Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 20th, 2008, 1:24am
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   been batteling Vundo for a week now		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: been batteling Vundo for a week now  (Read 1431 times)
perplexing
Newbie
*





   


Posts: 9
been batteling Vundo for a week now
« on: Dec 11th, 2007, 7:28am »		 Quote Quote  Modify Modify
I have been batteling with Vundo for a week now. I have bought and tried all kinds of spyware, trojan removal and anti virus softwares to no avail. I am attaching my last scan as of 5 mins ago by Trojan Hunter in safe mode.  
 
Quarantined file C:\qoobox\Quarantine\C\WINDOWS\system32\tuvuvwx.dll.vir
Quarantined file C:\qoobox\Quarantine\C\WINDOWS\system32\vtuvvwt.dll.vir
Quarantined file C:\qoobox\Quarantine\C\WINDOWS\system32\yayvspm.dll.vir
Unable to clean file C:\qoobox\Quarantine\catchme2007-12-04_180654.84.zip/mljhfgh.dll because it is contained in a Zip or Rar archive
Unable to clean file C:\qoobox\Quarantine\catchme2007-12-04_180654.84.zip/vtstq.dll because it is contained in a Zip or Rar archive
Trojan cleaning finished.
 
I really need some help with this one.  
« Last Edit: Dec 11th, 2007, 7:32am by perplexing » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5517
Re: been batteling Vundo for a week now
« Reply #1 on: Dec 11th, 2007, 8:44am »		 Quote Quote  Modify Modify
Welcome to the forum perplexing.  Cheesy
 
Let's see what we can do to get you cleaned up.
 
1.  Make all your files and folders visible per the procedure in the link below:
 
http://www.misec.net/forum/board/FAQ/1139610900
 
2.  Download and install Hijackthis per the link below:
 
http://www.misec.net/forum/board/FAQ/1163329424
 
3.  Download and install freebie program CCleaner to clean out the temporary junk files from your system.  Run the "Cleaner" component only.  Do not run the registry cleaner component.
 
http://www.ccleaner.com
 
4.  Be sure your trial version of TrojanHunter has the latest rulesets.  Because the Trial Version does not activate the LiveUpdate component, please go to the link below and manually install the latest rulesets.  On extracting, just let the updater overwrite the existing files.
 
http://www.misec.net/trojanhunter/updating/
 
5.  Download ComboFix.exe and save it to your desktop.  DO NOT execute it just yet.
 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
6.  Now reboot your computer into SAFE MODE
 
7.  Search for each of the following files and attempt to delete them.  If you cannot delete one, try the next.
 

tuvuvwx.dll.vir    and/or    tuvuvwx.dll
vtuvvwt.dll.vir    and/or    vtuvvwt.dll
yayvspm.dll.vir    and/or    yayvspm.dll
catchme2007-12-04_180654.84.zip
 
8.  Boot back into Normal Mode.
 
9.  Run CCleaner to clean up the junk again.
 
10.  Double click combofix.exe on your desktop & follow the prompts.  
When finished, it will produce a log for you.  Post the combofix log back here please.  
Note:  
Do not mouseclick combofix's window while it is running. That may cause it to stall.  
 
11.  Run HiJackthis and post the scan log here.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
perplexing
Newbie
*





   


Posts: 9
Re: been batteling Vundo for a week now
« Reply #2 on: Dec 11th, 2007, 10:13am »		 Quote Quote  Modify Modify
hey conman,
 
I have carried out the tasks and here are the results. I have the  full version of TrojanHunter which is purchased two days back. Also, please note that there is a message I wrote among the posts stating what Norton found. I am sorry for the multiple postings but the form will not allow me to post the whole thing in one piece
 
ComboFix 07-12-09.1 - faziz 2007-12-11 10:52:57.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1250 [GMT -5:00]
Running from: C:\Documents and Settings\faziz\Desktop\ComboFix.exe
 * Created a new restore point
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
 
 
(((((((((((((((((((((((((   Files Created from 2007-11-11 to 2007-12-11  )))))))))))))))))))))))))))))))
.
 
2007-12-11 10:41 . 2007-12-11 10:41<DIR>d--------C:\Program Files\CCleaner
2007-12-10 09:05 . 2007-12-10 09:3190,624--a------C:\WINDOWS\system32\JDEAP.DLL
2007-12-07 12:25 . 2007-12-07 12:24102,664--a------C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-07 12:24 . 2007-12-07 16:17<DIR>d--------C:\Documents and Settings\faziz\.housecall6.6
2007-12-07 12:23 . 2007-09-24 23:3169,632--a------C:\WINDOWS\system32\javacpl.cpl
2007-12-07 12:21 . 2007-12-07 12:22<DIR>d--------C:\Program Files\Java
2007-12-07 12:21 . 2007-12-07 12:21<DIR>d--------C:\Program Files\Common Files\Java
2007-12-06 14:44 . 2007-12-06 14:44<DIR>d--------C:\Documents and Settings\faziz\Application Data\TrojanHunter
2007-12-06 12:29 . 2007-12-10 08:02<DIR>d--------C:\Program Files\TrojanHunter 5.0
2007-12-06 08:42 . 2007-12-06 08:42<DIR>d--------C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-04 17:54 . 2007-12-04 17:54<DIR>d--------C:\Documents and Settings\faziz\Application Data\Roxio
2007-12-04 17:20 . 2007-12-04 17:20<DIR>d--------C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-04 17:20 . 2007-10-01 16:24163,640--a------C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-04 17:20 . 2007-10-01 16:2423,864--a------C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-04 17:20 . 2007-10-01 16:2421,816--a------C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-04 17:20 . 2007-10-01 16:2420,280--a------C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-04 17:19 . 2007-12-04 17:19<DIR>d--------C:\Program Files\Webroot
2007-12-04 17:19 . 2007-12-04 17:19<DIR>d--------C:\Documents and Settings\faziz\Application Data\Webroot
2007-12-04 17:19 . 2007-12-04 17:19<DIR>d--------C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-04 17:19 . 2007-10-01 16:401,526,072--a------C:\WINDOWS\WRSetup.dll
2007-12-04 17:18 . 2007-12-04 17:18164--a------C:\install.dat
2007-12-04 12:29 . 2007-12-04 12:29<DIR>d--------C:\Program Files\GiPo@Utilities
2007-12-04 12:29 . 2007-12-04 12:29<DIR>d--------C:\Program Files\Common Files\Gibinsoft Shared
2007-12-04 10:58 . 2006-09-11 10:56526,184--a------C:\WINDOWS\system32\XceedCry.dll
2007-12-04 10:58 . 2006-12-21 14:18497,496--a------C:\WINDOWS\system32\XceedZip.dll
2007-12-04 10:58 . 2004-12-07 09:11258,352--a------C:\WINDOWS\system32\unicows.dll
2007-12-04 10:57 . 2003-05-14 21:07389,120--a------C:\WINDOWS\system32\actskn43.ocx
2007-12-04 08:39 . 2007-12-04 08:39<DIR>d--------C:\Program Files\Enigma Software Group
2007-12-03 10:32 . 2007-12-11 07:52<DIR>d--------C:\Program Files\Spyware Doctor
2007-12-03 10:32 . 2007-12-03 10:32<DIR>d--------C:\Documents and Settings\faziz\Application Data\PC Tools
2007-12-03 10:32 . 2005-09-23 08:29626,688--a------C:\WINDOWS\system32\msvcr80.dll
2007-12-03 10:32 . 2007-10-18 00:1679,688--a------C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-03 10:32 . 2007-10-18 00:1562,280--a------C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-03 10:32 . 2007-10-18 00:1441,288--a------C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-03 10:32 . 2007-10-18 00:1629,000--a------C:\WINDOWS\system32\drivers\kcom.sys
2007-12-03 07:45 . 2007-12-03 07:45<DIR>d--hs----C:\found.000
2007-11-30 12:56 . 2007-11-30 12:56<DIR>d--------C:\Program Files\Lavasoft
2007-11-30 12:56 . 2007-11-30 12:56<DIR>d--------C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 12:56 . 2007-11-30 12:56<DIR>d--------C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-30 09:37 . 2007-11-30 09:37<DIR>d--------C:\Documents and Settings\faziz\Application Data\Grisoft
2007-11-30 09:37 . 2007-05-30 07:1010,872--a------C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-30 09:36 . 2007-11-30 09:36<DIR>d--------C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-29 11:40 . 2007-11-29 11:400--a------C:\WINDOWS\vpc32.INI
2007-11-29 08:23 . 2007-11-29 08:24<DIR>d--------C:\Program Files\ClamWinPortable
2007-11-28 12:18 . 2007-12-03 15:34<DIR>d--------C:\Program Files\efkdkhex
2007-11-28 12:18 . 2007-12-04 17:48<DIR>d--------C:\Program Files\Dpgkoonr
2007-11-28 09:30 . 2007-11-28 09:30<DIR>d--------C:\Program Files\Common Files\Macrovision Shared
2007-11-28 09:30 . 2007-12-04 11:37<DIR>d--------C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-27 16:33 . 2007-11-27 16:33<DIR>d--------C:\WINDOWS\DewberryApps
2007-11-27 16:33 . 2007-11-27 16:33<DIR>d--------C:\Documents and Settings\wstahl\Dewberry
2007-11-27 16:33 . 2007-11-27 16:33<DIR>d--------C:\Documents and Settings\mfriedenthal\Dewberry
2007-11-27 16:33 . 2007-11-27 16:33<DIR>d--------C:\Documents and Settings\faziz\Dewberry
2007-11-27 16:33 . 2007-11-27 16:33<DIR>d--------C:\Documents and Settings\Default User\Dewberry
2007-11-27 16:33 . 2007-11-27 16:33<DIR>d--------C:\Documents and Settings\cellis\Dewberry
2007-11-27 16:33 . 2007-11-27 16:33<DIR>d--------C:\Documents and Settings\BONA\Dewberry
2007-11-14 16:20 . 2006-12-13 10:06<DIR>d---s----C:\Documents and Settings\cellis\UserData
2007-11-14 16:20 . 2007-01-03 10:48<DIR>d--------C:\Documents and Settings\cellis\Application Data\Lavasoft
2007-11-14 07:21 . 2007-11-14 07:21<DIR>d--------C:\Program Files\Tracker Software
2007-11-14 05:18 . 2007-11-14 05:18<DIR>d--------C:\Program Files\RealVNC
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 14:50---------d-----wC:\Program Files\Application Folder
2007-12-11 14:00---------d-----wC:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-11 12:07---------d-----wC:\Program Files\LogMeIn
2007-11-28 15:59---------d--h--wC:\Program Files\InstallShield Installation Information
2007-11-28 14:30---------d-----wC:\Program Files\Common Files\Adobe
2007-11-21 19:0987,352----a-wC:\WINDOWS\system32\LMIinit.dll
2007-11-21 19:0983,288----a-wC:\WINDOWS\system32\LMIRfsClientNP.dll
2007-11-21 19:0923,736----a-wC:\WINDOWS\system32\lmimirr.dll
2007-11-21 19:0921,496----a-wC:\WINDOWS\system32\LMIport.dll
2007-11-21 19:0910,040----a-wC:\WINDOWS\system32\lmimirr2.dll
2007-11-20 18:50---------d-----wC:\Program Files\Google
2007-11-14 18:36167,936----a-wC:\WINDOWS\system32\fbdcnfg.dll
2007-11-12 15:26---------d-----wC:\Program Files\Windows Media Connect 2
2007-11-12 15:26---------d-----wC:\Program Files\Pocket Islam
2007-11-12 15:26---------d-----wC:\Program Files\PackIt 1.1
2007-11-06 13:27---------d-----wC:\Documents and Settings\faziz\Application Data\LimeWire
2007-11-06 13:18---------d-----wC:\Program Files\Microsoft ActiveSync
2007-11-02 16:18---------d-----wC:\Program Files\IrfanView
2007-11-01 19:28---------d-----wC:\Program Files\LimeWire
2007-10-29 12:24---------d-----wC:\Program Files\Nagarro Inc
2007-10-25 19:05---------d-----wC:\Program Files\eFax Messenger 4.3
2007-10-25 19:05---------d-----wC:\Documents and Settings\faziz\Application Data\eFax Messenger
2007-10-25 19:05---------d-----wC:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
2007-10-25 19:05---------d-----wC:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
2007-10-25 15:5423----a-wC:\WINDOWS\Fonts\AdobeFnt.lst
2007-10-22 11:31---------d-----wC:\Program Files\Common Files\Symantec Shared
2007-10-22 11:27---------d-----wC:\Program Files\Pakistan Data Management Services
2007-10-17 14:16---------d-----wC:\Program Files\OW Info
2007-10-17 14:06286,720------wC:\WINDOWS\Setup1.exe
2007-10-17 14:06---------d-----wC:\Program Files\123JulianToDate
2007-10-17 13:46---------d-----wC:\Program Files\Everest Software International
2007-10-11 16:02---------d-----wC:\Documents and Settings\faziz\Application Data\webex
2007-10-11 16:0151,304----a-wC:\WINDOWS\system32\drivers\atnt40k.sys
2007-10-11 16:01202,826----a-wC:\WINDOWS\system32\atasnt40.dll
2004-03-24 15:461,748,917----a-wC:\Program Files\xpsp1DeployTools_en.cab
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-02 11:10]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 21:36]
"SyncMyCal"="C:\Program Files\Nagarro Inc\SyncMyCal\SyncMyCal.exe" [2007-08-09 10:51]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-07-12 12:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 18:26]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-09-27 19:33]
"PDDM"="C:\Program Files\PatchLink\Update Agent\pddm.exe" [2007-01-25 15:32]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 12:21]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"= 0 (0x0)
"RunLogonScriptSync"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-21 14:09 87352 C:\WINDOWS\system32\LMIinit.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-00000000000 0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f 7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003\Extension-Li st]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003\Extension-Li st\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003\GPLink-List]  
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003\Loopback-GPL ink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-1003\Loopback-GPO -List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\Extension-Lis t]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\Extension-Lis t\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\Extension-Lis t\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\Loopback-GPLi nk-List]
« Last Edit: Dec 11th, 2007, 10:18am by perplexing » IP Logged
perplexing
Newbie
*





   


Posts: 9
Re: been batteling Vundo for a week now
« Reply #3 on: Dec 11th, 2007, 10:15am »		 Quote Quote  Modify Modify
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3292650235-2419647484-3825283475-500\Loopback-GPO- List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Extension-List\{ 00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Loopback-GPLink- List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Loopback-GPO-Lis t]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Scripts\Logoff\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Scripts\Logoff\0\0]
"Script"=\\Dewberry.DewberryRoot.local\SysVol\Dewberry.DewberryRoot.loca l\scripts\LogoffScript.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-1506\Scripts\Logon\0\0]
"Script"=\\Dewberry.DewberryRoot.local\SysVol\Dewberry.DewberryRoot.loca l\scripts\Script.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Extension-List]  
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Extension-List\ {00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Loopback-GPLink -List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Loopback-GPO-Li st]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Scripts\Logoff]  
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Scripts\Logoff\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Scripts\Logoff\0\0]
"Script"=\\Dewberry.DewberryRoot.local\SysVol\Dewberry.DewberryRoot.loca l\scripts\LogoffScript.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-19387\Scripts\Logon\0\0]
"Script"=\\Dewberry.DewberryRoot.local\SysVol\Dewberry.DewberryRoot.loca l\scripts\Script.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Extension-List]  
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Extension-List\ {00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Extension-List\ {c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Loopback-GPLink -List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Loopback-GPO-Li st]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Scripts\Logoff]  
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Scripts\Logoff\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Scripts\Logoff\0\0]
"Script"=\\Dewberry.DewberryRoot.local\SysVol\Dewberry.DewberryRoot.loca l\scripts\LogoffScript.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-24641\Scripts\Logon\0\0]
"Script"=\\Dewberry.DewberryRoot.local\SysVol\Dewberry.DewberryRoot.loca l\scripts\Script.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Extension-List]  
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Extension-List\ {00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Extension-List\ {c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Loopback-GPLink -List]
IP Logged
perplexing
Newbie
*





   


Posts: 9
Re: been batteling Vundo for a week now
« Reply #4 on: Dec 11th, 2007, 10:15am »		 Quote Quote  Modify Modify
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Loopback-GPO-Li st]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Scripts\Logoff]  
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Scripts\Logoff\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Scripts\Logoff\0\0]
"Script"=\\Dewberry.DewberryRoot.local\SysVol\Dewberry.DewberryRoot.loca l\scripts\LogoffScript.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-73586283-725345543-50224\Scripts\Logon\0\0]
"Script"=\\Dewberry.DewberryRoot.local\SysVol\Dewberry.DewberryRoot.loca l\scripts\Script.bat
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-10 22:46624248--a------C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 21:2949152--a------C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogEnable]
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 08:001116920--a------C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
 
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys
S3 Listener_NT_Service;JDEdwards OneWorld Client Listener;C:\Program Files\OneWorld Client Listener\OWCListenerLocal.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
 
.
--------------------- DLLs Loaded Under Running Processes ---------------------  
 
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
 
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
************************************************************************ **
 
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 10:57:07
Windows 5.1.2600 Service Pack 2 NTFS
 
detected NTDLL code modification:
ZwClose
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...
 
scanning hidden files ...  
 
scan completed successfully  
hidden files: 0
IP Logged
perplexing
Newbie
*





   


Posts: 9
Re: been batteling Vundo for a week now
« Reply #5 on: Dec 11th, 2007, 10:16am »		 Quote Quote  Modify Modify
************************************************************************ **
.
Completion time: 2007-12-11 10:58:29
C:\ComboFix2.txt ... 2007-12-11 07:39
C:\ComboFix3.txt ... 2007-12-07 09:47
.
--- E O F ---
 
**********************************************
 
 
This is what norton keeps popping up with
 
Scan type:  Auto-Protect Scan
Event:  Security Risk Found!
Risk: Trojan.Vundo
File:  C:\WINDOWS\TEMP\475EB340.qsp
Location:  Unknown Storage
**********************************************
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01, on 2007-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nagarro Inc\SyncMyCal\SyncMyCal.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iww/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://IWW
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PDDM] "C:\Program Files\PatchLink\Update Agent\pddm.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SyncMyCal] "C:\Program Files\Nagarro Inc\SyncMyCal\SyncMyCal.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://IWW
O15 - Trusted Zone: *.cedarcreek
O15 - Trusted Zone: *.deltek
O15 - Trusted Zone: bluesky.dewberry.com
O15 - Trusted Zone: intranet.dewberry.com
O15 - Trusted Zone: vision.dewberry.com
O15 - Trusted Zone: webmail.dewberry.com
O15 - Trusted Zone: www.dewberry.com
O15 - Trusted Zone: *.vision
O15 - Trusted Zone: *.cedarcreek (HKLM)
O15 - Trusted Zone: *.deltek (HKLM)
O15 - Trusted Zone: bluesky.dewberry.com (HKLM)
O15 - Trusted Zone: intranet.dewberry.com (HKLM)
O15 - Trusted Zone: vision.dewberry.com (HKLM)
O15 - Trusted Zone: webmail.dewberry.com (HKLM)
O15 - Trusted Zone: www.dewberry.com (HKLM)
O15 - Trusted Zone: *.vision (HKLM)
O15 - ESC Trusted Zone: http://www.insecure.org
O15 - ESC Trusted Zone: http://www.winpcap.org
O15 - ESC Trusted Zone: http://www.insecure.org (HKLM)
O15 - ESC Trusted Zone: *.ozark.dewberry.dewberryroot.local (HKLM)
O15 - ESC Trusted Zone: http://www.winpcap.org (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wu web_site.cab?1166016317453
O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://www.pakdata.com/download/PDMSInstaller.cab
O16 - DPF: {CAAE28D1-ADCC-11D1-BD4D-004845401881} (Urdu98 Control) - http://www.pakdata.com/download/urduplugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dewberry.DewberryRoot.local
O17 - HKLM\Software\..\Telephony: DomainName = Dewberry.DewberryRoot.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Dewberry.DewberryRoot.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Dewberry.DewberryRoot.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Dewberry.DewberryRoot.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: JDEdwards OneWorld Client Listener (Listener_NT_Service) - Unknown owner - C:\Program Files\OneWorld Client Listener\OWCListenerLocal.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PatchLink Update - PatchLink Corporation - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
IP Logged
perplexing
Newbie
*





   


Posts: 9
Re: been batteling Vundo for a week now
« Reply #6 on: Dec 11th, 2007, 10:27am »		 Quote Quote  Modify Modify
...I forgot to mention that I was unable to find any of the listed files in Safe Mode (Safe Mode with networking).
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5517
Re: been batteling Vundo for a week now
« Reply #7 on: Dec 11th, 2007, 10:49am »		 Quote Quote  Modify Modify
While I am looking things over, would you please check the entries that you have in your "Trusted Sites" in your browser to make sure they are all valid and that you intentionally put them there.
 
Quote:

O15 - Trusted Zone: *.cedarcreek  
O15 - Trusted Zone: *.deltek  
O15 - Trusted Zone: bluesky.dewberry.com  
O15 - Trusted Zone: intranet.dewberry.com  
O15 - Trusted Zone: vision.dewberry.com  
O15 - Trusted Zone: webmail.dewberry.com  
O15 - Trusted Zone: www.dewberry.com  
O15 - Trusted Zone: *.vision  
O15 - Trusted Zone: *.cedarcreek (HKLM)  
O15 - Trusted Zone: *.deltek (HKLM)  
O15 - Trusted Zone: bluesky.dewberry.com (HKLM)  
O15 - Trusted Zone: intranet.dewberry.com (HKLM)  
O15 - Trusted Zone: vision.dewberry.com (HKLM)  
O15 - Trusted Zone: webmail.dewberry.com (HKLM)  
O15 - Trusted Zone: www.dewberry.com (HKLM)  
O15 - Trusted Zone: *.vision (HKLM)  
O15 - ESC Trusted Zone: http://www.insecure.org  
O15 - ESC Trusted Zone: http://www.winpcap.org  
O15 - ESC Trusted Zone: http://www.insecure.org (HKLM)  
O15 - ESC Trusted Zone: *.ozark.dewberry.dewberryroot.local (HKLM)  
O15 - ESC Trusted Zone: http://www.winpcap.org (HKLM)
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
perplexing
Newbie
*





   


Posts: 9
Re: been batteling Vundo for a week now
« Reply #8 on: Dec 11th, 2007, 10:58am »		 Quote Quote  Modify Modify
To be on the safe side I removed them all from the 'safe' zone!
IP Logged
perplexing
Newbie
*





   


Posts: 9
Re: been batteling Vundo for a week now
« Reply #9 on: Dec 11th, 2007, 11:00am »		 Quote Quote  Modify Modify
This thing has caused me so much grief. I purchased Spysweeper, Spydoctor, SpyHunter, TrojanHunter but nothing seems to work. Not to mention stupid Norton!
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5517
Re: been batteling Vundo for a week now
« Reply #10 on: Dec 11th, 2007, 11:06am »		 Quote Quote  Modify Modify
What version of Norton are you running?
 
Nothing is showing visible in your HJT scan log.  So... please do this:
 
1.  Download/install the free version of Superantispyware.  
 
http://www.superantispyware.com
 
2.  Run the Update of Superantispyware to obtain the latest rules.  
 
3.  Reboot your computer into SAFE MODE.
 
4.  Do a full system scan with Superantispyware and let it clean what it finds, if anything.  It is a slow but thorough scanner, so it make take awhile.  
 
5.  Reboot your computer back into normal mode and post the SAS scan log back here.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5517
Re: been batteling Vundo for a week now
« Reply #11 on: Dec 11th, 2007, 12:50pm »		 Quote Quote  Modify Modify
Do you happen to have anything installed on your computer that is related to the program on the link below?
 
http://extensions.pndesign.cz/qsp-file
 
(QSetup Composer PRO)
 
« Last Edit: Dec 11th, 2007, 12:53pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
perplexing
Newbie
*





   


Posts: 9
Re: been batteling Vundo for a week now
« Reply #12 on: Dec 11th, 2007, 3:47pm »		 Quote Quote  Modify Modify
Nope I don't know of anything related to that. Also I did download the software 'Superspyware' and it did not detect anything either. I constatntly getting the alerts from Norton about the vundo files (.dll) being created in the windows temp folder
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5517
Re: been batteling Vundo for a week now
« Reply #13 on: Dec 11th, 2007, 3:51pm »		 Quote Quote  Modify Modify
What version of Norton are you running...NAV 200?  ?  And are you doing a specific task when this occurs?
« Last Edit: Dec 11th, 2007, 3:51pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5517
Re: been batteling Vundo for a week now
« Reply #14 on: Dec 11th, 2007, 4:08pm »		 Quote Quote  Modify Modify
I think Norton may be interfering with the other tools, preventing them from detecting what needs to be removed.  Norton quarantines but does not clean out.  Please try this:
 
1.  Disable Norton AV for "5 hours".  Norton should now be out of the picture.
 
2.  Reboot your computer.
 
4.  Disable all your other security programs EXCEPT your firewall.
 
5.  Now do a Remote Scan with BitDefender.  You need to use IE6 for this because BitDefender needs to download an ActiveX.  The link below is the BitDefender remote scanner.
 
http://www.bitdefender.com/scan8/ie.html
 
BE SURE to scan your entire computer with Bit Defender.  It will remove infections as it scans.
 
6.  After the remote scan is completed, reboot your computer.  Enable Norton and all your other security programs.
 
7.  Post back here the scan log from Bit Defender and a new HJT log
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register