Please look and help

[siedog]

Hello,

I just got a popup that my anti-virus caught and mentioned the vundo virus. I tried to clean it and it closed all my browsers. I ran spybot and it found a couple of things and cleaned it, but had to reboot to clean a file it said was still in memory. When it scanned when rebooting, it said it didn't find anything. I'm posting this HJT log to see if in fact everything is ok as I am very cautious since awhile back my computer was infected badly and one of your techs helped clean it up. Any help appreciated.

 

[tomrca]

your log looks ok apart from one or two unnecessary items.
when you done your scan did you switch off restore and empty all quarantine folders etc.
..momok will most likely get back to you with more info, but i would be best if you posted the logs from combofix,vundofix avg rootkit and antispyware as well as your hjt

 

[siedog]

Thanks for the response. I just ran spybot and purged the backup files from my system. I didn't run virus scan as it takes a very long time and don't want to do it if unnecesary. If there are unneccesary files in the HJT log, should I remove them?

 

[momok]

Hi,

For one thing, I would have to say Yahoo toolbars and all other kind of browser helpers are quite unnecessary and should be uninstalled completely. It is upto you to fix those though.

Go to Start > Run > type services.msc and press enter.
Disable the following services. (They can all be start up manuall when you need them.)
popcast
RoxioDragToDisc
RoxioAudioCentral
QuickTime Task
projselector
iTunesHelper

Fix these in HijackThis:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKCU\..\Run: [popcast] "C:\Program Files\Popcast\popcast.exe" -boot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

I also notice you have no firewall running on your system (!) Please download one to use.
Here are some recommended firewalls. Please use one and only one. Using more than one is not recommended as it will hog your system resources.
Zonealarm
Kerio
Comodo


Regards,
Your friendly momok =)

This thread is for the use of siedog only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.