafeMode then hit enter
        .
      • Double click the setup file to run it.
      • Click Next to continue.
      • It will by default install it to your desktop folder.Click Next.
      • Hit ok at the prompt for scanning in Safe Mode.
      • It will then open a box There will be a tab that says Automatic scan.
      • Under Automatic scan make sure these are checked.

        [*] System Memory
        [*]Startup Objects
        [*]Disk Boot Sectors.
        [*]My Computer.
        [*]Also any other drives (Removable that you may have)
        • Then click on Scan at the to right hand Corner.
        • It will automatically Neutralize any objects found.
        • If some objects are left unneutralized then click the button that says Neutralize all
        • If it says it cannot be Neutralized then chooose The delete option when prompted.
        • After that is done click on the reports button at the bottom and save it to file name it Kas.
        • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

          Note: This tool will self uninstall when you close it so please save the log before closing it.


      • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


        Hi, started this scan yesterday evening, it could take a while to finish. Will report back then. Cheers.


      • Registered Users, Registered Users 2 Posts: 842 ✭✭✭daycent


        Sorry ActorSeeksJob. I've given in and traded the laptop in. After running that last scan, a blue error screen was displayed every time I turned it on. I ran out of patience! I needed to get it sorted one way or the other. The laptop was fairly knackered anyway, there was a problem with the headphone jack which caused intermittent sound, which has been driving me crazy for about..... a year or two:D
        Anyway, thanks for all your help, I'm sure it would have worked out eventually, but I was in a hurry to have a working PC.


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        no problem

        sadly malware is getting more destructive these days


      Advertisement