Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 3:34am
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Vundo Infected		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Vundo Infected  (Read 139 times)
gimp1967
Newbie
*





   


Posts: 7
Vundo Infected
« on: Apr 16th, 2008, 12:49pm »		 Quote Quote  Modify Modify
ComboFix 08-04-15.5 - me 2008-04-16 13:09:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1036 [GMT -4:00]
Running from: C:\Users\me\Desktop\ComboFix.exe
 * Created a new restore point
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Users\me\AppData\Roaming\inst.exe
C:\WINDOWS\System32\NpXIkUvw.ini
C:\WINDOWS\System32\NpXIkUvw.ini2
C:\Windows\system32\opnolMCu.dll
C:\Windows\system32\wvUkIXpN.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-03-16 to 2008-04-16  )))))))))))))))))))))))))))))))
.
 
2008-04-16 12:58 . 2008-04-16 12:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-16 12:34 . 2008-04-16 12:34 <DIR> d-------- C:\Program Files\CCleaner
2008-04-15 17:38 . 2008-04-15 17:38 <DIR> d-------- C:\Users\me\AppData\Roaming\Sahmon Games
2008-04-11 11:53 . 2008-04-11 11:53 <DIR> d-------- C:\Program Files\ffdshow
2008-04-10 16:53 . 2008-04-10 16:53 <DIR> d-------- C:\Program Files\3DGroove
2008-04-09 16:25 . 2008-04-09 16:25 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Music
2008-04-08 16:43 . 2008-04-08 16:43 <DIR> d-------- C:\Program Files\Virtools
2008-04-08 13:43 . 2008-04-08 13:43 <DIR> d-------- C:\Program Files\APC
2008-04-03 16:22 . 2008-04-03 16:23 <DIR> d-------- C:\Program Files\QuickTime
2008-04-01 17:24 . 2008-04-01 17:24 <DIR> d-------- C:\Users\me\AppData\Roaming\ACD Systems
2008-04-01 15:24 . 2008-04-01 15:24 <DIR> d-------- C:\Users\All Users\ACD Systems
2008-04-01 15:24 . 2008-04-01 15:24 <DIR> d-------- C:\ProgramData\ACD Systems
2008-04-01 15:24 . 2008-04-01 15:24 <DIR> d-------- C:\Program Files\ACD Systems
2008-04-01 15:04 . 2008-04-01 15:24 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-03-31 20:39 . 2008-03-31 20:39 <DIR> d-------- C:\Users\me\AppData\Roaming\ICAClient
2008-03-31 20:36 . 2008-03-31 20:36 <DIR> d-------- C:\Program Files\Citrix
2008-03-29 13:02 . 2008-04-08 14:45 <DIR> d-------- C:\Program Files\HollywoodPoker
2008-03-27 21:59 . 2008-03-27 21:59 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-27 21:59 . 2008-03-27 21:59 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-27 21:59 . 2008-03-27 21:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-27 21:58 . 2008-03-27 21:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 13:00 . 2008-04-10 14:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-21 23:25 . 2008-03-21 23:25 <DIR> d-------- C:\Users\me\AppData\Roaming\Canon
2008-03-20 13:26 . 2008-04-05 12:20 <DIR> d-------- C:\Users\me\AppData\Roaming\dvdcss
2008-03-19 12:25 . 2008-03-19 12:25 <DIR> d-------- C:\Users\me\AppData\Roaming\vlc
2008-03-19 11:21 . 2008-03-19 11:21 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-18 19:05 . 2008-03-18 19:05 <DIR> d-------- C:\Program Files\7-Zip
2008-03-18 13:46 . 2008-03-18 13:46 <DIR> d-------- C:\Users\me\AppData\Roaming\WildTangent
2008-03-18 13:30 . 2008-03-18 13:30 <DIR> d-------- C:\Program Files\TheWeatherNetwork
2008-03-17 16:54 . 2008-03-17 16:54 <DIR> d-------- C:\Users\me\AppData\Roaming\Apple Computer
2008-03-17 16:53 . 2008-03-17 16:54 <DIR> d-------- C:\Program Files\iTunes
2008-03-17 16:53 . 2008-03-17 16:53 <DIR> d-------- C:\Program Files\iPod
2008-03-17 16:53 . 2008-03-17 16:53 <DIR> d-------- C:\Program Files\Bonjour
2008-03-17 16:52 . 2008-03-17 16:53 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-03-17 16:52 . 2008-03-17 16:53 <DIR> d-------- C:\ProgramData\Apple Computer
2008-03-17 16:52 . 2008-03-17 16:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-17 16:51 . 2008-03-17 16:51 <DIR> d-------- C:\Users\All Users\Apple
2008-03-17 16:51 . 2008-03-17 16:51 <DIR> d-------- C:\ProgramData\Apple
2008-03-17 16:51 . 2008-03-17 16:51 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-17 16:40 . 2008-03-17 16:40 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-03-17 16:02 . 2008-03-17 16:05 <DIR> d-------- C:\Users\me\AppData\Roaming\Darwin
2008-03-17 14:12 . 2008-03-17 14:12 <DIR> d-------- C:\Program Files\Google
2008-03-17 14:09 . 2008-04-16 10:30 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-03-17 12:20 . 2008-03-17 12:20 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Pictures
2008-03-17 12:13 . 2008-03-17 12:14 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Documents
2008-03-16 22:29 . 2008-03-16 22:29 <DIR> d-------- C:\Users\me\AppData\Roaming\PlayFirst
2008-03-16 22:29 . 2008-03-16 22:29 <DIR> d-------- C:\Users\All Users\PlayFirst
2008-03-16 22:29 . 2008-03-16 22:29 <DIR> d-------- C:\ProgramData\PlayFirst
2008-03-16 22:27 . 2008-03-16 22:27 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-03-16 22:27 . 2008-03-16 22:27 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-16 22:27 . 2008-03-16 22:30 <DIR> d-------- C:\Program Files\Windows Live
2008-03-16 22:27 . 2008-03-16 22:30 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-16 22:20 . 2008-03-16 22:20 <DIR> d-------- C:\Program Files\UltraISO
2008-03-16 22:20 . 2008-03-16 22:20 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-03-16 22:16 . 2008-04-16 10:25 <DIR> d-------- C:\Users\me\AppData\Roaming\Vso
2008-03-16 22:16 . 2008-03-16 22:16 <DIR> d-------- C:\Program Files\VSO
2008-03-16 22:16 . 2008-03-16 22:16 47,360 --a------ C:\Users\me\AppData\Roaming\pcouffin.sys
2008-03-16 22:04 . 2008-03-16 22:04 <DIR> d-------- C:\Users\me\AppData\Roaming\Logitech
2008-03-16 22:01 . 2008-03-16 22:01 <DIR> d-------- C:\Users\me\AppData\Roaming\InstallShield
2008-03-16 21:29 . 2008-04-16 10:30 <DIR> d-------- C:\Program Files\The KMPlayer
2008-03-16 21:18 . 2008-03-28 19:39 <DIR> d-------- C:\Users\me\AppData\Roaming\OpenOffice.org2
2008-03-16 21:14 . 2008-03-16 21:14 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-16 21:02 . 2008-04-16 13:23 <DIR> d-------- C:\Users\me\AppData\Roaming\uTorrent
2008-03-16 21:02 . 2008-03-16 21:02 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-03-16 21:02 . 2008-03-16 21:02 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-03-16 21:02 . 2008-03-16 21:05 <DIR> d-------- C:\Program Files\uTorrent
2008-03-16 21:00 . 2008-03-16 21:00 <DIR> d--h----- C:\Program Files\CanonBJ
2008-03-16 20:55 . 2008-03-27 21:53 <DIR> d-------- C:\Users\me\AppData\Roaming\Winamp
2008-03-16 20:55 . 2008-03-27 21:53 <DIR> d-------- C:\Program Files\Winamp
2008-03-16 20:54 . 2008-03-17 17:30 <DIR> d-------- C:\Program Files\Java
2008-03-16 20:53 . 2008-03-16 20:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-16 20:52 . 2008-04-13 21:27 <DIR> d-------- C:\Users\All Users\Adobe
2008-03-16 20:51 . 2008-04-07 16:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-16 20:42 . 2008-03-16 20:42 <DIR> d-------- C:\Program Files\Tasty Planet
2008-03-16 20:42 . 2008-03-16 20:42 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-03-16 20:31 . 2008-03-16 20:35 <DIR> d-------- C:\Users\All Users\PopCap Games
2008-03-16 20:31 . 2008-03-16 20:35 <DIR> d-------- C:\ProgramData\PopCap Games
2008-03-16 20:31 . 2008-03-16 20:35 <DIR> d-------- C:\Program Files\PopCap Games
2008-03-16 20:25 . 2008-03-16 20:25 <DIR> d-------- C:\Users\me\AppData\Roaming\XemiComputers
2008-03-16 20:25 . 2008-03-16 20:25 <DIR> d-------- C:\Users\All Users\XemiComputers
2008-03-16 20:25 . 2008-03-16 20:25 <DIR> d-------- C:\ProgramData\XemiComputers
2008-03-16 20:25 . 2008-03-16 20:25 <DIR> d-------- C:\Program Files\XemiComputers
2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\Users\me\AppData\Roaming\eMule
2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\Users\All Users\eMule
2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\ProgramData\eMule
2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\Program Files\eMule
2008-03-16 19:16 . 2008-03-16 19:16 <DIR> d-------- C:\Users\me\AppData\Roaming\TrojanHunter
2008-03-16 18:59 . 2008-03-16 20:01 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-03-16 18:59 . 2008-03-16 20:01 <DIR> d-------- C:\ProgramData\NVIDIA
2008-03-16 18:51 . 2008-03-16 22:01 <DIR> d-------- C:\Users\All Users\Logitech
2008-03-16 18:51 . 2008-03-16 19:01 <DIR> d-------- C:\Users\All Users\Logishrd
2008-03-16 18:51 . 2008-03-16 22:01 <DIR> d-------- C:\ProgramData\Logitech
2008-03-16 18:51 . 2008-03-16 19:01 <DIR> d-------- C:\ProgramData\Logishrd
2008-03-16 18:51 . 2008-03-16 22:01 <DIR> d-------- C:\Program Files\Logitech
2008-03-16 18:46 . 2008-03-16 22:02 <DIR> d-------- C:\Program Files\Common Files\logishrd
2008-03-16 18:22 . 2008-03-16 18:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-16 18:10 . 2008-03-16 18:10 <DIR> d-------- C:\Program Files\Click-N-Type
2008-03-16 17:55 . 2008-04-16 10:31 <DIR> dr------- C:\Users\me\Searches
2008-03-16 17:55 . 2008-04-16 10:31 <DIR> dr------- C:\Users\me\Contacts
2008-03-16 17:49 . 2008-03-16 17:55 <DIR> d-------- C:\Users\me\AppData\Roaming\Hewlett-Packard
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 17:21 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2008-04-16 14:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-16 14:30 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-16 14:30 --------- d-----w C:\Program Files\Microsoft Works
2008-04-10 21:50 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-04-10 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-04-10 19:28 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-10 19:28 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-10 19:28 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 19:28 --------- d-----w C:\Program Files\Windows Journal
2008-04-10 19:28 --------- d-----w C:\Program Files\Windows Defender
2008-04-10 19:28 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-10 19:28 --------- d-----w C:\Program Files\Windows Calendar
2008-04-10 19:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-10 19:05 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-08 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-08 17:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-25 20:15 50,536 ----a-w C:\Windows\system32\drivers\WpsHelper.sys
2008-03-25 00:08 --------- d-----w C:\ProgramData\Symantec
2008-03-18 17:49 --------- d-----w C:\ProgramData\WildTangent
2008-03-17 02:59 --------- d-----w C:\Program Files\Yahoo!
2008-03-17 02:52 --------- d-----w C:\Program Files\Roxio
2008-03-17 02:52 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-03-17 02:51 --------- d-----w C:\Program Files\Real
2008-03-17 02:51 --------- d-----w C:\Program Files\Common Files\Real
2008-03-17 02:16 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-03-17 02:03 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-03-17 00:04 806 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-17 00:04 136,496 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-17 00:04 10,652 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-17 00:04 --------- d-----w C:\Program Files\Symantec
2008-03-16 22:06 1,857 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_RY880AAR-ABA a6077c_YC_0Pavi_QMX2714_E72NAv3PrA2_49_ILEONITE_SASUSTek Computer INC._V5.00_B5.17_T070420_WUH0_L409_M2046_J204_7Intel_8Core2 4400_92_#070802_N808627DC_Z14F12F20_G10DE01DD.MRK
2008-03-16 21:55 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-16 21:44 --------- d-sh--w C:\ProgramData\Templates
2008-03-16 21:44 --------- d-sh--w C:\ProgramData\Start Menu
2008-03-16 21:44 --------- d-sh--w C:\ProgramData\Favorites
2008-03-16 21:44 --------- d-sh--w C:\ProgramData\Documents
2008-03-16 21:44 --------- d-sh--w C:\ProgramData\Desktop
2008-03-16 21:44 --------- d-sh--w C:\ProgramData\Application Data
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-19 08:24 7,808 ----a-w C:\Windows\system32\drivers\psi_mf.sys
2008-01-25 07:55 229,376 ----a-w C:\Windows\System32\UCI32M27.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-19 06:06 8,147,456 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
.
« Last Edit: Apr 16th, 2008, 12:59pm by gimp1967 » IP Logged
gimp1967
Newbie
*





   


Posts: 7
Re: Vundo Infected
« Reply #1 on: Apr 16th, 2008, 1:00pm »		 Quote Quote  Modify Modify
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-16 21:02 219952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 20:15 221184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-02-01 16:17 4487064]
"Rainlendar2"="E:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 06:23 1365504]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 15:39 151552]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\WINDOWS\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 15:15 115560]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 20:15 81920]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 14:48 479232]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-28 01:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-28 01:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-28 01:59 81920]
"BM8948026f"="C:\Windows\system32\tcaurnii.dll" [ ]
"8a7b31f3"="C:\Windows\system32\pdhwsebu.dll" [ ]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-07 16:24:49 113664]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2008-04-08 13:43:08 267520]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-16 22:02:07 789008]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D976B84B-808C-4357-9CBB-55BF1F7CEBE7}"= C:\Windows\system32\opnolMCu.dll [ ]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sy mantec Antivirus]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sy mantec Antvirus]
@="Service"
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF8D77F3-F96F-4513-8457-18DC46D3C149}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{6CD833FA-F6C4-4779-A4D1-07E0CB7D62BE}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{7535F655-1C49-4248-AEF0-59A0A71793FF}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F17ADDE8-2E4A-42BB-9D22-9D267ACB1D72}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F0DF63FE-0E68-423C-9DFD-6A1A9387B699}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{B8800BA1-664A-4BF0-9FAA-57D27D7369B4}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A43E9F52-E1F7-4802-8DBB-F9937B1EDF8A}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{E436BE67-0407-445C-B114-09BB5B138AB3}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{E753848A-D85F-489B-9E95-DB2A4129E8BB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F62BE591-C60D-4E3F-900F-C87991445179}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B6B60555-2613-4C42-8D5B-CE5E16AE4598}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{1E7B90F2-31C7-4375-82FC-A55457D4D590}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{1D89D78C-2FD8-4B6F-86E9-23231BD616C3}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{B40D2FCC-AB65-49ED-9013-4356215A34EF}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{2C8A34A5-C620-4E97-B712-CB25515C569E}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9E08D731-22DA-49C7-B75A-D3C9893C30DF}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{5FB1D37A-7B2F-43F0-81D0-8EA2A22B768B}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{04052521-FC31-4766-B1E0-14E2DE1C53EC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BA2280B0-3C96-4310-89FA-CB36B7110CEC}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{89A101DF-83F6-48F1-80A8-3ED2C0BE568C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{57E2EF78-5239-428C-A59A-DAF51A89ED96}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ED637940-C936-43B3-BA8E-F3883BA01568}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E97ABF46-02CE-427B-9D31-7BC3DC567B8C}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{7D3F3302-2CFF-48B9-A7A1-C2F630110C33}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{CFA9874A-DB20-41A9-A5AC-119C1D2EC89D}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{FC8E306A-758F-4DB0-95D5-8D4946ED8D5E}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{08296861-DE48-47E7-BED8-087F5DFF39C9}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{9F22A351-B6FB-4475-B13A-89E621CA66D4}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{09778190-F935-45D5-8936-5CF7D347E001}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{EFFA0792-3E73-4612-9F61-D983259AE06E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8A14121E-96CD-4A18-A25D-789B6886F829}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6146EFBF-8853-469D-8B2A-770CF4961689}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{092DC995-3EB9-498F-B916-2EA14E608B89}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03AAF278-8396-4A93-A060-01A1A470C66A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{869FC6A5-08D6-415F-846A-90C8C9137A22}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A326642C-30F0-4420-988B-B18E7A518D6B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B3283B14-4E4E-4426-890F-4735CA6D6AF3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{55B3E12A-BC7F-4F1F-9A78-FB2609CBEFE6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
 
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 13:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 07:36]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 16:30]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 12:13]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-02-19 04:24]
 
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 07:00:06 C:\Windows\Tasks\TrojanHunter LiveUpdate.job"
- C:\Program Files\TrojanHunter 5.0\Tools\LiveUpdate\LiveUpdate.exe
"2008-04-15 09:02:46 C:\Windows\Tasks\TrojanHunter Scanner.job"
- C:\Program Files\TrojanHunter 5.0\thcl.exe
.
************************************************************************ **
 
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 13:22:19
Windows 6.0.6001 Service Pack 1 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...
 
scanning hidden files ...  
 
 
C:\Users\me\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm 472 bytes
 
scan completed successfully
hidden files: 1
 
************************************************************************ **
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\ehome\ehsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\System32\wbem\WMIADAP.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
.
************************************************************************ **
.
Completion time: 2008-04-16 13:27:39 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-16 17:27:24
 
Pre-Run: 278,604,091,392 bytes free
Post-Run: 278,666,424,320 bytes free
.
2008-04-10 19:08:15--- E O F ---
IP Logged
gimp1967
Newbie
*





   


Posts: 7
Re: Vundo Infected
« Reply #2 on: Apr 16th, 2008, 1:01pm »		 Quote Quote  Modify Modify
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:12 PM, on 4/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
E:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BM8948026f] Rundll32.exe "C:\Windows\system32\tcaurnii.dll",s
O4 - HKLM\..\Run: [8a7b31f3] rundll32.exe "C:\Windows\system32\pdhwsebu.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
IP Logged
gimp1967
Newbie
*





   


Posts: 7
Re: Vundo Infected
« Reply #3 on: Apr 16th, 2008, 1:01pm »		 Quote Quote  Modify Modify
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Rainlendar2] E:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Click-N-Type.LNK = C:\Program Files\Click-N-Type\Click-N-Type.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:  
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 11619 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Vundo Infected
« Reply #4 on: Apr 16th, 2008, 3:31pm »		 Quote Quote  Modify Modify
Welcome to the forum gimp1967  Wink
 
Sorry that your Vista system got infected.  Combofix.exe did some cleaning, it doesn't look like it got everything.
 
1.  First clean Combofix.exe off your system
 
-  Delete Combofix.exe from your desktop.
 
-  Delete the folder named Qoobox from the C: drive.  It is the Quarantine folder for Combofix.exe and is no longer needed.
 
-  Delete the Combofix.exe log file from your system.
 
2.  Make all your files and folders visible per the procedure in the link below.
 
http://www.misec.net/forum/board/FAQ/1139610900
 
3. Please submit the following three files to Mischel Internet Security for analysis.  
 
tcaurnii.dll
pdhwsebu.dll
launcher.exe
 
The link below describes how to submit files for analysis.
 
http://www.misec.net/forum/board/FAQ/1139308293
 
4.  Run the above three files through Jotti remote scanner located at the link below.
 
http://virusscan.jotti.org/
 
5.  Please post back here the results of the remote scan on each of the files.  
 
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
gimp1967
Newbie
*





   


Posts: 7
Re: Vundo Infected
« Reply #5 on: Apr 16th, 2008, 4:59pm »		 Quote Quote  Modify Modify
I followed your directions, but earlier I removed the files from Trojan Hunter quarantine. I re-ran a full scan & T.H. doesn't find anything. However, when I reboot my pc I get 2 errors saying tcaurnii.dll
pdhwsebu.dll can't be found. Now what? Am I gonna have to reformat my pc? Thanks for all the help so far, I appreciate it. Smiley
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Vundo Infected
« Reply #6 on: Apr 16th, 2008, 5:19pm »		 Quote Quote  Modify Modify
Please do this:
 
1.  Run another HiJackthis scan.
 
2.  When the scan is completed, place a checkmark in the box next to the following items.  BE SURE that these are the only items checked.
 

O4 - HKLM\..\Run: [BM8948026f] Rundll32.exe "C:\Windows\system32\tcaurnii.dll",s  
 
O4 - HKLM\..\Run: [8a7b31f3] rundll32.exe "C:\Windows\system32\pdhwsebu.dll",b  
 
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
 
3.  Click on Fix Checked located at the lower left of the Hijackthis window.  Confirm that you want HJT to fix these items and let it do so.
 
4.  Close the Hijackthis window.
 
5.  Reboot your computer.
 
6.  Please run another Hijackthis scan and post the scan log back here.
 
Are you still getting the error messages?
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
gimp1967
Newbie
*





   


Posts: 7
Re: Vundo Infected
« Reply #7 on: Apr 16th, 2008, 5:32pm »		 Quote Quote  Modify Modify
First off, the error messages are gone upon reboot.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:34 PM, on 4/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
E:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
E:\Downloads\smclk131\SmartClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Rainlendar2] E:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Click-N-Type.LNK = C:\Program Files\Click-N-Type\Click-N-Type.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:  
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 11464 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Vundo Infected
« Reply #8 on: Apr 16th, 2008, 5:38pm »		 Quote Quote  Modify Modify
Great!  Your HJT log looks clean now.   Wink
 
You may wish to update your JAVA to Update 6 which was released today.
 
http://www.java.com
 
Be sure to delete all the older versions of Java via Control Panel>Programs and Features once you get the update installed.
 
Is everything looking okay on your system now?  No symptoms of possible infection?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
gimp1967
Newbie
*





   


Posts: 7
Re: Vundo Infected
« Reply #9 on: Apr 16th, 2008, 5:45pm »		 Quote Quote  Modify Modify
siliconman01, Thank you so much for your help! Normally when I'm unsure what to do, I resort to reformatting. You saved me alotta time. Everything seems to be runnin fine. I'll update my JAVA to Update 6 as soon as I post this. Thanks again. Smiley Wink
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Vundo Infected
« Reply #10 on: Apr 16th, 2008, 5:50pm »		 Quote Quote  Modify Modify
You are very welcome.   Cheesy
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register