There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
blue screen blue screen of death boot computer connection crash css dell display driver drivers email error ethernet excel firefox firefox 3 hard drive internet internet explorer itunes laptop lcd linux malware monitor network networking nvidia outlook outlook 2003 outlook express partition password printer problem problems router security slow software sound trojan usb video virus vista windows windows xp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Can't get rid of VUNDO trojan


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Closed Thread
 
Thread Tools
drewt2000's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Jun 2008
Experience: Intermediate
03-Jul-2008, 02:33 PM #1
Solved: Can't get rid of VUNDO trojan
Have a problem browsing were pages will not load and mot of the time I get random pop-ups. I have ran virus scan (McAfee) and also used Spybot but these programs finds the vundo trojan but it comes back.

I have a Dell D505 running WIndows XP pro SP3. I ran HJT and the log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:44, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Link...itCheckError=5
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [68dde94e] rundll32.exe "C:\WINDOWS\system32\rdawifpc.dll",b
O4 - HKLM\..\Run: [BM6beedad2] Rundll32.exe "C:\WINDOWS\system32\wbsrvwip.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212712435753
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1191965768658
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://vpn.madcatz.com/NELX.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {CF4A2C45-CB89-4018-94BB-C2CACB83A537} (XancamX Camera Control) - https://homesight.xanboo.com/homesig...ce/xancamx.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://attwm.webex.com/client/v_myw...ex/ieatgpc.cab
O21 - SSODL: vltdfabw - {1909B201-F06A-4287-994F-2538780EFB03} - C:\WINDOWS\vltdfabw.dll (file missing)
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - Unknown owner - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8021 bytes

Thanks for taking a look,

Drew
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,966 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
04-Jul-2008, 10:40 AM #2
Welcome to TSG

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Hardy Heron 8.04
drewt2000's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Jun 2008
Experience: Intermediate
06-Jul-2008, 11:15 PM #3
can not get rid of vundo
Hi sjpritch25,

Thanks for picking up my post and helping me rid my system of Vundo. I have the logs you requested and will paste in this reply but first I left something out, I can not start my auto update service. Hope this is a part of the vundo trojan but if not I will need assistance with that also. THX

Here are the logs for combofix and HJT:

COMBOFIX Log

ComboFix 08-07-05.1 - Andrew 2008-07-06 19:45:12.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.164 [GMT -7:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\PHRL84JL\www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\edwf.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aakibxpq.ini
C:\WINDOWS\system32\aGilTvut.ini
C:\WINDOWS\system32\aGilTvut.ini2
C:\WINDOWS\system32\aivtmovy.ini
C:\WINDOWS\system32\AyJStBeg.ini
C:\WINDOWS\system32\AyJStBeg.ini2
C:\WINDOWS\system32\ayvwyljp.ini
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\caltenwp.ini
C:\WINDOWS\system32\CKmWyyay.ini
C:\WINDOWS\system32\CKmWyyay.ini2
C:\WINDOWS\system32\clfgoljk.ini
C:\WINDOWS\system32\cpfiwadr.ini
C:\WINDOWS\system32\dcKkmnnn.ini
C:\WINDOWS\system32\dcKkmnnn.ini2
C:\WINDOWS\system32\DJjQtBeg.ini
C:\WINDOWS\system32\DJjQtBeg.ini2
C:\WINDOWS\system32\EOXbdccf.ini
C:\WINDOWS\system32\EOXbdccf.ini2
C:\WINDOWS\system32\gdhvxeyw.dll
C:\WINDOWS\system32\geBtSJyA.dll
C:\WINDOWS\system32\gwnoiwbf.ini
C:\WINDOWS\system32\hgGwWMdE.dll
C:\WINDOWS\system32\hjbrpsnc.ini
C:\WINDOWS\system32\hlubbsho.ini
C:\WINDOWS\system32\ibvrdqde.ini
C:\WINDOWS\system32\jmamqakl.ini
C:\WINDOWS\system32\jxeunreq.dll
C:\WINDOWS\system32\knnUCcdd.ini
C:\WINDOWS\system32\knnUCcdd.ini2
C:\WINDOWS\system32\ljtnuwhm.dll
C:\WINDOWS\system32\lmttulbt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdfhbkne.ini
C:\WINDOWS\system32\mtgtgesv.ini
C:\WINDOWS\system32\mtxbgmsm.ini
C:\WINDOWS\system32\ngcedsdx.ini
C:\WINDOWS\system32\nytsqjrc.ini
C:\WINDOWS\system32\okiatqqy.ini
C:\WINDOWS\system32\omffrnas.dll
C:\WINDOWS\system32\oWHQAcfe.ini
C:\WINDOWS\system32\oWHQAcfe.ini2
C:\WINDOWS\system32\phurycyd.dll
C:\WINDOWS\system32\pirkygxv.ini
C:\WINDOWS\system32\pptopysb.ini
C:\WINDOWS\system32\pwnetlac.dll
C:\WINDOWS\system32\qlpnnkpk.ini
C:\WINDOWS\system32\rCKSuBeg.ini
C:\WINDOWS\system32\rCKSuBeg.ini2
C:\WINDOWS\system32\rdawifpc.dll
C:\WINDOWS\system32\rxchewog.ini
C:\WINDOWS\system32\ttBKRXbc.ini
C:\WINDOWS\system32\ttBKRXbc.ini2
C:\WINDOWS\system32\uasrhykj.ini
C:\WINDOWS\system32\urapiujj.ini
C:\WINDOWS\system32\veigtbpm.ini
C:\WINDOWS\system32\vpuwxtst.ini
C:\WINDOWS\system32\wbsrvwip.dll
C:\WINDOWS\system32\wvommugx.ini
C:\WINDOWS\system32\xwughjny.ini
C:\WINDOWS\system32\ycJloUtv.ini
C:\WINDOWS\system32\ycJloUtv.ini2
C:\WINDOWS\system32\YIOWDcfe.ini
C:\WINDOWS\system32\YIOWDcfe.ini2
.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.
2008-07-06 19:59 . 2008-07-06 19:59 294 ---hs---- C:\WINDOWS\system32\rxchewog.ini
2008-07-06 19:21 . 2008-07-06 19:21 89,088 --a------ C:\WINDOWS\system32\gowehcxr.dll
2008-07-03 11:20 . 2008-07-03 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-03 10:53 . 2008-07-03 10:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-18 20:01 . 2007-06-27 09:41 101,248 -ra------ C:\WINDOWS\system32\drivers\swnc8u56.sys
2008-06-18 20:00 . 2008-06-18 20:00 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\AT&T
2008-06-18 20:00 . 2007-06-27 09:42 73,856 -ra------ C:\WINDOWS\system32\drivers\swumx56.sys
2008-06-18 19:57 . 2008-06-18 19:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2008-06-18 19:53 . 2003-09-08 14:43 89,728 --a------ C:\WINDOWS\system32\drivers\usbvsp.sys
2008-06-18 19:52 . 2008-06-18 19:52 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\DBUpdater
2008-06-18 19:52 . 2008-03-06 15:57 27,072 --a------ C:\WINDOWS\system32\drivers\PCASp50.sys
2008-06-18 19:45 . 2008-06-18 19:34 26,504 --a------ C:\WINDOWS\system32\drivers\swmsflt.sys
2008-06-18 19:42 . 2008-06-18 19:42 <DIR> d-------- C:\Program Files\AT&T
2008-06-18 19:42 . 2008-06-18 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-06-18 19:40 . 2008-06-18 19:40 <DIR> d-------- C:\Program Files\Option
2008-06-18 19:38 . 2008-06-18 19:38 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-06-18 19:34 . 2008-06-18 19:34 <DIR> d-------- C:\Program Files\Sierra Wireless Inc
2008-06-18 19:34 . 2008-06-18 19:34 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Sierra Wireless
2008-06-18 08:30 . 2007-06-19 23:35 24,096 --a------ C:\WINDOWS\system32\drivers\ts_lb.sys
2008-06-18 08:29 . 2008-06-18 08:29 <DIR> d-------- C:\Program Files\CommView
2008-06-18 08:29 . 2006-12-07 22:04 19,240 --a------ C:\WINDOWS\system32\drivers\cv2k1.sys
2008-06-17 22:10 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-17 19:36 . 2008-06-17 19:37 32,952 --a------ C:\Documents and Settings\Andrew\Application Data\GDIPFONTCACHEV1.DAT
2008-06-17 19:03 . 2008-07-03 12:13 110,454 --a------ C:\WINDOWS\BM6beedad2.xml
2008-06-12 13:53 . 2008-06-12 13:53 <DIR> d-------- C:\Program Files\Enigma Software Group
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 00:10 1,864 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-15 21:09 --------- d-----w C:\Program Files\VDNA
2008-05-10 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-10 16:01 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 16:50 32,952 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-06 23:02 1,111 ----a-w C:\Documents and Settings\Andrew\SDM-2.4-2811-c2800nm-advipservicesk9-mz.124-9.T6.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 11:33 155648]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 10:36 114688]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 20:48 1392640]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2008-05-01 22:06 33280]
"68dde94e"="C:\WINDOWS\system32\gowehcxr.dll" [2008-07-06 19:21 89088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.NTN1"= NUVision.ax
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\System32\WLTRAY [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
--a------ 2007-04-08 08:44 303104 C:\Program Files\Essentials Codec Pack\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-06 22:42 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-25 12:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-03-14 17:03 24104 C:\Program Files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys [2007-06-19 23:35]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-08-01 06:45]
R2 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2003-08-06 15:27]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2003-08-01 06:45]
R3 SSLDrv;SSL-VPN NetExtender Adapter;C:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2006-08-28 15:13]
S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys []
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2008-03-06 16:10]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-12-07 22:04]
S3 NUVision;SuperXan USBVision (4);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2003-11-20 18:40]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2008-03-06 15:57]
S3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2002-11-05 17:39]
S3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2008-06-18 19:34]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);C:\WINDOWS\system32\DRIVERS\swnc8u56.sys [2007-06-27 09:41]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);C:\WINDOWS\system32\DRIVERS\swumx56.sys [2007-06-27 09:42]
S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E]
\Shell\AutoRun\command - E:\WIN\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-03 20:56:40 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-03 20:56:42 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{05448A74-4691-4A50-A887-21E646AB4F78} - C:\WINDOWS\system32\geBtQjJD.dll
BHO-{1BDC2382-6BB1-4B1A-8ECB-C90B10255E9C} - C:\WINDOWS\system32\efcDWOIY.dll
BHO-{29CA29B2-5381-41BF-B25F-B2C75C59F249} - C:\WINDOWS\system32\ddcCUnnk.dll
BHO-{3046BD0C-3072-4926-8A2D-9E6E110980B6} - C:\WINDOWS\system32\efcAQHWo.dll
BHO-{41AB2F7B-D0FF-4173-B2E8-7BA96283BC74} - C:\WINDOWS\system32\cbXRKBtt.dll
BHO-{44C5E781-6F31-498C-AB1A-4EE91A2CA8C3} - C:\WINDOWS\system32\yayyWmKC.dll
BHO-{506CD2FF-92FE-49F9-9CA4-FD76A509ABF3} - C:\WINDOWS\system32\geBuSKCr.dll
BHO-{91FB8C62-BB19-4437-9544-7AB3C35B4511} - C:\WINDOWS\system32\fccdbXOE.dll
BHO-{BF3F94CF-D61A-45C8-AB31-020CAADD4A6B} - C:\WINDOWS\system32\nnnmkKcd.dll
BHO-{C4B8C3C8-1983-4267-ACFB-058D1275EC4C} - C:\WINDOWS\system32\vtUolJcy.dll
BHO-{FC8BE4F9-AD6D-4F90-9039-8255CF1739E7} - C:\WINDOWS\system32\tuvTliGa.dll
HKLM-Run-BM6beedad2 - C:\WINDOWS\system32\wbsrvwip.dll
Notify-jkkKbXnO - jkkKbXnO.dll
MSConfigStartUp-68dde94e - C:\WINDOWS\system32\crjqstyn.dll
MSConfigStartUp-ctfmona - C:\WINDOWS\system32\ctfmona.exe
MSConfigStartUp-InstallProgram - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup_526_1_.exe
MSConfigStartUp-LXSUPMON - C:\WINDOWS\system32\LXSUPMON.EXE

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 19:59:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\gowehcxr.dll
-> ?:\WINDOWS\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM32\BMWEBCFG.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\WINDOWS\SYSTEM32\CISVC.EXE
C:\PROGRAM FILES\MCAFEE\MSC\MCMSCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
C:\PROGRAM FILES\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
C:\PROGRAM FILES\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
C:\PROGRAM FILES\MCAFEE\MPF\MPFSRV.EXE
C:\PROGRAM FILES\SONICWALL\SSL-VPN\NETEXTENDER\NESERVICE.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\PROGRAM FILES\ZUNE\ZUNENSS.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE
C:\PROGRAM FILES\APOINT\APNTEX.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-06 20:03:00 - machine was rebooted [Andrew]
ComboFix-quarantined-files.txt 2008-07-07 03:02:44
Pre-Run: 6,559,956,992 bytes free
Post-Run: 6,418,972,672 bytes free
274 --- E O F --- 2008-05-21 00:30:19


Highjackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:42, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Link...itCheckError=5
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [68dde94e] rundll32.exe "C:\WINDOWS\system32\gowehcxr.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212712435753
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1191965768658
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://vpn.madcatz.com/NELX.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {CF4A2C45-CB89-4018-94BB-C2CACB83A537} (XancamX Camera Control) - https://homesight.xanboo.com/homesig...ce/xancamx.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://attwm.webex.com/client/v_myw...ex/ieatgpc.cab
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - Unknown owner - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7956 bytes


Again Thanks for your quick response.

Drew
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,966 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
06-Jul-2008, 11:30 PM #4
Good Job.


Download the attached file CFScript.txt to your Desktop




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this computer only!!!!

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.


=========================================



Please download ATF Cleaner by Atribune.

This program is for XP, Windows 2000, and Vista
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.

If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.



===========================================


Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
Attached Files
File Type: txt CFScript.txt (270 Bytes, 16 views)
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Hardy Heron 8.04
Last edited by sjpritch25 : 06-Jul-2008 11:31 PM. Reason: forgot cfscript duh
drewt2000's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Jun 2008
Experience: Intermediate
08-Jul-2008, 03:56 PM #5
ComboFix 08-07-05.1 - Andrew 2008-07-08 12:27:57.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.182 [GMT -7:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andrew\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gowehcxr.dll
C:\WINDOWS\system32\rxchewog.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.
2008-07-07 10:11 . 2008-07-07 10:11 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-06 20:26 . 2008-07-06 20:26 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Apple Computer
2008-07-06 20:25 . 2008-07-06 20:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-06 20:25 . 2008-07-06 20:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-03 11:20 . 2008-07-03 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-03 10:53 . 2008-07-03 10:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-18 20:01 . 2007-06-27 09:41 101,248 -ra------ C:\WINDOWS\system32\drivers\swnc8u56.sys
2008-06-18 20:00 . 2008-06-18 20:00 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\AT&T
2008-06-18 20:00 . 2007-06-27 09:42 73,856 -ra------ C:\WINDOWS\system32\drivers\swumx56.sys
2008-06-18 19:57 . 2008-06-18 19:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2008-06-18 19:53 . 2003-09-08 14:43 89,728 --a------ C:\WINDOWS\system32\drivers\usbvsp.sys
2008-06-18 19:52 . 2008-06-18 19:52 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\DBUpdater
2008-06-18 19:52 . 2008-03-06 15:57 27,072 --a------ C:\WINDOWS\system32\drivers\PCASp50.sys
2008-06-18 19:45 . 2008-06-18 19:34 26,504 --a------ C:\WINDOWS\system32\drivers\swmsflt.sys
2008-06-18 19:42 . 2008-06-18 19:42 <DIR> d-------- C:\Program Files\AT&T
2008-06-18 19:42 . 2008-06-18 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-06-18 19:40 . 2008-06-18 19:40 <DIR> d-------- C:\Program Files\Option
2008-06-18 19:38 . 2008-06-18 19:38 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-06-18 19:34 . 2008-06-18 19:34 <DIR> d-------- C:\Program Files\Sierra Wireless Inc
2008-06-18 19:34 . 2008-06-18 19:34 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Sierra Wireless
2008-06-18 08:30 . 2007-06-19 23:35 24,096 --a------ C:\WINDOWS\system32\drivers\ts_lb.sys
2008-06-18 08:29 . 2008-06-18 08:29 <DIR> d-------- C:\Program Files\CommView
2008-06-18 08:29 . 2006-12-07 22:04 19,240 --a------ C:\WINDOWS\system32\drivers\cv2k1.sys
2008-06-17 22:10 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-17 19:36 . 2008-06-17 19:37 32,952 --a------ C:\Documents and Settings\Andrew\Application Data\GDIPFONTCACHEV1.DAT
2008-06-17 19:03 . 2008-07-03 12:13 110,454 --a------ C:\WINDOWS\BM6beedad2.xml
2008-06-12 13:53 . 2008-06-12 13:53 <DIR> d-------- C:\Program Files\Enigma Software Group
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 00:10 1,864 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-15 21:09 --------- d-----w C:\Program Files\VDNA
2008-05-10 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-10 16:01 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 16:50 32,952 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-06 23:02 1,111 ----a-w C:\Documents and Settings\Andrew\SDM-2.4-2811-c2800nm-advipservicesk9-mz.124-9.T6.bin
.
((((((((((((((((((((((((((((( snapshot@2008-07-06_20.02.01.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 02:58:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 17:06:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-07 00:10:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-08 19:28:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-07 00:10:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-08 19:28:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-07 00:10:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-08 19:28:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 11:33 155648]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 10:36 114688]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 20:48 1392640]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2008-05-01 22:06 33280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.NTN1"= NUVision.ax
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\System32\WLTRAY [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
--a------ 2007-04-08 08:44 303104 C:\Program Files\Essentials Codec Pack\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-06 22:42 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-25 12:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-03-14 17:03 24104 C:\Program Files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys [2007-06-19 23:35]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-08-01 06:45]
R2 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2003-08-06 15:27]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2003-08-01 06:45]
R3 SSLDrv;SSL-VPN NetExtender Adapter;C:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2006-08-28 15:13]
S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys []
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2008-03-06 16:10]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-12-07 22:04]
S3 NUVision;SuperXan USBVision (4);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2003-11-20 18:40]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2008-03-06 15:57]
S3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2002-11-05 17:39]
S3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2008-06-18 19:34]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);C:\WINDOWS\system32\DRIVERS\swnc8u56.sys [2007-06-27 09:41]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);C:\WINDOWS\system32\DRIVERS\swumx56.sys [2007-06-27 09:42]
S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E]
\Shell\AutoRun\command - E:\WIN\setup.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-12-03 20:56:40 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-03 20:56:42 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-68dde94e - C:\WINDOWS\system32\gowehcxr.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 12:31:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-08 12:31:57
ComboFix-quarantined-files.txt 2008-07-08 19:31:54
ComboFix2.txt 2008-07-07 03:03:08
Pre-Run: 3,691,823,104 bytes free
Post-Run: 3,718,037,504 bytes free
177 --- E O F --- 2008-07-08 19:25:21



Malwarebytes' Anti-Malware 1.20
Database version: 932
Windows 5.1.2600 Service Pack 2
12:49:47 PM 7/8/2008
mbam-log-7-8-2008 (12-49-47).txt
Scan type: Quick Scan
Objects scanned: 42986
Time elapsed: 6 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.bsog (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de4a7692-b2cb-4d1a-9956-76a8a028caa0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dpevflbg.bwsx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,966 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
10-Jul-2008, 09:43 AM #6
How is everything running??
drewt2000's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Jun 2008
Experience: Intermediate
10-Jul-2008, 01:04 PM #7
Thing are running much better than before. No popups and the system runs at expected speeds.

I still have trouble installing autoupdates but at least I can get to the site and see what's needs to be updated. Also my clock displays 24hr rather that 12hr and I can't change it.

I appreciate all the help to get rid of this horrable virus, Thank you thank you thank you.
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,966 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
10-Jul-2008, 01:14 PM #8
To reset your clock:
  • Click My Computer
  • Open the Control Panel
  • Select Time Options
  • Classic View: Open Reginal and Language Options or Category View: Date, Time, Language and Regional Options.
  • Click Change the format of numbers, dates, and times.
  • Select the Regional Options tab.
  • Next to the box that shows your selected language click "Customize".
  • Click the "Time" tab.
  • In the "Time Format" box enter:
  • Standard Format: "h:mm:ss:tt"
  • Military Format: "HH:mm:ss"



Double-click on OTMovit.exe and click on the Cleanup button.


Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  2. Here are two great Preventive programs
:
  1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
  2. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
  1. Red for Warning
  2. Yellow for Use Caution
  3. Green for Safe
  4. Grey for Unknown

Here are the link to install SiteAdisor in Internet Explorer and Firefox
  • Anti-Spyware Programs I Recommend:
  • Free Anti-Spyware Programs
  1. MalwareBytes Anti-Malware
  2. Lavasoft's Ad-Aware SE Personal
  3. Windows Defender
  • Free Firewalls
  1. Sunbelt Personal Firewall
  2. ZoneAlarm Free Firewall by Check Point
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Hardy Heron 8.04
drewt2000's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Jun 2008
Experience: Intermediate
10-Jul-2008, 07:14 PM #9
That's for all your help with restoring my system to a working order.
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,966 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
10-Jul-2008, 07:26 PM #10
Your Welcome!!!!
Closed Thread

Tags
vundo, vundomonde

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who help people like you solve computer problems. See our Welcome Guide to get started.



Thread Tools


Related Sites: 56k Dial-Up | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 02:53 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.