Problem with Vundo and Trojan-Downloader.Delf [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Problem with Vundo and Trojan-Downloader.Delf [RESOLVED], All Logs Contained Herein

Options

NegativeZero View Member Profile	Jul 12 2008, 09:19 PM Post #1
New Member Posts: 5 OS: Windows XP	Hi, I'm needing help fully cleaning my PC of its malware, viruses, spyware, etc. This all started when I downloaded a video codec and then my Norton Antivirus detected Vundo and then later Trojan-Downloader.Delf. It told me it removed them, but that was obviously not the case, as all of my ads began getting hijacked left and right, grinding Internet Explorer and Firefox to a halt. It also apparently slowed my computer's performance as well, especially when booting up. Below are all the logs for everything I was supposed to run. Prior to running the logs below I ran VundoFix. Things seem to be a bit better, but I want to make relatively sure that I'm clean. Any help would be greatly appreciated. Thanks. Malwarebytes' Anti-Malware 1.20 Database version: 942 Windows 5.1.2600 Service Pack 2 2:54:21 PM 7/12/2008 mbam-log-7-12-2008 (14-54-21).txt Scan type: Quick Scan Objects scanned: 43892 Time elapsed: 6 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\qoMfcAqO.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b691b8dc-79ba-441d-b60e-e301df32dd72} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b691b8dc-79ba-441d-b60e-e301df32dd72} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e4b35dcd (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bme7806e51 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\pnVes01 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\qoMfcAqO.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\OqAcfMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\OqAcfMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pyvrhiru.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\BMe7806e51.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMe7806e51.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. SUPERAntiSpyware Scan Log Generated 07/12/2008 at 05:53 PM Application Version : 3.6.1000 Core Rules Database Version : 3503 Trace Rules Database Version: 1494 Scan type : Complete Scan Total Scan Time : 02:17:29 Memory items scanned : 737 Memory threats detected : 0 Registry items scanned : 7010 Registry threats detected : 0 File items scanned : 102992 File threats detected : 1 Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\MCRH.TMP Panda ;***************************************************************************** ****************************************************************************** * ***************** ANALYSIS: 2008-07-12 21:18:16 PROTECTIONS: 2 MALWARE: 8 SUSPECTS: 0 ;*************************************************************************** ****************************************************************************** * ***************** PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Norton Antivirus 2007 14.2.0.29 No Yes Windows Defender 1.1.3704.0 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00055151 V6000 Virus No 0 No No C:\Documents and Settings\Matt\Application Data\SecondLife\cache\textures\d\dc8aada2-3dc3-fb4b-246d-9fb5c7766c8c 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Matt\Cookies\matt@atdmt[1].txt 01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0068542.exe[327882R2FWJFW\NirCmdC.cfexe] 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0068617.EXE 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0068591.sys 02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0061466.dll 02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0061468.dll 02936975 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP664\A0062609.dll 02936976 Adware/AntiSpywareMaster Adware No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP664\A0062608.dll ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location H ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description H ;=============================================================================== ================================================================================ = =================== 108742 MEDIUM MS06-006 H ;=============================================================================== ================================================================================ = =================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:14:21 PM, on 7/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\DOCUME~1\Matt\LOCALS~1\Temp\clclean.0001 C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Creative\VoiceCenter\AndreaVC.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\stsystra.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Folding@Home\winFAH.exe C:\Program Files\IntelliScanner Portable Driver\IntelliScannerPortable.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Folding@Home\FahCore_78.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.170.113.182:80 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {82336A8D-6CD0-4647-B791-75FCA8CF2B39} - C:\WINDOWS\system32\opnommlL.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {2c26e07e-786e-7778-5e44-a7ac803030fc} - {cf030308-ca7a-44e5-8777-e687e70e62c2} - C:\WINDOWS\system32\rtenig.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ShowLOMControl] O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Folding@Home 5.03.lnk = ? O4 - Startup: IntelliScanner Portable Driver.lnk = C:\Program Files\IntelliScanner Portable Driver\IntelliScannerPortable.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188228536156 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188228524796 O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: opnommlL - opnommlL.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel� PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel� PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel� PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel� PROSet/Wireless SSO Service (WLANKEEPER) - Intel� Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 16630 bytes UNINSTALL LIST @promt Standard EGGE Ad-Aware Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.2 Adobe Shockwave Player AIM 6 AIMTunes America Online (Choose which version to remove) Andrea VoiceCenter AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services AOLIcon APC PowerChute Personal Edition AppCore Apple Mobile Device Support Apple Software Update Asf Seek Maker 2.0 AV Bible Explorer 4 Download Edition BibleWorks 7 Broadcom Management Programs ccCommon Conexant HDA D110 MDC V.92 Modem Corel Paint Shop Pro X Corel Photo Album 6 Creative MediaSource Dell Digital Jukebox Driver Dell Game Console Dell Support Center DellSupport Digital Content Portal Digital Line Detect DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Documentation & Support Launcher DVDx EarthLink setup files EducateU ELIcon ESPNMotion Flickr Uploadr 2.5.0.14 Folding@Home Form Fill (Windows Live Toolbar) Games, Music, & Photos Launcher Garmin WebUpdater GRE POWERPREP High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix 2050 for SQL Server 2000 ENU (KB948110) Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB928388) Hotfix for Windows XP (KB929120) Intel® PROSet/Wireless Software IntelliScanner Portable Driver 1.1 IntelliScanner Software Internal Network Card Power Management Internet Worm Protection IRISPen translator Express 5.8 iTunes Java 2 Runtime Environment, SE v1.4.2_03 Keyspan USB Serial Adapter L&H TTS3000 Deutsch Lernout & Hauspie TruVoice American English TTS Engine LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Logitech Harmony Remote Software 7 Malwarebytes' Anti-Malware Map Button (Windows Live Toolbar) mCore mDriver mDrWiFi mHlpDell Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft LifeCam Microsoft National Language Support Downlevel APIs Microsoft Office Outlook 2003 with Business Contact Manager Update Microsoft Office Small Business Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) Microsoft User-Mode Driver Framework Feature Pack 1.0 mIWA mLogView mMHouse Modem Helper Mozilla Firefox (2.0.0.14) MP3 WAV Converter 2.68 mPfMgr mPfWiz mProSafe mSSO MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Musicmatch for Windows Media Player Musicmatch� Jukebox mWlsSafe mWMI mXML MySpaceIM mZConfig NetWaiting Norton AntiVirus Norton AntiVirus (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center NVIDIA Drivers OneCare Advisor (Windows Live Toolbar) Panda ActiveScan 2.0 Popup Blocker (Windows Live Toolbar) PowerDVD 5.7 QuickSet QuickTime RealPlayer Remote Control USB Driver Rockstar Custom Tracks 1.0 SecondLife (remove only) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) SigmaTel Audio Skype� 3.8 Smart Menus (Windows Live Toolbar) Sonic Audio module Sonic Copy Module Sonic DLA Sonic Encoders Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Data Sonic Update Manager Sound Blaster ADVANCED MB Drivers Sound Blaster Audigy ADVANCED MB Sound Blaster Audigy ADVANCED MB Product Registration SPBBC 32bit SpyderTV StyleEase for Seminary Style SUPERAntiSpyware Free Edition Symantec Symantec KB-DocID:2003093015493306 Synaptics Pointing Device Driver Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB925876) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update Rollup 2 for Windows XP Media Center Edition 2005 Viewpoint Media Player WebCyberCoach 3.2 Dell WebMon WildTangent Web Driver Windows Defender Windows Defender Signatures Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) Windows Imaging Component Windows Internet Explorer 7 Windows Live Favorites for Windows Live Toolbar Windows Live Messenger Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890927 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 WinRAR archiver Yahoo! Install Manager Yahoo! Messenger Yahoo! Toolbar This post has been edited by NegativeZero**: Jul 12 2008, 09:22 PM

Posts in this topic

NegativeZero Problem with Vundo and Trojan-Downloader.Delf [RESOLVED] Jul 12 2008, 09:19 PM

Rorschach112 Hello Please visit this web page for instructions... Jul 13 2008, 06:18 AM

NegativeZero Thank you for your help. ComboFix 08-07-12.2 - M... Jul 13 2008, 08:02 AM

Rorschach112 Hello 1. Close any open browsers. 2. Open notepa... Jul 13 2008, 10:40 AM

NegativeZero Thank you for your continued help! ComboFix... Jul 13 2008, 02:46 PM

Rorschach112 Hello Please do an online scan with Kaspersky We... Jul 13 2008, 02:49 PM

NegativeZero Here's the latest you asked for. ----------... Jul 13 2008, 06:20 PM

Rorschach112 Your logs are clean Follow these steps to uninsta... Jul 14 2008, 09:07 AM

NegativeZero Thank you so much for all of your help!!... Jul 14 2008, 09:11 AM

Rorschach112 Since this issue appears to be resolved ... this T... Jul 14 2008, 04:28 PM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Problem With Vundo and others possibly [RESOLVED]	20 / 1,714	21st July 2007 - 06:01 AM m8edy started - last by Essexboy
Virus, Spyware and Trojan Removal Please help with removal of Trojan Downloader.Delf.12.AN [RESOLVED]	16 / 989	15th July 2008 - 03:06 AM HelpforNate started - last by kahdah
Virus, Spyware and Trojan Removal Request with help removing Win32.trojan downloader.delf [RESOLVED]	24 / 1,000	28th August 2008 - 03:12 AM btrentler started - last by Mike
Virus, Spyware and Trojan Removal Trojan.Virtumonde and Trojan-Downloader.Agent [RESOLVED]	10 / 646	8th December 2008 - 10:29 AM Kirah started - last by Rorschach112