My Malwarebytes, SuperAntispyware and Hijackthis logs

[karltin]

Hi.

I have been having problems with this borrowed laptop which is why it really needs to be resolved asap. So Im really hoping that someone could help me.

Im running Windows XP Home Edition version 2002 Service Pack 3.

I noticed I had a problem this morning upon opening Internet Explorer, I had continous pop ups and found it impossible to direct to the page i wantes to view. Pc is very very slow also.

Found out i had a Trojan called Vundo. I have managed to delete the virus with Malwarebytes but pc is still very slow.

Lastly, the automatic updates to Windows will not turn on even after changing them manually. I still get the icon with the cross in a red shield on the bottom right taskbar.

Here are my logs from the scans that I have conducted.

View attachment 35902

View attachment 35904

View attachment 35905

Hope someone can help urgently as im very worried.

Thanks in advance.

 

[karltin]

Can someone please help me with this problem?

I have not got a clue what Im doing and its not my computer, Im worried

 

[karltin]

Please Please someone, Please help.

 

[rf6647]

User choice - Ask Jeeves
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

User Choice -
process related to broadband service :
C:\WINDOWS\System32\bcmwltry.exe

This appears to be a broadband service
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9746841-4ED6-46E1-B6B3-DCDAA3F256F7}: NameServer = 212.50.160.100 213.249.130.100

Link to broadband service
http://www.karoo.co.uk/helpandsupport/karoosettings/

Safe Mode > delete file > re-boot (Normal) > verify deletion
O20 - AppInit_DLLs: ukkrau.dll
C:\WINDOWS\system32\ukkrau.dll (Trojan.Vundo.H) -> Delete on reboot.

It is unknown if "ukkrau.dll" was capable of inviting re-infection from other trojans. Re-posting fresh logs may answer this question.

 

[karltin]

Hi! thanks for replying.

Im sorry, but what do I need to do with the first two that you quoted?
I have done another hijackthis scan and deleted the file you told me to delete.

I wasn't sure if you needed the logs for the other 2 as well, but I'll post them as soon as I've done scanning again..

By the way, will any malware be the reason why my autoupdate for Windows can't be turned on?
And also another problem i forgot to mention is that the desktop doesn't load properly. The background image that is set always appears at the start but when the icons on the desktop are up, the image is replaced by a blue screen. I know it's just the desktop but like what I said, this isn't my laptop and I just want everything to go back to the way it was.

Thanks so much.

 

[karltin]

Hi again.
Here are my new logs.

View attachment 35925

View attachment 35926

View attachment 35927

I really appreciate your help. Thanks.

I would just like to add that the autoupdates for Windows is working now. The only problem left is Windows loads too slow at startup (it wasn't this slow before we got the virus), plus the desktop still isn't right.

Im still also scared to use IE coz that's where I got attacked, so I would just want to know if it's safe to use the browser now.

Thanks.

 

[rf6647]

Yes, all 3 logs were requested.

Desktop appearance - manual effort to clean remnants
post by tw0rld

HJT works on the premise of "whitelist". My wording "user choice" signifies that I had no other infomation to recommend an action.

HJT is a powerful tool & many checkmarks can be reversed from the advance menu. o4 checkmarks are reversible. This is an excellent tutorial and it has links to identify essential startup programs [o4].

Your observation about slowness for startup points to o4 entries. [MSConfig] was added.

However, the last HJT log list of running processes was very short! I chose not to question this. Perhaps you used MSconfig to alter the startup.

Following removal of the infection comes cleaning up the tools. Had an expert handled this thread, you would have received guidance. Check other posts.

I posted a message in "Strange Impressions" that references EvilFantasy in another forum. It covers routine maintenance.

 

[karltin]

hi! thanksso much for all the help, I have everything back to normal now