Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 2:51am
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   vundo problem		 « No topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: vundo problem  (Read 292 times)
ruledbychrist
Newbie
*





   
Email

Posts: 10
vundo problem
« on: Apr 30th, 2008, 8:39pm »		 Quote Quote  Modify Modify
my log files are too long to post in one message, so i am posting them in parts.  i already ran combofix and hijackthis.  i don't know what to do next.  please help.
 
ComboFix 08-04-29.5 - Geisendorffs 2008-04-30 13:58:34.2 - NTFSx86
Running from: C:\Documents and Settings\Geisendorffs\Desktop\ComboFix.exe
 * Resident AV is active
 
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\smp.bat
C:\WINDOWS\a.bat
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mssecu.exe
C:\WINDOWS\SYSTEM32\ahhayjgk.ini
C:\WINDOWS\system32\andbvsnj.ini
C:\WINDOWS\system32\awtQgdby.dll
C:\WINDOWS\system32\briyenvu.dll
C:\WINDOWS\system32\cfowwdux.dll
C:\WINDOWS\system32\emytyfmv.ini
C:\WINDOWS\system32\kgjyahha.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\SYSTEM32\uvneyirb.ini
C:\WINDOWS\system32\vwfvsreg.ini
C:\WINDOWS\system32\wvUllIYP.dll
C:\WINDOWS\system32\xudwwofc.ini
C:\WINDOWS\SYSTEM32\ybdgQtwa.ini
C:\WINDOWS\SYSTEM32\ybdgQtwa.ini2
C:\WINDOWS\Web\def.htm
 
.
(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-30  )))))))))))))))))))))))))))))))
.
 
2008-04-30 13:04 . 2008-04-30 13:04<DIR>d--------C:\Program Files\Trend Micro
2008-04-25 09:28 . 2008-04-30 14:2754,156--ah-----C:\WINDOWS\QTFont.qfn
2008-04-25 09:28 . 2008-04-25 09:281,409--a------C:\WINDOWS\QTFont.for
2008-04-25 00:08 . 2008-04-25 09:46<DIR>d--------C:\Program Files\Windows Live Safety Center
2008-04-24 20:35 . 2008-04-24 21:59<DIR>d--------C:\Program Files\RegCure
2008-04-24 11:10 . 2008-04-24 11:100--a------C:\WINDOWS\exchng.ini
2008-04-23 23:34 . 2007-06-04 10:5667,968--a------C:\WINDOWS\SYSTEM32\DRIVERS\BSafFltr.sys
2008-04-23 23:34 . 2007-06-04 10:5629,024--a------C:\WINDOWS\SYSTEM32\DRIVERS\bsofrwl.sys
2008-04-23 02:48 . 2008-04-23 02:481,075--a------C:\WINDOWS\SYSTEM32\hgGwUkKc.dll
2008-04-23 02:37 . 2008-04-23 02:371,075--a------C:\WINDOWS\SYSTEM32\geBrsRHX.dll
2008-04-23 01:36 . 2008-04-23 01:361,087--a------C:\WINDOWS\SYSTEM32\qoMfghhf.dll
2008-04-22 20:43 . 2008-04-22 20:431,087--a------C:\WINDOWS\SYSTEM32\hgGwUkHw.dll
2008-04-22 19:43 . 2008-04-22 19:431,087--a------C:\WINDOWS\SYSTEM32\pmnlmmLB.dll
2008-04-22 18:43 . 2008-04-22 18:431,087--a------C:\WINDOWS\SYSTEM32\ljJATjjh.dll
2008-04-22 17:43 . 2008-04-22 17:431,087--a------C:\WINDOWS\SYSTEM32\iifdbcyY.dll
2008-04-22 15:43 . 2008-04-22 15:431,087--a------C:\WINDOWS\SYSTEM32\efccyxWo.dll
2008-04-22 14:43 . 2008-04-22 14:431,087--a------C:\WINDOWS\SYSTEM32\khfEVOFv.dll
2008-04-21 23:56 . 2008-04-21 23:561,087--a------C:\WINDOWS\SYSTEM32\tuvTJyWp.dll
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\WINWGPX.EXE
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\winsystem.exe
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\sysreq.exe
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\newsd32.exe
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\mssecu.exe
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\bdn.com
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\awtoolb.dll
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\anticipator.dll
2008-04-21 22:31 . 2008-04-21 22:314,096--a------C:\WINDOWS\SYSTEM32\akttzn.exe
2008-04-21 21:47 . 2008-04-21 21:471,087--a------C:\WINDOWS\SYSTEM32\byXNgdaw.dll
2008-04-21 20:47 . 2008-04-21 20:471,087--a------C:\WINDOWS\SYSTEM32\fccaYrOI.dll
2008-04-21 19:47 . 2008-04-21 19:471,087--a------C:\WINDOWS\SYSTEM32\ssqpMCSk.dll
2008-04-21 18:47 . 2008-04-21 18:471,087--a------C:\WINDOWS\SYSTEM32\ssqNGyxu.dll
2008-04-21 16:47 . 2008-04-21 16:471,087--a------C:\WINDOWS\SYSTEM32\mlJCRlLE.dll
2008-04-21 15:47 . 2008-04-21 15:471,087--a------C:\WINDOWS\SYSTEM32\byXRjhfF.dll
2008-04-21 14:46 . 2008-04-21 14:461,087--a------C:\WINDOWS\SYSTEM32\hgGvuUmj.dll
2008-04-21 13:46 . 2008-04-21 13:461,087--a------C:\WINDOWS\SYSTEM32\qoMghgEW.dll
2008-04-21 12:46 . 2008-04-21 12:461,087--a------C:\WINDOWS\SYSTEM32\ssqRKdBq.dll
2008-04-21 11:46 . 2008-04-21 11:461,087--a------C:\WINDOWS\SYSTEM32\vtUopQJb.dll
2008-04-21 10:46 . 2008-04-21 10:461,087--a------C:\WINDOWS\SYSTEM32\ddcAstsR.dll
2008-04-21 09:46 . 2008-04-21 09:461,087--a------C:\WINDOWS\SYSTEM32\jkkJbcDS.dll
2008-04-21 08:46 . 2008-04-21 08:461,087--a------C:\WINDOWS\SYSTEM32\yayvTkIx.dll
2008-04-21 07:46 . 2008-04-21 07:461,087--a------C:\WINDOWS\SYSTEM32\ljJBrRjK.dll
2008-04-21 06:46 . 2008-04-21 06:461,087--a------C:\WINDOWS\SYSTEM32\geBrqqNg.dll
2008-04-21 05:46 . 2008-04-21 05:461,087--a------C:\WINDOWS\SYSTEM32\urqRJBRI.dll
2008-04-21 04:46 . 2008-04-21 04:461,087--a------C:\WINDOWS\SYSTEM32\rqRJDuRk.dll
2008-04-21 03:46 . 2008-04-21 03:461,087--a------C:\WINDOWS\SYSTEM32\xxywXOhE.dll
2008-04-21 02:46 . 2008-04-21 02:461,087--a------C:\WINDOWS\SYSTEM32\rqRHwUNF.dll
2008-04-21 01:46 . 2008-04-21 01:461,087--a------C:\WINDOWS\SYSTEM32\awttuvsr.dll
2008-04-21 00:46 . 2008-04-21 00:461,087--a------C:\WINDOWS\SYSTEM32\pmnmnOHx.dll
2008-04-20 23:46 . 2008-04-20 23:461,087--a------C:\WINDOWS\SYSTEM32\urqRHyvV.dll
2008-04-20 22:46 . 2008-04-20 22:461,087--a------C:\WINDOWS\SYSTEM32\awtqoPiH.dll
2008-04-20 21:46 . 2008-04-20 21:461,087--a------C:\WINDOWS\SYSTEM32\wvUoPheF.dll
2008-04-20 20:46 . 2008-04-20 20:461,087--a------C:\WINDOWS\SYSTEM32\wvUliiiI.dll
2008-04-20 09:53 . 2008-04-20 09:531,087--a------C:\WINDOWS\SYSTEM32\cbXOHBQj.dll
2008-04-20 08:53 . 2008-04-20 08:531,087--a------C:\WINDOWS\SYSTEM32\iifcYpMe.dll
2008-04-20 07:53 . 2008-04-20 07:531,087--a------C:\WINDOWS\SYSTEM32\nnnKbaaY.dll
2008-04-20 06:53 . 2008-04-20 06:531,087--a------C:\WINDOWS\SYSTEM32\ssqRKeca.dll
2008-04-20 05:53 . 2008-04-20 05:531,087--a------C:\WINDOWS\SYSTEM32\cbXOgffE.dll
2008-04-20 04:53 . 2008-04-20 04:531,087--a------C:\WINDOWS\SYSTEM32\opnkiFya.dll
2008-04-20 03:53 . 2008-04-20 03:531,087--a------C:\WINDOWS\SYSTEM32\ssqrqOHX.dll
2008-04-20 02:53 . 2008-04-20 02:531,087--a------C:\WINDOWS\SYSTEM32\urqPgFWo.dll
2008-04-20 01:53 . 2008-04-20 01:531,087--a------C:\WINDOWS\SYSTEM32\hgGXRjjK.dll
2008-04-20 00:53 . 2008-04-20 00:531,087--a------C:\WINDOWS\SYSTEM32\awtqoLca.dll
2008-04-19 23:53 . 2008-04-19 23:531,087--a------C:\WINDOWS\SYSTEM32\nnnMGwvT.dll
2008-04-19 22:53 . 2008-04-19 22:531,087--a------C:\WINDOWS\SYSTEM32\fccCUKcD.dll
2008-04-19 20:53 . 2008-04-19 20:531,087--a------C:\WINDOWS\SYSTEM32\urqQKayX.dll
2008-04-19 19:53 . 2008-04-19 19:531,087--a------C:\WINDOWS\SYSTEM32\ljJDWQKd.dll
2008-04-19 18:53 . 2008-04-19 18:531,087--a------C:\WINDOWS\SYSTEM32\iifeccdE.dll
2008-04-19 17:53 . 2008-04-19 17:531,087--a------C:\WINDOWS\SYSTEM32\tuvWPfda.dll
2008-04-19 14:47 . 2008-04-19 14:471,087--a------C:\WINDOWS\SYSTEM32\nnnkJCRJ.dll
2008-04-19 13:47 . 2008-04-19 13:471,087--a------C:\WINDOWS\SYSTEM32\tuvtTnNG.dll
2008-04-19 12:47 . 2008-04-19 12:471,087--a------C:\WINDOWS\SYSTEM32\mlJawUNH.dll
2008-04-19 11:47 . 2008-04-19 11:471,087--a------C:\WINDOWS\SYSTEM32\hgGyvSLE.dll
2008-04-19 10:47 . 2008-04-19 10:471,087--a------C:\WINDOWS\SYSTEM32\ljJDUnlL.dll
2008-04-19 09:32 . 2008-04-19 09:321,075--a------C:\WINDOWS\SYSTEM32\wvUopQJB.dll
2008-04-19 07:32 . 2008-04-19 07:321,075--a------C:\WINDOWS\SYSTEM32\mlJDwWQi.dll
2008-04-19 06:32 . 2008-04-19 06:321,075--a------C:\WINDOWS\SYSTEM32\wvUnOGWQ.dll
2008-04-19 05:32 . 2008-04-19 05:321,075--a------C:\WINDOWS\SYSTEM32\xxywwXPg.dll
2008-04-19 03:32 . 2008-04-19 03:321,087--a------C:\WINDOWS\SYSTEM32\vtUkljGa.dll
2008-04-19 02:32 . 2008-04-19 02:321,087--a------C:\WINDOWS\SYSTEM32\pmnLETmL.dll
2008-04-19 01:26 . 2008-04-23 02:28<DIR>d--------C:\Documents and Settings\All Users\Application Data\bypcfgzo
2008-04-17 20:45 . 2008-04-17 20:45<DIR>d--------C:\Program Files\MSECache
2008-04-10 21:54 . 2008-04-10 21:55<DIR>d--------C:\BUSYTOWN
2008-04-10 17:31 . 2008-04-10 17:32<DIR>d--------C:\WINDOWS\CWONDERS
2008-04-10 17:31 . 2008-04-10 17:31<DIR>d--------C:\CWONDERS
2008-04-08 18:37 . 2008-01-29 10:39184,320--a------C:\WINDOWS\SYSTEM32\InetCntrl0011.dll
2008-04-04 16:10 . 2008-04-04 16:10<DIR>d--------C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-13 10:29 . 2008-03-13 10:29<DIR>d--------C:\Documents and Settings\All Users\Application Data\TGHomeSoft
2008-03-13 10:21 . 2008-03-13 10:21<DIR>d--------C:\Program Files\TGHome
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 19:28---------d-----wC:\Program Files\lx_cats
2008-04-24 18:28---------d--h--wC:\Program Files\InstallShield Installation Information
2008-04-24 18:22---------d-----wC:\Program Files\NCP6
2008-04-23 21:06---------d-----wC:\Program Files\Common Files\Symantec Shared
2008-04-23 21:06---------d-----wC:\Documents and Settings\All Users\Application Data\Symantec
2008-04-23 20:54---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 20:28---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 19:53---------d-----wC:\Program Files\Lavasoft
2008-04-23 19:53---------d-----wC:\Documents and Settings\Geisendorffs\Application Data\Lavasoft
2008-04-23 15:06---------d-----wC:\Documents and Settings\Geisendorffs\Application Data\Symantec
2008-04-23 07:21---------d-----wC:\Program Files\QuickTime
2008-04-18 14:58---------d-----wC:\Documents and Settings\Geisendorffs\Application Data\AdobeUM
2008-04-08 03:46---------d-----wC:\Program Files\DeductionPro 2007
2008-04-04 21:10---------d-----wC:\Documents and Settings\Geisendorffs\Application Data\Yahoo!
2008-03-11 03:59---------d--h--wC:\Documents and Settings\Geisendorffs\Application Data\Move Networks
2006-04-09 01:2011,892,223----a-wC:\Program Files\DeductionPro_2005-6_Installer.exe
2005-06-02 19:1364,600-c--a-wC:\Documents and Settings\Geisendorffs\Application Data\GDIPFONTCACHEV1.DAT
2004-12-30 04:43216,096----a-wC:\Program Files\aide-0.9.tar.tar
2004-07-29 15:0210,135,688----a-wC:\Program Files\MPSetupXP.exe
2004-07-20 14:346,185,072----a-wC:\Program Files\InstallPuzzleInlay.exe
2004-04-28 18:191,092,902----a-wC:\Program Files\wash33.exe
2004-04-01 21:031,760,378----a-wC:\Program Files\aaw6.exe
2004-04-01 05:105,008,016----a-wC:\Program Files\zonealarm.exe
2003-06-02 02:541,075,399----a-wC:\Program Files\photovulink2_10.exe
2003-05-19 03:278,839,120----a-wC:\Program Files\AcroReader51_ENU.exe
2003-05-05 22:123,750,576----a-wC:\Program Files\zaSetup_37_143.exe
2003-05-03 11:1619,208,239----a-wC:\Program Files\ecdc_v5.3.5.10_plt_enu.exe
2003-04-29 16:00207,759----a-wC:\Program Files\INSTALL.LOG
1996-10-29 20:5312,848----a-wC:\Program Files\readpre.txt
.
 
IP Logged
ruledbychrist
Newbie
*





   
Email

Posts: 10
Re: vundo problem
« Reply #1 on: Apr 30th, 2008, 8:41pm »		 Quote Quote  Modify Modify
rest of the combofix log file...
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52 1409024]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 06:54 65536]
"InetCntrl"="C:\WINDOWS\system32\InetCntrl\InetCntrl.exe" [2008-01-29 16:37 841008]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-13 00:21 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 17:00 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 08:29 237568]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [ ]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 03:11 290816]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10 98304]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 18:22 28672]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-05-03 06:17 684032]
"AcctMgr"="C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" [ ]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"MSACM.G723"= g723.acm
"vidc.I263"= I263_32.drv
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Live Menu 3.3.lnk.disabled]
backup=C:\WINDOWS\pss\eFax Live Menu 3.3.lnk.disabledCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 3.3.lnk.disabled]
backup=C:\WINDOWS\pss\eFax Tray Menu 3.3.lnk.disabledCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^StealthRay.lnk]
backup=C:\WINDOWS\pss\StealthRay.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^Geisendorffs^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup
 
[HKLM\~\startupfolder\C:^Documents and Settings^Geisendorffs^Start Menu^Programs^Startup^Office Startup.lnk]
path=C:\Documents and Settings\Geisendorffs\Start Menu\Programs\Startup\Office Startup.lnk
backup=C:\WINDOWS\pss\Office Startup.lnkStartup
 
[HKLM\~\startupfolder\C:^Documents and Settings^Geisendorffs^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
 
[HKLM\~\startupfolder\C:^Documents and Settings^Geisendorffs^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\InetCntrl\\InetCntrl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Rosetta Stone\\RS2.2.1.0Asms\\Rosetta Stone.exe"=
"C:\\Program Files\\Rosetta Stone\\RS2.2.1.0Asms\\Discover.exe"=
"C:\\Program Files\\Rosetta Stone\\SMS v3.2.0hs\\admin.exe"=
"C:\\Program Files\\Rosetta Stone\\SMS v3.2.0hs\\server.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
 
R2 PackethSvc;Virtual NIC Service;C:\WINDOWS\System32\PackethSvc.exe [2001-08-09 16:46]
R2 PMJ151NM;Panasonic DVC Web Camera;C:\WINDOWS\system32\DRIVERS\PMJ151NM.sys [2002-03-19 13:33]
R2 SMS_v3_2_0;SMS_v3_2_0;"C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe" -s "C:\Program Files\Rosetta Stone\SMS v3.2.0hs\service\wrapper.conf" []
S3 MTDVC;Panasonic DVC USB-SERIAL Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku1.sys [2002-04-12 05:14]
S3 MTDVC_ENUM;Panasonic DVC COM Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks1.sys [2002-04-24 07:14]
S3 MTSTOR;Panasonic DVC Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\mtdv2km1.sys [2002-04-12 05:17]
S3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys []
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]
 
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 21:59:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-24 05:15:51 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\SYSTEM32\cleanmgr.exe
"2008-04-24 06:56:03 C:\WINDOWS\Tasks\Fast & Safe Cleanup.job"
- C:\PROGRA~1\NORTON~1\NORTON~2\Qdcsfs.exe
"2008-04-30 19:26:47 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-25 01:36:16 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-21 06:32:00 C:\WINDOWS\Tasks\Wipe Info.job"
- C:\PROGRA~1\NORTON~1\NORTON~3\WIPINFNT.EXE
.
************************************************************************ **
 
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 14:27:16
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
************************************************************************ **
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PMJ151LA]
"ImagePath"="%SystemRoot%\PMJ151LA.BIN"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM32\java.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\SYSTEM32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
.
************************************************************************ **
.
Completion time: 2008-04-30 14:33:22 - machine was rebooted [Geisendorffs]
ComboFix-quarantined-files.txt  2008-04-30 19:33:19
 
Pre-Run: 100,919,214,080 bytes free
Post-Run: 100,843,315,200 bytes free
 
311--- E O F ---2008-04-19 08:01:57
IP Logged
ruledbychrist
Newbie
*





   
Email

Posts: 10
Re: vundo problem
« Reply #2 on: Apr 30th, 2008, 8:42pm »		 Quote Quote  Modify Modify
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:19 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo. com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo. com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://dailyxxxphotos.net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r3.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r3.attbi.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: qtvglped - {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - (no file)
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNuke rInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming .cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.c ab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/clien t/wuweb_site.cab?1094062294834
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/ muweb_site.cab?1130626086328
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712 /player/install3.0/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - https://secure.sunterra.com/US/downloads/svideo3.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0, 4499/mcfscan.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O21 - SSODL: omlbpkaw - {91346A1B-F73F-40B7-9B5F-CDBF08B14DD5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device -   - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SMS_v3_2_0 - Unknown owner - C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
 
--
End of file - 16609 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: vundo problem
« Reply #3 on: May 1st, 2008, 1:07am »		 Quote Quote  Modify Modify
Welcome to the forum ruledbychrist  Cheesy
 
Thanks for your advance work and posting the two logs.  Now please do the following:
 
1.  Delete Combofix.exe from your system (desktop)  
 
2.  Delete the Combofix.exe Quarantine folder which is a folder named Qoobox and is probably located under C:\  
 
3.  Delete the Combofix log file from your system.  
 
4.  Now run another Hijackthis scan.  
 
5.  When the scan is completed, place a check mark next to the following items.  BE SURE that these are the only items checked.  
 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://dailyxxxphotos.net/search.html
 
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
 
O3 - Toolbar: qtvglped - {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - (no file)
 
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
 
O21 - SSODL: omlbpkaw - {91346A1B-F73F-40B7-9B5F-CDBF08B14DD5} - (no file)
 
6.  Close your browser window.
 
7.  Click on Fix Checked located at the lower left of the Hijackthis window.  Confirm that you want these items fixed and let HJT fix them
 
8.  Close Hijackthis and reboot
 
9.  Your JAVA applet is severely out-of-date.  
 
-  Please go to the link below and install the latest Java JRE which is Java Runtime Environment (JRE) 6 Update 6  
 
http://java.sun.com/javase/downloads/index.jsp  
 
-  After the update is completed, go to your Control Panel>Add and Remove Programs.  Uninstall any older version of Java.  Unfortunately Java does not do this automatically.  
 
10.  Your System Restore is most assured still infected.  Please clear it out per the procedure in the link below:
 
http://www.misec.net/forum/board/FAQ/1139255588
 
11.  Then perform a Remote Scan using the Kaspersky remote scanner at the link below:
 
http://www.kaspersky.com/virusscanner
 
-  Use Internet Explorer to access this website.  Kaspersky needs to download an ActiveX component.  Please let it do so.
 
-  Before scanning, disable all your security programs EXCEPT your software firewall.
 
-  BE SURE to scan your FULL computer...all disks.
 
-  Kaspersky will tell us if further cleaning is needed.  Kaspersky remote scanner does not remove any infections it finds; however, it thoroughly scans and then identifies any infections on your system.  The scanner takes a while to run.
 
12.  Post back here the Kaspersky scan log and a new Hijackthis log.
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
ruledbychrist
Newbie
*





   
Email

Posts: 10
Re: vundo problem
« Reply #4 on: May 1st, 2008, 8:13pm »		 Quote Quote  Modify Modify
KASPERSKY ONLINE SCANNER REPORT  
Thursday, May 01, 2008 7:59:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 734395
 
 
Scan Settings  
Scan using the following antivirus database extended  
Scan Archives true  
Scan Mail Bases true  
 
Scan Target My Computer  
C:\
D:\
E:\  
 
Scan Statistics  
Total number of scanned objects 110184  
Number of viruses found 2  
Number of infected objects 4  
Number of suspicious objects 0  
Duration of the scan process 01:14:09  
 
Infected Object Name Virus Name Last Action  
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat  Object is locked  skipped  
 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat  Object is locked  skipped  
 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia.zip/exdl1.exe  Infected: not-a-virus:AdWare.Win32.BargainBuddy.q  skipped  
 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia.zip  ZIP: infected - 1  skipped  
 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/fvkwdrt.exe  Infected: not-a-virus:AdWare.Win32.Vapsup.ui  skipped  
 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip  ZIP: infected - 1  skipped  
 
C:\Documents and Settings\Geisendorffs\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\Geisendorffs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\Geisendorffs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\Geisendorffs\Local Settings\History\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\Geisendorffs\Local Settings\History\History.IE5\MSHist012008050120080502\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\Geisendorffs\Local Settings\Temp\~DF2C89.tmp  Object is locked  skipped  
 
C:\Documents and Settings\Geisendorffs\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\Geisendorffs\ntuser.dat  Object is locked  skipped  
 
C:\Documents and Settings\Geisendorffs\ntuser.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\NTUSER.DAT  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\ntuser.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\NTUSER.DAT  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\ntuser.dat.LOG  Object is locked  skipped  
 
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\ServerStandardError.txt  Object is locked  skipped  
 
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\ServerStandardOutput.txt  Object is locked  skipped  
 
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\smsdata\database\smsDBv3.odb  Object is locked  skipped  
 
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\smsdata\database\smsDBv3.odf  Object is locked  skipped  
 
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\smsdata\database\smsDBv3.odt  Object is locked  skipped  
 
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\change.lo g  Object is locked  skipped  
 
C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped  
 
C:\WINDOWS\SchedLgU.Txt  Object is locked  skipped  
 
C:\WINDOWS\SoftwareDistribution\EventCache\{E9A7A4F8-3B5C-4359-8B00-160E CD1A1C07}.bin  Object is locked  skipped  
 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  Object is locked  skipped  
 
C:\WINDOWS\Sti_Trace.log  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SAM  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\InetCntrl\applog.txt  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\InetCntrl\AV\bsafsavi.txt  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA  Object is locked  skipped  
 
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP  Object is locked  skipped  
 
C:\WINDOWS\Temp\hsperfdata_SYSTEM\544  Object is locked  skipped  
 
C:\WINDOWS\WIADEBUG.LOG  Object is locked  skipped  
 
C:\WINDOWS\WIASERVC.LOG  Object is locked  skipped  
 
C:\WINDOWS\WindowsUpdate.log  Object is locked  skipped  
 
Scan process completed.  
IP Logged
ruledbychrist
Newbie
*





   
Email

Posts: 10
Re: vundo problem
« Reply #5 on: May 1st, 2008, 8:13pm »		 Quote Quote  Modify Modify
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:37 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo. com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo. com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r3.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r3.attbi.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNuke rInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming .cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.c ab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/clien t/wuweb_site.cab?1094062294834
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/ muweb_site.cab?1130626086328
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712 /player/install3.0/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - https://secure.sunterra.com/US/downloads/svideo3.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0, 4499/mcfscan.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device -   - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SMS_v3_2_0 - Unknown owner - C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
 
--
End of file - 16353 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: vundo problem
« Reply #6 on: May 1st, 2008, 10:58pm »		 Quote Quote  Modify Modify
Okay!  Your system is basically clean.  
 
You can clear out the Spybot Search & Destroy Recovery folder to get rid of the items that Kaspersky found.  This folder is the quarantine folder for Spybot so they are "inert" items.  This is the folder at:
 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
 
Just empty the Recovery folder and you are in business.  
 
Your HJT log looks good and I see you updated Java too.   Cheesy
 
Is your system running okay with nothing odd happening?
« Last Edit: May 1st, 2008, 10:59pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
ruledbychrist
Newbie
*





   
Email

Posts: 10
Re: vundo problem
« Reply #7 on: May 2nd, 2008, 1:35pm »		 Quote Quote  Modify Modify
it seems to be working great!  i do have some questions for you, if you don't mind providing some guidance.
 
1.  i updated my java, and now i have two java things in my list of installed programs.  do i need both of them, or did i download something extra by mistake?  they are... java(tm)6 update 6 and java(tm) se development kit 6 update 6.  what does java actually do anyway?
 
2.  i want to take some things out of my startup list, but i don't know which things actually HAVE TO stay there in order for everything to get started without a hitch.  i don't even know what some of the things on the list are for.  how do i find out what they do?
 
3.  and my really important question is... is it safe to watch a tv show on the internet, or is that when i got infected?  if it would be safer to tape what i want to watch and watch it after my kids go to bed, i will.  but that is really a pain.  besides email, and a little bit of shopping and research, the main thing i use the internet for is to watch 2 or 3 shows a week that i like, but they interfere with our bedtime routine. Smiley
 
i appreciate all your help and feel safer already!  if these items are considered "out of scope", i understand.  thanks again and have a blessed day.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: vundo problem
« Reply #8 on: May 2nd, 2008, 2:13pm »		 Quote Quote  Modify Modify
Glad to hear that all appears to be running okay.  Wink
 
Quote:
1.  i updated my java, and now i have two java things in my list of installed programs.  do i need both of them, or did i download something extra by mistake?  they are... java(tm)6 update 6 and java(tm) se development kit 6 update 6.  what does java actually do anyway?

 
Using Add and Remove Programs in the Control Panel, you can remove the java(tm) se development kit 6 update 6. You only need the java(tm) 6 update 6.  
 
Quote:
3.  and my really important question is... is it safe to watch a tv show on the internet, or is that when i got infected?  if it would be safer to tape what i want to watch and watch it after my kids go to bed, i will.  but that is really a pain.  besides email, and a little bit of shopping and research, the main thing i use the internet for is to watch 2 or 3 shows a week that i like, but they interfere with our bedtime routine.

 
I sincerely doubt that you became infected by watching your TV shows via the Internet.  What version of Norton Systemworks are you running?  If it is not being maintained up-to-date, infections will slip in on your system.  You may need to install some additional protection programs as well.  
 
Quote:
2.  i want to take some things out of my startup list, but i don't know which things actually HAVE TO stay there in order for everything to get started without a hitch.  i don't even know what some of the things on the list are for.  how do i find out what they do?

 
The programs below are being started up when you boot up your computer  
 
Quote:
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16  
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe  
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart  
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe  
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot  
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot  
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime  
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup  
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup  
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"  
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"  
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"  
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe  
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s  
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"  
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe  
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup  
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe  
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe  
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup  
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"  
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe  
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog  
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background  
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler  
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe  
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')  
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')  
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')  
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')  
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe  

 
I can assist you in evaluating these and determine if some of them can be removed if you like.  It will take a series of questions from me and answers from you as to what you want your system to do.  
 
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
ruledbychrist
Newbie
*





   
Email

Posts: 10
Re: vundo problem
« Reply #9 on: May 2nd, 2008, 5:06pm »		 Quote Quote  Modify Modify
regarding the java - thanks.
 
protection wise - i am using besafe online version 5.0 (which i think uses mcafee).  we had several different things before, but i removed them because i was told they would "fight with" eachother and the besafe.  is that true?
 
startup - i would love to remove as many programs from our computer as possible, as well as mininize the number of startup items required to get going.  we homeschool our children and they use the typershark and rosetta stone everyday.  if they turn the computer on first, they start clicking around before it's done booting up, and it seems to create problems.  maybe now that we have eliminated the virus problem, that won't be an issue, but i would still like to get rid of things we don't ever use.  so, please let me know what information you require in order to help me weed out the unwanted/unneccessary items.
 
thanks again for all your help.  last week i was ready to cry over this silly computer, and now i am quite happy.  Smiley
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270