to anyone that can help me please i have what i believe to be a vundo 11 virus and running windows xp on hp pavillion with trend micro internet sercurity pro i have attached the hijackthis logfile. Am frustrated with trend micros inability to fix problem tried for about 8 weeks without success
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:27 AM, on 15/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsv c.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.e xe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2bdce335-a17e-43c6-9fdf-6db0938b72fe} - C:\WINDOWS\system32\mawisega.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [jorijuguro] Rundll32.exe "C:\WINDOWS\system32\febozika.dll",s
O4 - HKLM\..\Run: [bc7f2fed] rundll32.exe "C:\WINDOWS\system32\gufulise.dll",b
O4 - HKLM\..\Run: [CPMbf4c1c71] Rundll32.exe "c:\windows\system32\dutudari.dll",a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [jorijuguro] Rundll32.exe "C:\WINDOWS\system32\febozika.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5765ED4-28F6-4933-ADB6-560C7B2679D4}: Domain = nsw.bigpond.net.au
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\ziyewila.dll C:\WINDOWS\system32\botabedu.dll c:\windows\system32\garetuso.dll c:\windows\system32\dutudari.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dutudari.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dutudari.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsv c.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 14103 bytes
 |
 |
 |
 |
|
|||||||
| [Fixed] Hijackthis! Logs - Vundo 11 Please help posted in the Security & Safety forums; to anyone that can help me please i have what i believe to be a vundo 11 virus and running windows xp on hp pavillion with trend micro internet sercurity ... |
|
03-15-2009
|
#1 |
|
Bronze Member
 Join Date: Feb 2009
Posts: 11 PC Experience: Some Experience
|
Vundo 11 Please help
|
|
|
| Advertisement - Register to Remove | |
|
|
03-15-2009
|
#2 |
|
Senior Security Analyst
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,867 PC Experience: Elite PC Guru
|
Re: Vundo 11 Please help
Hi.Welcome to the forum
Run both these programs. Please download Malwarebytes' Anti-Malware from one of these places: |MG| Malwarebytes Anti-Malware 1.34 http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log. PLEASE NOTE: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem. ================================================== =================================== Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages . http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. Double-click on ComboFix.exe & follow the prompts. If it will not run rename Combofix to xxx.exe and run that. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
__________________
My real name is Eddy
|
|
|
|
|
03-24-2009
|
#3 |
|
Bronze Member
Join Date: Feb 2009
Posts: 11 PC Experience: Some Experience
|
Re: Vundo 11 Please help
thankyou for your help all is working fine now but do i need to run the second program
attached hijack this log and malwarebytes log as well thankyou again saved me from having to buy new computer mbam-log-2009-03-24 (16-22-30).txt hijackthis.log |
|
|
|
|
03-24-2009
|
#4 |
|
Tech Support Team
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Vundo 11 Please help
coco,
Pancake asked me to pick this one up because his lazy **** is on vacation  I'm very interested in seeing what ComboFix has to say. Once you get that done if you could also please re-run MBAM but, as opposed to a Quick Scan, run a Full Scan that would be great
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
04-09-2009
|
#5 |
|
Tech Support Team
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Vundo 11 Please help
Hello,
I'm just following up. Do you still require assistance in removing your malware? Or can we put this one to bed? If you are still in need of assistance please follow the procedure located at the top of the forum. Regards, Crush PCHF Security Team Leader
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
04-10-2009
|
#6 |
|
Bronze Member
Join Date: Feb 2009
Posts: 11 PC Experience: Some Experience
|
Re: Vundo 11 Please help
done thankyou for your paitience find attachedthe malware byte full scan log and the combofix log also hijackthis log
COMBO FIX ComboFix 09-04-04.01 - Corey 2009-04-10 19:18:51.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.207 [GMT 10:00] Running from: c:\documents and settings\Corey\Desktop\ComboFix.exe AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) FW: Trend Micro Personal Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\babopeni.dll c:\windows\system32\balinoto.dll c:\windows\system32\bavovayo.dll c:\windows\system32\besigaza.dll c:\windows\system32\bipehozo.dll c:\windows\system32\bowafefi.dll c:\windows\system32\bozuhanu.dll c:\windows\system32\bumokoju.dll.tmp c:\windows\system32\buwavuki.dll c:\windows\system32\defohesi.dll c:\windows\system32\deluteda.dll c:\windows\system32\denekilo.dll c:\windows\system32\denezudu.dll c:\windows\system32\dipagowe.dll c:\windows\system32\dogatidi.dll c:\windows\system32\dokejiwe.dll c:\windows\system32\dolaribe.dll c:\windows\system32\dukiwava.dll c:\windows\system32\duvotihe.dll.tmp c:\windows\system32\fafagage.dll c:\windows\system32\famizula.dll c:\windows\system32\fasijilu.dll c:\windows\system32\fenozivi.dll c:\windows\system32\figepevo.dll c:\windows\system32\fosifopu.dll c:\windows\system32\fotageyu.dll c:\windows\system32\fovativu.dll c:\windows\system32\fuweyofa.dll c:\windows\system32\getaviwi.dll c:\windows\system32\gipekuya.dll c:\windows\system32\gisufevu.dll c:\windows\system32\gitisowe.dll.tmp c:\windows\system32\gizoroda.dll c:\windows\system32\gowoyisa.dll c:\windows\system32\gukehere.dll.tmp c:\windows\system32\gumiviho.dll c:\windows\system32\hebowugi.dll c:\windows\system32\hirisaki.dll c:\windows\system32\hiyovutu.dll c:\windows\system32\hozegupo.dll c:\windows\system32\janifedu.dll c:\windows\system32\jebikono.dll c:\windows\system32\jinuriwa.dll c:\windows\system32\jisasiti.dll c:\windows\system32\jiyapise.dll c:\windows\system32\jurevewa.dll c:\windows\system32\jusivefa.dll c:\windows\system32\kabifoti.dll c:\windows\system32\karirabo.dll c:\windows\system32\kefazuwa.dll c:\windows\system32\kemepiga.dll c:\windows\system32\kewoboda.dll.tmp c:\windows\system32\kigilepi.dll c:\windows\system32\kiramega.dll c:\windows\system32\kisafigu.dll c:\windows\system32\kiyuwalu.dll c:\windows\system32\koloturi.dll c:\windows\system32\legidonu.dll c:\windows\system32\leliwuwu.dll c:\windows\system32\litikene.dll c:\windows\system32\litilifu.dll c:\windows\system32\lolapeva.dll c:\windows\system32\ludotoja.dll c:\windows\system32\mivayali.dll c:\windows\system32\mizedodi.dll c:\windows\system32\mopaberi.dll c:\windows\system32\mosowisi.dll c:\windows\system32\mulipiza.dll.tmp c:\windows\system32\mupabevu.dll c:\windows\system32\mupafeve.dll c:\windows\system32\narenodo.dll c:\windows\system32\neresazi.dll c:\windows\system32\newakoja.dll c:\windows\system32\nokamido.dll c:\windows\system32\notosujo.dll c:\windows\system32\nutuhunu.dll c:\windows\system32\pabevajo.dll c:\windows\system32\pajorogi.dll.tmp c:\windows\system32\pemumimo.dll.tmp c:\windows\system32\pevesuze.dll c:\windows\system32\pewekasi.dll c:\windows\system32\peyubisu.dll c:\windows\system32\pitirima.dll c:\windows\system32\pofutuva.dll c:\windows\system32\ponovisi.dll c:\windows\system32\pujawewo.dll c:\windows\system32\rawosofi.dll c:\windows\system32\remudaze.dll c:\windows\system32\rotirufe.dll c:\windows\system32\rubolezo.dll c:\windows\system32\rurajiye.dll c:\windows\system32\ruvaluno.dll c:\windows\system32\sajifamu.dll c:\windows\system32\sesotoja.dll.tmp c:\windows\system32\sonumiwo.dll c:\windows\system32\sorusodi.dll c:\windows\system32\talamuko.dll c:\windows\system32\tasurepa.dll c:\windows\system32\teserugu.dll c:\windows\system32\teteripe.dll c:\windows\system32\tijevilu.dll c:\windows\system32\tilamuga.dll.tmp c:\windows\system32\tomipojo.dll.tmp c:\windows\system32\tubakile.dll c:\windows\system32\tunesega.dll c:\windows\system32\tuyigope.dll c:\windows\system32\tuyuvela.dll c:\windows\system32\vativise.dll c:\windows\system32\vefufise.dll c:\windows\system32\vonibusa.dll c:\windows\system32\vuhusihu.dll c:\windows\system32\vulutena.dll c:\windows\system32\vurukane.dll c:\windows\system32\vusiluya.dll.tmp c:\windows\system32\vuvujake.dll c:\windows\system32\wadumepo.dll.tmp c:\windows\system32\wahotake.dll c:\windows\system32\wanebape.dll c:\windows\system32\wemekuro.dll c:\windows\system32\wihawuhe.dll c:\windows\system32\wizitego.dll c:\windows\system32\wutilowu.dll c:\windows\system32\wuyebohe.dll c:\windows\system32\yejedotu.dll c:\windows\system32\yetiliza.dll c:\windows\system32\yiborewa.dll c:\windows\system32\yiheguku.dll c:\windows\system32\yihigiyo.dll c:\windows\system32\yofamoyu.dll c:\windows\system32\yugovuji.dll.tmp c:\windows\system32\zelorogi.dll c:\windows\system32\zinefowo.dll c:\windows\system32\ziyewila.dll.tmp c:\windows\system32\zotokohu.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 ))))))))))))))))))))))))))))))) . 2009-04-10 19:09 . 2009-04-10 19:09 <DIR> d--hs---- c:\documents and settings\Corey\IECompatCache 2009-04-10 19:06 . 2009-04-10 19:06 <DIR> d--hs---- c:\documents and settings\Corey\IETldCache 2009-04-01 07:45 . 2009-04-01 07:45 <DIR> d--hs---- c:\documents and settings\Mum\IETldCache 2009-03-30 19:51 . 2009-03-30 19:51 <DIR> d--hs---- c:\documents and settings\Dad\IECompatCache 2009-03-30 19:05 . 2009-03-30 19:05 <DIR> d--hs---- c:\documents and settings\Dad\IETldCache 2009-03-30 17:42 . 2009-03-30 17:43 <DIR> d--h-c--- c:\windows\ie8 2009-03-24 14:26 . 2009-03-24 14:26 <DIR> d-------- c:\documents and settings\Corey\Application Data\Malwarebytes 2009-03-24 14:26 . 2009-03-24 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-24 13:59 . 2009-03-24 14:00 10,752 --a------ c:\windows\DCEBoot.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-04-08 13:17 --------- d-----w c:\documents and settings\Dad\Application Data\OpenOffice.org2 2009-04-04 02:56 --------- d-----w c:\program files\Google 2009-03-06 02:17 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys 2009-03-06 02:17 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys 2009-03-06 02:17 1,195,512 ----a-w c:\windows\system32\drivers\vsapint.sys 2009-03-03 23:12 80,400 ----a-w c:\windows\system32\drivers\tmtdi.sys 2009-03-03 09:08 335,376 ----a-w c:\windows\system32\drivers\TM_CFW.sys 2009-03-03 08:34 50,192 ----a-w c:\windows\system32\drivers\tmevtmgr.sys 2009-03-03 08:34 50,192 ----a-w c:\windows\system32\drivers\tmactmon.sys 2009-03-03 08:34 150,032 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-02-13 11:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-13 11:09 --------- d-----w c:\program files\Brownie 2009-01-16 23:50 25,912 ----a-w C:\FIXTOOL.zip 2008-12-26 02:36 4,780,003 ----a-w c:\documents and settings\Mum\sysclean.com 2008-12-07 11:29 80,466,088 ----a-w c:\documents and settings\Dad\TISPro_Download_32bit.exe 2008-11-28 09:11 1,342 ----a-w c:\documents and settings\Corey\Application Data\filterclsid.dat 2008-11-22 01:14 774,144 ----a-w c:\program files\RngInterstitial.dll 2008-11-01 22:31 61,224 ----a-w c:\documents and settings\Corey\GoToAssistDownloadHelper.exe 2008-09-23 08:29 531 ----a-w c:\documents and settings\Mum\sysclean.bat 2007-11-28 05:26 94,080 ----a-w c:\documents and settings\Corey\Application Data\ezplay.sys 2007-11-28 05:26 87,608 ----a-w c:\documents and settings\Corey\Application Data\ezpinst.exe 2007-11-28 05:26 47,360 ----a-w c:\documents and settings\Corey\Application Data\pcouffin.sys 2007-08-20 07:28 275 ----a-w c:\documents and settings\Incomplete\downloads.dat 2007-03-02 09:59 87,608 ----a-w c:\documents and settings\Dad\Application Data\ezpinst.exe 2007-03-02 09:59 47,360 ----a-w c:\documents and settings\Dad\Application Data\pcouffin.sys 2007-03-02 09:48 94,080 ----a-w c:\documents and settings\Dad\Application Data\ezplay.sys 2008-06-01 01:39 0 --sha-w c:\windows\SMINST\HPCD.sys 2008-08-15 08:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081520080 816\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2008-08-18 08:51 527304 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2008-08-18 08:51 527304 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2008-08-18 08:51 527304 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704] "Acme.PCHButton"="c:\progra~1\HELPAN~1\Pavilion\XP HWWBF4\plugin\bin\PCHButton.exe" [2004-08-25 159744] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-27 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Google Update"="c:\documents and settings\Corey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE" [2009-03-14 492808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-05 455168] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-07-30 155648] "WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-07-30 192512] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-24 217088] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-07-31 815104] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-22 185872] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-13 995528] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-08-18 600008] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888] "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 c:\windows\ALCXMNTR.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe] "SoundMan"="SOUNDMAN.EXE" [2005-04-06 c:\windows\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-04-06 c:\windows\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-14 492808] c:\documents and settings\Mum\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-09-14 385024] c:\documents and settings\Dad\Start Menu\Programs\Startup\ OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 61440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] Notification Packages REG_MULTI_SZ cli [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe" = "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Trend Micro\\Internet Security\\SfCtlCom.exe"= "c:\\Program Files\\Trend Micro\\Internet Security\\TmPfw.exe"= "c:\\Program Files\\Trend Micro\\Internet Security\\TmProxy.exe"= R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsv c.exe [2008-12-07 181584] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpr eflt.sys [2008-12-07 36368] R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-08-25 24608] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-12-07 335376] S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmev tmgr.sys [2008-12-07 50192] S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-12-07 497008] S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-12-07 677128] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-11-22 18176] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\dri vers\motccgpfl.sys [2008-11-22 7680] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994517728-118372802-1254566936-1010.job - c:\documents and settings\Corey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 20:34] 2009-02-06 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (PORTERS-Hannah).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [] 2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{233913EA-7360-4C05-B121-62FE95F9E82A}.job - c:\windows\system32\msfeedssync.exe [2009-01-15 01:01] 2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{2974277A-966C-4AB7-92CA-63F376220847}.job - c:\windows\system32\msfeedssync.exe [2009-01-15 01:01] 2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{4A89C229-CBDA-4A1D-862C-808A6000F2EB}.job - c:\windows\system32\msfeedssync.exe [2009-01-15 01:01] 2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{5E113F7A-D46A-43A0-BEED-8B1467122A6F}.job - c:\windows\system32\msfeedssync.exe [2009-01-15 01:01] 2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{7BBACE86-2EE9-4CCE-A72B-B68D9622B85B}.job - c:\windows\system32\msfeedssync.exe [2009-01-15 01:01] . - - - - ORPHANS REMOVED - - - - BHO-{90093ad9-b86d-44b0-801c-e9785b6db726} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************** ************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 19:43:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3994517728-118372802-1254566936-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c9,52,63,d4,d9,d3,25,e9,66,74,7e,77,c6,15 ,eb,97,14,ca,81,64,9e,16,db, b6,46,d0,54,31,c9,84,c4,1e,15,48,de,69,78,90,36,47 ,d9,47,6d,98,92,79,c2,8f,\ "??"=hex:0d,91,6d,cf,3e,de,23,16,6c,8a,be,aa,bd,b4 ,30,c9 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\snmp.exe c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.e xe c:\windows\system32\UStorSrv.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\ati2evxx.exe c:\program files\Brother\Brmfcmon\BrMfcMon.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe c:\windows\system32\wscntfy.exe . ************************************************** ************************ . Completion time: 2009-04-10 19:49:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-10 09:49:10 Pre-Run: 93,786,935,296 bytes free Post-Run: 95,297,785,856 bytes free 365 --- E O F --- 2009-03-30 11:41:36 MALWAREBYTES Malwarebytes' Anti-Malware 1.36 Database version: 1961 Windows 5.1.2600 Service Pack 3 10/04/2009 8:53:24 PM mbam-log-2009-04-10 (20-53-24).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 333189 Time elapsed: 55 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP935\A0243836.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP935\A0243837.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP935\A0243838.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP941\A0249991.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP941\A0249992.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP941\A0249993.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP944\A0250114.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Trend Micro\HijackThis\backups\backup-20090118-204746-406.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Trend Micro\HijackThis\backups\backup-20090118-204859-612.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Trend Micro\HijackThis\backups\backup-20090118-205118-820.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Trend Micro\HijackThis\backups\backup-20090118-210226-629.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Trend Micro\HijackThis\backups\backup-20090118-210525-853.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Trend Micro\HijackThis\backups\backup-20090118-210748-411.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kivigoru.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bujumuto.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kusisepa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. HIJACK THIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:21:21 PM, on 10/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsv c.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\UStorSrv.exe C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.e xe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\ PCHButton.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B5765ED4-28F6-4933-ADB6-560C7B2679D4}: Domain = nsw.bigpond.net.au O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsv c.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 12690 bytes |
|
|
|
|
| Bookmarks |
| Tags |
| 11, vundo |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Pending: Got Vundo | nick7272 | [Pending] HJT Logs | 2 | 04-02-2009 11:35 PM |
| Fixed: Vundo et al | winstontoby | [Fixed] Hijackthis! Logs | 19 | 01-30-2009 03:11 AM |
| Fixed: Vundo: Is it really gone? | bivegan | [Fixed] Hijackthis! Logs | 2 | 05-28-2008 01:44 AM |
| Fixed: Got hit with vundo..... | D__ | [Fixed] Hijackthis! Logs | 4 | 05-20-2008 03:38 PM |
| Help with Vundo | Spliefer | Anti-Virus | 3 | 03-12-2008 03:11 AM |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
