Vundo Removed ? Did It work ?

Crete Monster , Much Thanks again , Hope I am posting in the right place . This is the log for the text with combofix , Thank you , Wendy . ComboFix 08-02-13.2 - Owner 2008-02-14 15:33:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.78 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-14 15:30 . 2008-02-14 15:30 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-13 16:50 . 2008-02-13 16:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-13 16:49 . 2008-02-13 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-12 23:58 . 2008-02-12 23:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-12 16:17 . 2008-02-12 16:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-02-03 22:07 . 2008-02-03 22:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-03 21:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 21:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 21:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-03 19:24 . 2008-02-03 22:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-03 19:23 . 2007-03-29 06:56 409,600 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-03 19:23 . 2007-03-29 06:56 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-03 19:23 . 2007-03-29 06:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-02-03 18:56 . 2008-02-03 23:51 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-17 19:13 . 2008-01-17 19:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-17 19:12 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 21:30 --------- d-----w C:\Program Files\McAfee
2008-02-13 11:52 4,000 ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-12 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-14 20:08 68,080 ----a-w C:\WINDOWS\system32\drvins64.exe
2007-11-14 20:08 120,304 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-14 20:08 118,256 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2005-04-04 21:34 63,248 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-02-08 00:36 795,540 ----a-w C:\Program Files\fishtank.zip
2006-03-30 16:36 307,193 --sha-w C:\WINDOWS\system32\kjllm.bak1
2006-04-07 21:53 512,636 --sha-w C:\WINDOWS\system32\kjllm.bak2
2006-04-07 21:56 505,954 --sha-w C:\WINDOWS\system32\kjllm.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE8B80D7-6640-4C33-893D-BF51CE1DA226}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 03:34 32768]
"Zsjfddf"="C:\WINDOWS\system32\t?skmgr.exe" [2004-08-04 01:56 135680]
"RecordNow!"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-01 01:28 32881]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 17:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-16 21:16 229376]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Inet Delivery"="C:\Program Files\Inet Delivery\inetdl.exe" [ ]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 13:21 198184]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 15:15:28 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-03 18:55:28 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-01 14:49:28 1073152]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-04-01 15:16:45 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

S2 0170261203024713mcinstcleanup;McAfee Application Installer Cleanup (0170261203024713);C:\WINDOWS\TEMP\017026~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 14:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 07:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-13 11:00:07 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 15:38:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-14 15:40:24
ComboFix-quarantined-files.txt 2008-02-14 21:40:15
ComboFix2.txt 2008-02-14 06:29:42
ComboFix3.txt 2008-02-13 06:23:17
.
2008-02-13 11:03:50 --- E O F ---

#1
wirewendy

Posted 14 February 2008 - 03:58 PM

Advertisements

#2
Ztruker

Posted 14 February 2008 - 07:20 PM

#3
wirewendy

Posted 16 February 2008 - 03:46 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us