Hi,
I've had Vundo on my computer for at least a fortnight now and nothing I've tried against it has worked. Help would be much appreciated!
Here's an HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:55, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\DOCUME~1\USER1~1\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\lobweift.dll",forkonce
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: IntelĀ® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 13384 bytes
Sam
Full Version: Vundo Infestation
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Sorry, I meant to post a Combofix log as well - here it is:
ComboFix 07-08-09.6 - "User 1" 2007-08-09 12:39:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.448 [GMT 1:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\USER1~1\Desktop.\internet explorer.lnk
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\fhkmp.tmp
C:\WINDOWS\system32\flshwpcq.dll
C:\WINDOWS\system32\fpibisxf.dll
C:\WINDOWS\system32\fyhjryju.dll
C:\WINDOWS\system32\hgghifc.dll
C:\WINDOWS\system32\irmvuyct.ini
C:\WINDOWS\system32\lobweift.dll
C:\WINDOWS\system32\mvxocncn.dll
C:\WINDOWS\system32\ncncoxvm.ini
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.bak2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\ststv.tmp
C:\WINDOWS\system32\tcyuvmri.dll
C:\WINDOWS\system32\tfiewbol.ini
C:\WINDOWS\system32\uevslisy.dll
C:\WINDOWS\system32\winuns32.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))
2007-08-09 12:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 11:48 75,328 --a------ C:\WINDOWS\system32\ramxemsu.exe
2007-07-26 21:47 <DIR> d-------- C:\Kontiki
2007-07-21 18:27 <DIR> d-------- C:\VundoFix Backups
2007-07-21 14:41 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-21 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-21 14:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-21 14:20 <DIR> d-------- C:\Program Files\Hijack This
2007-07-16 21:06 <DIR> d-------- C:\Program Files\Kaz Guardian Angel
2007-07-16 21:05 286,720 --a------ C:\WINDOWS\iun506.exe
2007-07-16 21:05 <DIR> d-------- C:\Program Files\KAZ (Keyboarding A-Z)
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-09 12:11 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 11:57 --------- d-------- C:\DOCUME~1\USER1~1\APPLIC~1\Skype
2007-08-09 11:46 --------- d-------- C:\DOCUME~1\USER1~1\APPLIC~1\OpenOffice.org2
2007-08-08 21:09 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-08 12:15 --------- d-------- C:\Program Files\Google
2007-08-06 10:10 --------- d-------- C:\Program Files\FlashGet
2007-07-22 15:29 --------- d-------- C:\Program Files\FinePixViewer
2007-07-21 13:13 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-21 13:13 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-21 13:13 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-21 13:13 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-21 13:13 --------- d-------- C:\Program Files\Symantec
2007-07-04 12:43 --------- d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-02 11:29 --------- d-------- C:\Program Files\FileZilla
2007-07-02 10:14 --------- d-------- C:\DOCUME~1\USER1~1\APPLIC~1\Notepad++
2007-07-02 09:54 --------- d-------- C:\Program Files\Notepad++
2007-06-20 21:12 --------- d-------- C:\DOCUME~1\USER1~1\APPLIC~1\FUJIFILM
2007-06-17 19:07 --------- d-------- C:\Program Files\iTunes
2007-06-17 19:07 --------- d-------- C:\Program Files\iPod
2007-06-17 19:05 --------- d-------- C:\Program Files\QuickTime
2007-06-17 18:59 --------- d-------- C:\Program Files\Apple Software Update
2007-06-14 16:47 --------- d-------- C:\Program Files\Kontiki
2007-06-14 16:47 --------- d-------- C:\Program Files\Channel4
2007-05-16 16:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2006-09-09 17:03:06 56 --sh--r C:\WINDOWS\system32\B66633B4CD.sys
2006-11-11 17:07:54 88 --sh--r C:\WINDOWS\system32\CDB43366B6.sys
2006-11-11 17:07:56 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C6177E9-32F5-4D3C-AA77-5985B9F30A32}]
C:\WINDOWS\system32\vtsts.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 13:51]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 01:54 C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-08-31 17:01]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 20:08]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 10:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 19:49]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Documents and Settings\User 1\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-28 10:19:12]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-04-29 19:26:07]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-29 12:04:22]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-11-19 08:18:47]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\USER1~1\LOCALS~1\Temp\2006729111051_mcinfo.exe /insfin
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
R0 iastor;Intel AHCI Controller;C:\WINDOWS\system32\drivers\iastor.sys
R1 ELhid;ELhid;C:\WINDOWS\system32\DRIVERS\ELhid.sys
R1 ELkbd;ELkbd;C:\WINDOWS\system32\DRIVERS\ELkbd.sys
R1 ELmon;ELmon;C:\WINDOWS\system32\DRIVERS\ELmon.sys
R1 ELmou;ELmou;C:\WINDOWS\system32\DRIVERS\ELmou.sys
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ;"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ
R2 Packet;Auto Internet Protocol;C:\WINDOWS\system32\DRIVERS\packet.sys
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 ELacpi;ELacpi;C:\WINDOWS\system32\DRIVERS\ELacpi.sys
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx);C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
R3 sigfilt;sigfilt;C:\WINDOWS\system32\drivers\sigfilt.sys
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ;"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-08-05 17:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-03 19:23:30 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - User 1.job - C:\PROGRA~1\Yahoo!\NAV\Navw32.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 12:53:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-09 12:56:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 12:56
--- E O F ---
Sam
ComboFix 07-08-09.6 - "User 1" 2007-08-09 12:39:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.448 [GMT 1:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\USER1~1\Desktop.\internet explorer.lnk
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\fhkmp.tmp
C:\WINDOWS\system32\flshwpcq.dll
C:\WINDOWS\system32\fpibisxf.dll
C:\WINDOWS\system32\fyhjryju.dll
C:\WINDOWS\system32\hgghifc.dll
C:\WINDOWS\system32\irmvuyct.ini
C:\WINDOWS\system32\lobweift.dll
C:\WINDOWS\system32\mvxocncn.dll
C:\WINDOWS\system32\ncncoxvm.ini
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.bak2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\ststv.tmp
C:\WINDOWS\system32\tcyuvmri.dll
C:\WINDOWS\system32\tfiewbol.ini
C:\WINDOWS\system32\uevslisy.dll
C:\WINDOWS\system32\winuns32.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))
2007-08-09 12:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 11:48 75,328 --a------ C:\WINDOWS\system32\ramxemsu.exe
2007-07-26 21:47 <DIR> d-------- C:\Kontiki
2007-07-21 18:27 <DIR> d-------- C:\VundoFix Backups
2007-07-21 14:41 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-21 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-21 14:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-21 14:20 <DIR> d-------- C:\Program Files\Hijack This
2007-07-16 21:06 <DIR> d-------- C:\Program Files\Kaz Guardian Angel
2007-07-16 21:05 286,720 --a------ C:\WINDOWS\iun506.exe
2007-07-16 21:05 <DIR> d-------- C:\Program Files\KAZ (Keyboarding A-Z)
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-09 12:11 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 11:57 --------- d-------- C:\DOCUME~1\USER1~1\APPLIC~1\Skype
2007-08-09 11:46 --------- d-------- C:\DOCUME~1\USER1~1\APPLIC~1\OpenOffice.org2
2007-08-08 21:09 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-08 12:15 --------- d-------- C:\Program Files\Google
2007-08-06 10:10 --------- d-------- C:\Program Files\FlashGet
2007-07-22 15:29 --------- d-------- C:\Program Files\FinePixViewer
2007-07-21 13:13 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-21 13:13 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-21 13:13 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-21 13:13 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-21 13:13 --------- d-------- C:\Program Files\Symantec
2007-07-04 12:43 --------- d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-02 11:29 --------- d-------- C:\Program Files\FileZilla
2007-07-02 10:14 --------- d-------- C:\DOCUME~1\USER1~1\APPLIC~1\Notepad++
2007-07-02 09:54 --------- d-------- C:\Program Files\Notepad++
2007-06-20 21:12 --------- d-------- C:\DOCUME~1\USER1~1\APPLIC~1\FUJIFILM
2007-06-17 19:07 --------- d-------- C:\Program Files\iTunes
2007-06-17 19:07 --------- d-------- C:\Program Files\iPod
2007-06-17 19:05 --------- d-------- C:\Program Files\QuickTime
2007-06-17 18:59 --------- d-------- C:\Program Files\Apple Software Update
2007-06-14 16:47 --------- d-------- C:\Program Files\Kontiki
2007-06-14 16:47 --------- d-------- C:\Program Files\Channel4
2007-05-16 16:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2006-09-09 17:03:06 56 --sh--r C:\WINDOWS\system32\B66633B4CD.sys
2006-11-11 17:07:54 88 --sh--r C:\WINDOWS\system32\CDB43366B6.sys
2006-11-11 17:07:56 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C6177E9-32F5-4D3C-AA77-5985B9F30A32}]
C:\WINDOWS\system32\vtsts.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 13:51]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 01:54 C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-08-31 17:01]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 20:08]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 10:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 19:49]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Documents and Settings\User 1\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-28 10:19:12]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-04-29 19:26:07]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-29 12:04:22]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-11-19 08:18:47]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\USER1~1\LOCALS~1\Temp\2006729111051_mcinfo.exe /insfin
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
R0 iastor;Intel AHCI Controller;C:\WINDOWS\system32\drivers\iastor.sys
R1 ELhid;ELhid;C:\WINDOWS\system32\DRIVERS\ELhid.sys
R1 ELkbd;ELkbd;C:\WINDOWS\system32\DRIVERS\ELkbd.sys
R1 ELmon;ELmon;C:\WINDOWS\system32\DRIVERS\ELmon.sys
R1 ELmou;ELmou;C:\WINDOWS\system32\DRIVERS\ELmou.sys
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ;"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ
R2 Packet;Auto Internet Protocol;C:\WINDOWS\system32\DRIVERS\packet.sys
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 ELacpi;ELacpi;C:\WINDOWS\system32\DRIVERS\ELacpi.sys
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx);C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
R3 sigfilt;sigfilt;C:\WINDOWS\system32\drivers\sigfilt.sys
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ;"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-08-05 17:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-03 19:23:30 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - User 1.job - C:\PROGRA~1\Yahoo!\NAV\Navw32.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 12:53:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-09 12:56:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 12:56
--- E O F ---
Sam
Hi Sam
To remove the Vundo Virus/Adware/Spyware/Trojan you will need a tool called VundoFix.
This tool will stop the vundo service running and will remove the main body of Vundo before restarting the pc.
You may find that after you have run Vundo and restarted the pc that there is still some infected files.
Don't worry as the virus has been removed and the files just need a quick clean with Lavasoft Ad-Aware 2007.
VundoFix is enclosed in this message for anyone else who needs it.
I had a nightmare of a time finding ways to remove the virus and since I found the VundoFix I've
not had any problems at all. Vundo will not return once you have got rid of it
Admin edit: Attachment removed! Please do not attach exe files for download here. You MAY post a link to the download - explanation will follow in a reply to this post.
To remove the Vundo Virus/Adware/Spyware/Trojan you will need a tool called VundoFix.
This tool will stop the vundo service running and will remove the main body of Vundo before restarting the pc.
You may find that after you have run Vundo and restarted the pc that there is still some infected files.
Don't worry as the virus has been removed and the files just need a quick clean with Lavasoft Ad-Aware 2007.
VundoFix is enclosed in this message for anyone else who needs it.
I had a nightmare of a time finding ways to remove the virus and since I found the VundoFix I've
not had any problems at all. Vundo will not return once you have got rid of it
Admin edit: Attachment removed! Please do not attach exe files for download here. You MAY post a link to the download - explanation will follow in a reply to this post.
@maxx,
I have removed your attachment with a short explanation in the edit.
Thank you for trying to be a help with Vundo and VundoFix is a fine tool, however, do NOT attach the exe file itself as an attachment. There are a number of reasons for this, primarily because the tool is frequently updated by it's author to accomodate new variants and bug fixes occasionally - therefore it is always best to simply post a link to the tool with instructions on how it works, like so:
VundoFix
http://www.atribune.org/content/view/24/2/
This is because Vundo uses random named files and CSLIDs to avoid detection with new variants being released daily, the tool can become quickly outdated. The author of VundoFix, Atribune.org will update the tool and replace the current download with the latest version. It is always recommended to download a fresh copy of the latest version before proceeding.
This is just one reason and we do ask that folks who want to help in these sections of the forum dealing with infections removal, first please get Administrator approval before posting in these "infection" forums to other victim's topics (other than your own, of course). That is because you may be trying to help but inaccurate advice or instructions can actually damage a PC. We have approved, trained volunteers and staff authorized to help in infection removal and repair. You may feel free to assist in any of the other discussion forums regarding Lavasoft software, however, please do not post further in the HijackThis forum, maxx unless you contact me with creditials for authorized infection removals.
See here:
Who Is Helping You?
An Explanation of Member Groups
http://www.lavasoftsupport.com/index.php?showtopic=10637
@SamSampson
Meanwhile ComboFix is also very effective at Vundo Removal and looking at the log of the original poster, may have solved the problem, however, I do see a suspect file in that log I would like to examine further and we also need to see a fresh HijackThis log please if you are still needing assistance SamSampson.
I have removed your attachment with a short explanation in the edit.
Thank you for trying to be a help with Vundo and VundoFix is a fine tool, however, do NOT attach the exe file itself as an attachment. There are a number of reasons for this, primarily because the tool is frequently updated by it's author to accomodate new variants and bug fixes occasionally - therefore it is always best to simply post a link to the tool with instructions on how it works, like so:
VundoFix
http://www.atribune.org/content/view/24/2/
This is because Vundo uses random named files and CSLIDs to avoid detection with new variants being released daily, the tool can become quickly outdated. The author of VundoFix, Atribune.org will update the tool and replace the current download with the latest version. It is always recommended to download a fresh copy of the latest version before proceeding.
This is just one reason and we do ask that folks who want to help in these sections of the forum dealing with infections removal, first please get Administrator approval before posting in these "infection" forums to other victim's topics (other than your own, of course). That is because you may be trying to help but inaccurate advice or instructions can actually damage a PC. We have approved, trained volunteers and staff authorized to help in infection removal and repair. You may feel free to assist in any of the other discussion forums regarding Lavasoft software, however, please do not post further in the HijackThis forum, maxx unless you contact me with creditials for authorized infection removals.
See here:
Who Is Helping You?
An Explanation of Member Groups
http://www.lavasoftsupport.com/index.php?showtopic=10637
@SamSampson
Meanwhile ComboFix is also very effective at Vundo Removal and looking at the log of the original poster, may have solved the problem, however, I do see a suspect file in that log I would like to examine further and we also need to see a fresh HijackThis log please if you are still needing assistance SamSampson.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.