lesser-equity

Computer Juice Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Whatever I do I can't get rid of TROJAN.VUNDO.H

Register Site Spy Member List Donate Unanswered Posts Search Today's Posts Mark Forums Read Forum Rules



Reply
Page 1 of 3 1 23
 
Thread Tools
  #1  
Old 16th Oct 2008, 09:51
Member Group
  
Posts: 19
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
I have tried many times with Malwarebytes to delete the VUNDO.H virus. It prompts to reboot and I run Malwarebytes again only to find it is still on the system. I also have turned off systems restore before starting these.

Thanks for your help!
Attached Files
File Type: txt mbam-log-2008-10-16 (12-33-23).txt (1.2 KB, 70 views)
File Type: txt hijackthis.txt (7.3 KB, 72 views)

  #2  
Old 16th Oct 2008, 11:27
Moderator Group
  
Skill Level: Advanced
Posts: 6,745
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)
  • O2 - BHO: (no name) - {D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE} - c:\windows\system32\digestp.dll
  • O20 - Winlogon Notify: paubftzz - C:\WINDOWS\SYSTEM32\digestp.dll
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download OTMoveIt2 by OldTimer and save it to your Desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.

Code:
[kill explorer]
C:\WINDOWS\SYSTEM32\digestp.dll
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
__________________
  #3  
Old 16th Oct 2008, 12:39
Member Group
  
Posts: 19
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
Well I ran everything you posted. The Hijack went fine and the 2 files are deleted.

The OTMOVEIT2 program - I copied the 4 lines
[kill explorer]
C:\WINDOWS\SYSTEM32\digestp.dll
EmptyTemp
[start explorer

under the yellow bar and selected MOVEIT.

Under the green box the programs said explore killed sucessfully however I got an error dialog box.

Said OTMOVEIT2 OTMOVEIT2.EXE - Bad image

The application or DLL c:\windows\rakxhfy.dll is not a valid windows image. Please check this against your installtion disk.

I had to reboot and OTMOVEIT came up again and I came up with the same error dialog as above. How can I get rid of this OTMOVEIT2 when it reboots. Is there anything else that needs to be done?
  #4  
Old 16th Oct 2008, 12:45
Moderator Group
  
Skill Level: Advanced
Posts: 6,745
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
Yes there is more to do. Don't worry about the error message...

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.
  • Double click on RSIT.exe to run.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • log.txt <will be maximized and info.txt <will be minimized
  • Please post the contents of both logs in the next reply.
__________________
  #5  
Old 16th Oct 2008, 13:26
Member Group
  
Posts: 19
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
log.txt:
Your file of 28.7 KB bytes exceeds the forum's limit of 19.5 KB for this file type. I had to winzip the LOG FILE to get it to you do to cdonstraints of COMPUTER JUICE attachment of files.
Attached Files
File Type: txt info.txt (12.5 KB, 20 views)
File Type: zip ziplog file.zip (7.5 KB, 7 views)
  #6  
Old 16th Oct 2008, 13:34
Member Group
  
Posts: 19
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
LOG FILE

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 136 GB (92%) free of 149 GB
Total RAM: 382 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:33 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6QBVSP54\RSIT[1].exe
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: (no name) - {D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE} - c:\windows\system32\digestp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1211623928390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1211630845500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: paubftzz - C:\WINDOWS\SYSTEM32\digestp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7993 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Automatic Full Backup.job
C:\WINDOWS\tasks\Daily Changed Files.job
C:\WINDOWS\tasks\PEACTREE WEEKLY BACK UP.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-19 308856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-10-16 116088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-04 2554944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll [2008-09-26 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE}]
c:\windows\system32\digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-04 2554944]
ID
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-01-28 98304]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-19 185896]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-18 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-12 344064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-18 51048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\zHotkey.exe [2004-05-17 543232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-09-01 1200178]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
C:\WINDOWS\ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\BigFix.exe [2002-07-31 1742384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\paubftzz]
C:\WINDOWS\system32\digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\WINDOWS\LMI42.tmp\lmi_rescue.exe"="C:\WINDOWS\ LMI42.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4f63278d-8557-11d9-be24-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

======List of files/folders created in the last 1 months======
2008-10-16 15:56:08 ----D---- C:\rsit
2008-10-16 15:19:05 ----D---- C:\_OTMoveIt
2008-10-16 14:07:16 ----D---- C:\Program Files\Panda Security
2008-10-16 13:48:04 ----A---- C:\WINDOWS\system32\CF23987.exe
2008-10-16 13:47:57 ----A---- C:\Bug.txt
2008-10-16 13:20:06 ----D---- C:\VundoFix Backups
2008-10-16 13:20:06 ----A---- C:\VundoFix.txt
2008-10-16 12:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-16 12:25:40 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-16 12:25:39 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-10-16 12:25:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 11:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 11:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 11:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 11:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 11:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 11:08:22 ----D---- C:\WINDOWS\system32\N360_BACKUP
2008-10-16 10:48:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 10:47:42 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-16 10:24:37 ----D---- C:\Program Files\Windows Sidebar
2008-10-16 10:24:06 ----D---- C:\Program Files\Norton 360
2008-10-16 10:22:49 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-15 17:26:20 ----D---- C:\Program Files\NoNAV
2008-10-15 16:41:28 ----D---- C:\SymNoNav
2008-10-15 16:22:38 ----D---- C:\WINDOWS\LMI42.tmp
2008-10-15 15:10:33 ----D---- C:\Program Files\Trend Micro
2008-10-11 12:25:41 ----D---- C:\WINDOWS\Sun
2008-10-11 12:25:41 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2008-10-11 12:00:57 ----D---- C:\Program Files\CCleaner
2008-10-11 11:38:42 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-11 11:38:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 11:38:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
======List of files/folders modified in the last 1 months======
2008-10-16 15:44:12 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-16 15:43:38 ----D---- C:\WINDOWS\Temp
2008-10-16 15:27:24 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-16 15:25:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-16 15:12:27 ----A---- C:\WINDOWS\hpbafd.ini
2008-10-16 15:12:19 ----A---- C:\WINDOWS\system32\NTS5CSET.INI
2008-10-16 15:05:13 ----D---- C:\WINDOWS
2008-10-16 14:13:35 ----D---- C:\WINDOWS\system32\drivers
2008-10-16 14:07:16 ----RD---- C:\Program Files
2008-10-16 14:07:16 ----HD---- C:\WINDOWS\inf
2008-10-16 14:06:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-16 13:49:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-16 13:48:11 ----D---- C:\WINDOWS\system32
2008-10-16 12:26:10 ----SHD---- C:\WINDOWS\Installer
2008-10-16 12:25:12 ----D---- C:\Program Files\Common Files
2008-10-16 11:50:16 ----D---- C:\WINDOWS\Minidump
2008-10-16 11:50:16 ----D---- C:\WINDOWS\Debug
2008-10-16 11:20:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-16 11:20:43 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 11:20:07 ----D---- C:\Program Files\Internet Explorer
2008-10-16 11:19:54 ----D---- C:\WINDOWS\ie7updates
2008-10-16 11:19:07 ----A---- C:\WINDOWS\win.ini
2008-10-16 11:08:11 ----D---- C:\Documents and Settings\Owner\Application Data\Symantec
2008-10-16 11:04:17 ----D---- C:\Program Files\Symantec
2008-10-16 11:01:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-16 10:46:55 ----D---- C:\WINDOWS\Prefetch
2008-10-15 17:42:01 ----D---- C:\Documents and Settings
2008-10-15 15:38:45 ----D---- C:\WINDOWS\WinSxS
2008-10-15 15:38:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-15 14:55:27 ----D---- C:\WINDOWS\system32\Restore
2008-10-15 13:23:32 ----A---- C:\WINDOWS\PCW120.ini
2008-10-15 13:23:22 ----D---- C:\SHAREDAT
2008-10-14 14:58:10 ----D---- C:\Shardata
2008-10-11 11:30:23 ----SHD---- C:\System Volume Information
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-24 08:36:56 ----D---- C:\Program Files\Common Files\Peach
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-09-01 28528]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-08-21 25520]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-18 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\2008101 6.004\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\2008101 6.004\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs \20081014.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-09-01 88800]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 38448]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-04 138680]
R2 InCDsrv;InCD File System Service; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-09-01 798772]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-01-28 172032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe [2004-07-15 32768]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-10-16 1245064]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
  #7  
Old 16th Oct 2008, 13:50
Moderator Group
  
Skill Level: Advanced
Posts: 6,745
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
The digestp.dll is still not gone.

First:

Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\paubftzz]
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa
  • Unzip the file and open the JavaRa.exe
  • Click Remove Older Versions
  • JavaRa will search for and remove any outdated version of Java and remove any that are found.
  • Click Additional Tasks
  • Place a check next to Remove Useless JRE Files and click Go
  • Exit JavaRa
  • Delete the JavaRa files from the Desktop
----------

Suspicious files to scan

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
Code:
C:\WINDOWS\system32\CF23987.exe
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.

----------

After posting the VirSCAN.org results.

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator
  • Under Main: Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

Important: Restart the computer before continuing.
__________________
  #8  
Old 16th Oct 2008, 14:39
Member Group
  
Posts: 19
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
1. Sucess in Fixme.reg

2. Then here are the 2 log files you wanted me to send

A. JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Oct 16 17:23:09 2008
Found and removed: C:\Windows\System32\jpicpl32.cpl
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142000}
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\{7148F0A8-6813-11D6-A77B-00B0D0142000}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D 117AB7000B0D410200
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installe r\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410200
Found and removed: SOFTWARE\Classes\JavaPlugin.142
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
------------------------------------
Finished reporting.

JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Oct 16 17:23:18 2008
------------------------------------
Finished reporting.



B. VirSCAN.org Scanned Report :
Scanned time : 2008/10/16 17:27:59 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : CF23987.exe
File Size : 389120 byte
File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5 : b65faf059812f22a1058ecfcb520e47b
SHA1 : 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Online report : http://virscan.org/report/36cd3be0f2...66947033e.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.16 2008.10.15 2008-10-15 1.54 -
AhnLab V3 ... .. -- 0.18 -
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0.08 -
Antiy 2.0.18 20081016.1488960 2008-10-16 0.12 -
Arcavir 1.0.5 200810161244 2008-10-16 1.23 -
Authentium 5.1.1 200810150216 2008-10-15 1.17 -
AVAST! 3.0.1 081015-0 2008-10-15 0.72 -
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1.68 -
BitDefender 7.60825.1875439 7.21294 2008-10-17 3.13 -
CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5.37 -
ClamAV 0.94 8435 2008-10-17 0.13 -
Comodo 2.11 2.0.0.678 2008-10-16 0.44 -
CP Secure 1.1.0.715 2008.10.17 2008-10-17 6.26 -
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3.41 -
ewido 4.0.0.2 2008.10.16 2008-10-16 2.90 -
F-Prot 4.4.4.56 20081016 2008-10-16 1.19 -
F-Secure 5.51.6100 2008.10.16.09 2008-10-16 3.55 -
Fortinet 2.81-3.113 9.647 2008-10-15 0.23 -
GData 19.1058/19.65 20081016 2008-10-16 2.65 -
ViRobot 20081016 2008.10.16 2008-10-16 0.40 -
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3.99 -
JiangMin 11.0.706 2008.10.16 2008-10-16 1.26 -
Kaspersky 5.5.10 2008.10.16 2008-10-16 0.04 -
KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0.66 -
McAfee 5.3.00 5406 2008-10-15 2.13 -
Microsoft 1.4005 2008.10.16 2008-10-16 3.93 -
mks_vir 2.01 2008.10.16 2008-10-16 2.75 -
Norman 5.93.01 5.93.00 2008-10-16 5.21 -
Panda 9.05.01 2008.10.16 2008-10-16 2.28 -
Trend Micro 8.700-1004 5.604.11 2008-10-16 0.03 -
Quick Heal 9.50 2008.10.16 2008-10-16 1.99 -
Rising 20.0 20.66.32.00 2008-10-16 0.77 -
Sophos 2.79.0 4.34 2008-10-17 1.86 -
Sunbelt 3.1.1728.1 2317 2008-10-16 0.48 -
Symantec 1.3.0.24 20081016.004 2008-10-16 0.05 -
nProtect 2008-10-16.00 2247055 2008-10-16 4.22 -
The Hacker 6.3.1.0 v00116 2008-10-16 0.45 -
VBA32 3.12.8.7 20081016.1009 2008-10-16 1.43 -
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0.99 -
  #9  
Old 16th Oct 2008, 14:41
Moderator Group
  
Skill Level: Advanced
Posts: 6,745
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
__________________
  #10  
Old 16th Oct 2008, 15:11
Member Group
  
Posts: 19
Default Whatever I do I can't get rid of TROJAN.VUNDO.H
ComboFix 08-10-16.01 - Owner 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\jestertb.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-16 16:16 . 2008-10-16 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-16 15:56 . 2008-10-16 16:23 <DIR> d-------- C:\rsit
2008-10-16 15:19 . 2008-10-16 15:19 <DIR> d-------- C:\_OTMoveIt
2008-10-16 14:07 . 2008-10-16 14:07 <DIR> d-------- C:\Program Files\Panda Security
2008-10-16 14:07 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-16 13:20 . 2008-10-16 13:20 <DIR> d-------- C:\VundoFix Backups
2008-10-16 12:26 . 2008-10-16 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-16 12:25 . 2008-10-16 13:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-16 12:25 . 2008-10-16 12:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 12:25 . 2008-10-16 12:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-10-16 11:08 . 2008-10-16 11:08 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP
2008-10-16 10:48 . 2008-10-16 10:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-16 10:47 . 2008-10-16 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-16 10:24 . 2008-10-16 10:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-16 10:24 . 2008-10-16 11:44 <DIR> d-------- C:\Program Files\Norton 360
2008-10-16 10:22 . 2008-10-16 11:04 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-16 10:22 . 2008-10-16 11:04 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-16 10:22 . 2008-10-16 11:04 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-16 10:22 . 2008-10-16 11:04 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-16 10:16 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 10:15 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 10:15 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 10:15 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 10:15 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 10:15 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 10:09 . 2008-10-16 10:10 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-10-15 17:42 . 2004-08-27 05:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-10-15 17:42 . 2005-01-28 05:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-10-15 17:42 . 2005-01-28 05:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-10-15 17:42 . 2008-10-15 17:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-15 17:42 . 2008-10-16 10:09 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-15 17:26 . 2008-10-15 17:26 <DIR> d-------- C:\Program Files\NoNAV
2008-10-15 16:41 . 2008-10-15 17:26 <DIR> d-------- C:\SymNoNav
2008-10-15 16:22 . 2008-10-15 17:27 <DIR> d-------- C:\WINDOWS\LMI42.tmp
2008-10-15 15:10 . 2008-10-15 15:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 13:05 . 2008-10-11 12:33 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-11 12:33 . 2008-10-15 15:21 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-10-11 12:25 . 2008-10-11 12:25 <DIR> d-------- C:\WINDOWS\Sun
2008-10-11 12:00 . 2008-10-11 12:01 <DIR> d-------- C:\Program Files\CCleaner
2008-10-11 11:38 . 2008-10-11 11:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 11:38 . 2008-10-11 11:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-11 11:38 . 2008-10-11 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 11:38 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 11:38 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-23 13:17 . 2008-09-23 13:17 133 --a------ C:\Documents and Settings\All Users\Application Data\ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-16 21:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-16 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-16 15:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-10-16 15:04 --------- d-----w C:\Program Files\Symantec
2008-10-16 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-24 12:36 --------- d-----w C:\Program Files\Common Files\Peach
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-19 10:32 --------- d-----w C:\Program Files\Microsoft Silverlight
2005-10-20 18:06 76 -c----w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2005-05-27 00:43 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2008-05-24 13:39 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052420080 525\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE}]
2004-08-04 15:00 105984 --a------ c:\windows\system32\digestp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 98304]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-06-27 114688]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-04 125624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-09-11 525664]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\paubftzz]
2004-08-04 15:00 105984 C:\WINDOWS\system32\digestp.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2004-11-12 01:10 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-02-18 15:37 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2003-09-01 09:32 1200178 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 15:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 15:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2002-09-13 16:42 212992 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2003-10-31 23:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a--c--- 2004-11-15 19:04 135168 C:\Program Files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2004-05-17 22:30 543232 C:\WINDOWS\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
--a--c--- 2003-09-19 13:09 36864 C:\WINDOWS\ShowWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-11-15 23:20 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboo t.sys [2008-06-19 28544]
R0 shsizubv;shsizubv;C:\WINDOWS\system32\drivers\shsi zubv.sys [2004-08-04 23424]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mo n.sys [2008-07-30 23888]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 38448]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qfbydciq
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4f63278d-8557-11d9-be24-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-12 C:\WINDOWS\Tasks\Automatic Full Backup.job
- C:\Program Files\Stomp\Backup MyPC\System\bestart.exe [2003-10-30 04:10]
2008-10-15 C:\WINDOWS\Tasks\Daily Changed Files.job
- C:\Program Files\Stomp\Backup MyPC\System\bestart.exe [2003-10-30 04:10]
2008-10-11 C:\WINDOWS\Tasks\PEACTREE WEEKLY BACK UP.job
- C:\Program Files\Stomp\Backup MyPC\System\bestart.exe [2003-10-30 04:10]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-ID - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.emachines.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-10-16 17:56:31
ComboFix-quarantined-files.txt 2008-10-16 21:56:27
Pre-Run: 142,914,838,528 bytes free
Post-Run: 142,911,078,400 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
208 --- E O F --- 2008-10-16 15:20:49

Please support this forum, donate towards our running costs.
Reply
Page 1 of 3 1 23

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtumonde.dll, vundo here is my hijack log... mason61391 Virus, Spyware & Security 5 22nd Sep 2008 19:46
Vundo virus has altered things!! Terrano11 Virus, Spyware & Security 1 17th Jul 2008 13:07
A piece of VUNDO history evilfantasy Virus, Spyware & Security 0 10th Jun 2008 14:54
Maybe trojan moyra Virus, Spyware & Security 5 8th Jan 2008 22:55
MSN Trojan mitchbeast Virus, Spyware & Security 9 20th Jun 2007 12:26


Bookmarks
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish

Copyright ©2006 - 2009 Computer Juice.
Contact - Sitemap - Tags - Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.