Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Vundo [RESOLVED]

Started by Ecwilly , Apr 26 2008 05:33 PM

  • This topic is locked This topic is locked

#1
Ecwilly
Posted 26 April 2008 - 05:33 PM

Ecwilly

    Member

  • Member
  • PipPip
  • 12 posts
my anti virus auto protect keeps popping up saying theres 114 trojan.vundo and they are all cleaned by deletion. it's not running slow or anything its running normal besides the auto protect things popping up every 30 minutes.

heres my logfile




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:44 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176101578062
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D54A35E1-3583-4F75-A0E5-215AA1026479}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8925 bytes





heres the open uninstall manager list







2Wire Wireless Client
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Registry Optimizer
Agatha Christie Death on the Nile
AIM 6
Apple Mobile Device Support
Apple Software Update
Big Fish Games Client
Bonjour
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
Dell ResourceCD
Easy CD-DA Extractor 10
Full Tilt Poker
G.H.O.S.T. Hunters: The Haunting of Majesty Manor (remove only)
GameHouse Word Collection
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
iTunes
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
KOMET
LiveUpdate 3.0 (Symantec Corporation)
Mahjong Towers Eternity (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
Mystery Case Files - Ravenhearst (remove only)
Nancy Drew - Legend of the Crystal Skull (remove only)
Nancy Drew: Legend of the Crystal Skull - Strategy Guide (remove only)
One-click Ringtone Converter
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
Panda ActiveScan 2.0
Picasa 2
QuickTime
RealArcade
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Shareaza version 2.2.5.0
SonicStage 3.0
SoundMAX
Sudoku
Symantec AntiVirus
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
URGE
Viewpoint Media Player
Winamp (remove only)
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
XAimer
Yahoo! Messenger
  • 0

Advertisements

#2
greyknight17
Posted 26 April 2008 - 07:57 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
Ecwilly
Posted 27 April 2008 - 12:35 PM

Ecwilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the malwarebytes thing didnt catch anything



heres the the log




Malwarebytes' Anti-Malware 1.11
Database version: 689

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 122277
Time elapsed: 1 hour(s), 22 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





heres the combofix log









ComboFix 08-04-26.5 - Owner 2008-04-27 13:23:02.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.473 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gjxpoeeo.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-20 16:21 . 2008-04-20 16:21 <DIR> d-------- C:\Program Files\Panda Security
2008-04-19 21:29 . 2008-04-19 21:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 23:48 . 2008-04-15 23:56 <DIR> d-------- C:\E-Zsoft
2008-04-15 23:44 . 2008-04-15 23:44 <DIR> d-------- C:\Program Files\E-Zsoft
2008-04-15 13:28 . 2008-04-15 13:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 21:38 . 2008-04-26 17:51 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-04-09 20:13 . 2008-04-09 20:13 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-09 16:37 . 2008-04-09 16:37 <DIR> d-------- C:\Program Files\CP-Autos
2008-04-09 14:27 . 2008-04-27 10:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 14:27 . 2008-04-09 14:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 11:41 . 2008-04-07 11:41 <DIR> d-------- C:\Program Files\Safari
2008-04-07 11:38 . 2008-04-07 11:38 <DIR> d-------- C:\Program Files\iTunes
2008-04-07 11:34 . 2008-04-07 11:35 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 19:08 . 2008-04-06 03:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-05 19:08 . 2008-04-20 16:21 2,195 --a------ C:\WINDOWS\mozver.dat
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 15:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-26 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-15 02:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 14:17 --------- d-----w C:\Program Files\Picasa2
2008-04-09 22:06 --------- d-----w C:\Program Files\Oberon Media
2008-04-09 22:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 16:38 --------- d-----w C:\Program Files\iPod
2008-03-24 14:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 02:21 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-05 20:50 --------- d-----w C:\Program Files\Sony
2008-03-05 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-03-05 02:13 --------- d-----w C:\Program Files\Java
2008-03-04 23:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-04 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-03 03:44 15,360 ----a-w C:\WINDOWS\system32\taskman.exe
2008-03-02 05:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-01 05:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-05-18 04:39 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-09 02:33 68856]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-01-13 15:07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-01-13 14:53 114688]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 23:41 94208]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 10:46 53248]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-04-13 20:45 290905]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE [2008-01-08 20:05:26 335979]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-04-09 02:33:32 124912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-05-16 19:46]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 14:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 15:59:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 13:26:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 13:28:05
ComboFix-quarantined-files.txt 2008-04-27 18:27:50
ComboFix2.txt 2008-04-22 03:30:13

Pre-Run: 119,942,885,376 bytes free
Post-Run: 119,935,336,448 bytes free

127 --- E O F --- 2008-04-11 20:18:11
  • 0

#4
greyknight17
Posted 27 April 2008 - 05:25 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
What's inside this folder? -> C:\Documents and Settings\All Users\Application Data\Microsoft Help

No signs of Vundo files here....does Norton say where it's finding them? Maybe in the system restore?

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should NOT have any open browsers when you are following the procedures below.

Download VundoFix at http://www.atribune..../click.php?id=4 and save it to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files. Click Yes.
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer. Click OK.
- Post the contents of C:\vundofix.txt here.

NOTE: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot. Simply follow the above instructions starting from Click the Scan for Vundo button when VundoFix appears upon rebooting.
  • 0

#5
Ecwilly
Posted 27 April 2008 - 08:08 PM

Ecwilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the vundo program didnt find anything.

how do i find C:\Documents and Settings\All Users\Application Data\Microsoft Help

the symantec antivirus found 114 vundo in

C:\System Volume Information\_restore{1215A786-D1A0-41CB-8DDC-F74E68EB0FDD}\RP4\



and it found 114 vundo in C:\WINDOWS\System32\



and early this morning it found 2 Downloader but it says original location unavailable
  • 0

#6
greyknight17
Posted 29 April 2008 - 08:05 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Does it say what file in the system32 folder is infected?

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Go back and uncheck that same box to enable it back. See if Norton still finds it now.
  • 0

#7
Ecwilly
Posted 29 April 2008 - 08:38 PM

Ecwilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
well the file name is gjxpoeeo.dll and it said the risk was partially removed. i turned off the system restore and then turned it back on but the auto protect things stopped coming up yesterday.
  • 0

#8
greyknight17
Posted 29 April 2008 - 08:51 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That file should have been removed by combofix already. Can you confirm that the file is gone now?

Run Combofix again and post the log here.

What auto protect thing stopped coming up?
  • 0

#9
Ecwilly
Posted 01 May 2008 - 10:56 AM

Ecwilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the symantec antivirus auto protect things would pop up every day saying somthing about 114 vundo but it hasnt done that in a few days now




heres the log


ComboFix 08-04-26.5 - Owner 2008-05-01 11:48:52.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.354 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-29 17:04 . 2008-04-29 17:04 <DIR> d-------- C:\e5132745fc1422f2f04f3612f9c4
2008-04-27 20:30 . 2008-04-27 20:30 <DIR> d-------- C:\VundoFix Backups
2008-04-20 16:21 . 2008-04-20 16:21 <DIR> d-------- C:\Program Files\Panda Security
2008-04-19 21:29 . 2008-04-19 21:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 23:48 . 2008-04-15 23:56 <DIR> d-------- C:\E-Zsoft
2008-04-15 23:44 . 2008-04-15 23:44 <DIR> d-------- C:\Program Files\E-Zsoft
2008-04-15 13:28 . 2008-04-15 13:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 21:38 . 2008-04-30 18:38 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-04-09 20:13 . 2008-04-09 20:13 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-09 16:37 . 2008-04-09 16:37 <DIR> d-------- C:\Program Files\CP-Autos
2008-04-09 14:27 . 2004-11-01 01:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 14:27 . 2008-04-09 14:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 11:41 . 2008-04-07 11:41 <DIR> d-------- C:\Program Files\Safari
2008-04-07 11:38 . 2008-04-07 11:38 <DIR> d-------- C:\Program Files\iTunes
2008-04-07 11:34 . 2008-04-07 11:35 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 19:08 . 2008-04-06 03:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-05 19:08 . 2008-04-20 16:21 2,195 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-15 02:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 14:17 --------- d-----w C:\Program Files\Picasa2
2008-04-09 22:06 --------- d-----w C:\Program Files\Oberon Media
2008-04-09 22:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 16:38 --------- d-----w C:\Program Files\iPod
2008-03-24 14:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 02:21 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-05 20:50 --------- d-----w C:\Program Files\Sony
2008-03-05 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-03-05 02:13 --------- d-----w C:\Program Files\Java
2008-03-04 23:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-04 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-03 03:44 15,360 ----a-w C:\WINDOWS\system32\taskman.exe
2008-03-02 05:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-01 05:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-05-18 04:39 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-27_13.27.33.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 15:56:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-11-01 06:46:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-27 16:00:23 89,616 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-28 12:30:57 89,616 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-27 16:00:23 490,796 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-28 12:30:57 490,796 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-09 02:33 68856]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-01-13 15:07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-01-13 14:53 114688]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 23:41 94208]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 10:46 53248]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-04-13 20:45 290905]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE [2008-01-08 20:05:26 335979]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-04-09 02:33:32 124912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-05-16 19:46]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-28 14:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-30 22:01:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 11:52:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-01 11:53:58
ComboFix-quarantined-files.txt 2008-05-01 16:53:30
ComboFix2.txt 2008-04-27 18:28:06
ComboFix3.txt 2008-04-22 03:30:13

Pre-Run: 120,010,907,648 bytes free
Post-Run: 120,026,615,808 bytes free

130 --- E O F --- 2008-04-11 20:18:11
  • 0

#10
greyknight17
Posted 01 May 2008 - 07:17 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#11
Ecwilly
Posted 01 May 2008 - 09:06 PM

Ecwilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
thanks for your help
  • 0

#12
greyknight17
Posted 03 May 2008 - 01:24 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP