BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trojan.Vundo, Trojan.horse.generic, How to remove?
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Trojan.Vundo, Trojan.horse.generic, How to remove?  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Trojan.Vundo, Trojan.horse.generic, How to remove?
[ << Previous Thread | Next Thread >> ]

elsmootho
New Member




Date Joined Jan 2007
Total Posts : 34
 
   Posted 5/13/2007 6:22 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Dear Touch, Andrei,
    Infected with multiple Trojans, Vundo, Nebular, Downloader, etc etc...  freaked
    Windows XP SP2 2002 edition
 
Ran AVG anti-Virus, ran AVG Antispyware, rootchk.exe, and hijackthis.
Here are the logfiles... Would really appreciate your expert advice...
 
Thanks in advance...       .... elsmootho. shocked
 
AVG log;
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
 + Created at: 7:54:30 PM 5/12/2007
 + Scan result: 
 
C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP746\A0033996.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP748\A0034297.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\afcwlxqf.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\evnexmhu.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\huyyonwx.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iyjryhdc.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\keoatqrg.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ktiuurht.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mfgtpois.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qoensens.dll -> Adware.BHO : Cleaned with backup (quarantined).
[2052] VM_01F70000 -> Adware.BHO : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Eeee -> Adware.EzSearchBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP748\A0034298.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kcunkt.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Міcrosoft.NET\__delete_on_reboot__l_о_g_o_n_u_i_._e_x_e_ -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rqrqqnm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Irene\Local Settings\Temporary Internet Files\Content.IE5\GJEHOTOK\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Irene\Cookies\irene@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Irene\Cookies\irene@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Irene\Cookies\irene@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Irene\Cookies\irene@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP742\A0033852.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnstssv32.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end
 
rootchk log;
********************************* ROOTCHK-(02-05-07)-LOG, by ejvindh
Sat 05/12/2007 23:04:07.14
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 23:04:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
HijackThis log;
Logfile of HijackThis v1.99.1
Scan saved at 11:08:38 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Sergio_Docs\Virus_Clean\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/montreal/montrealgazette/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B72141A-3863-4F22-85A1-966A3CC475D2} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {35E0AF65-4783-3F51-A73D-6DE33FEFFB93} - C:\WINDOWS\system32\kcunkt.dll (file missing)
O2 - BHO: (no name) - {61802808-BB20-49CD-8904-9CF136EBFC11} - C:\WINDOWS\system32\srqhaygk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D2692EE8-4795-44F4-A8FF-8FAC5D4FE947} - C:\WINDOWS\system32\rqrqqnm.dll (file missing)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\ysoovvov.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ywlnyjwb.dll",realset
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cubs] "C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110651297645
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: rqrqqnm - rqrqqnm.dll (file missing)
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Radidmr - Sonic Solutions - (no file)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
 
 
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/13/2007 8:58 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Hi elsmootho cool
 
 
Please download Combofix:
download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

elsmootho
New Member




Date Joined Jan 2007
Total Posts : 34
 
   Posted 5/16/2007 5:06 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Dear Touch,  cry 
    Ran Combofix and Hijackthis again, here are the logs....
Combofix said it would take at least 10min, but completed in less than 5min.
Many thanks in advance for your ongoing support...
...elsmootho shocked
 
Combofix Log;
"Irene" - 2007-05-15 21:47:50    Service Pack 2 
ComboFix 07-05.13.V - Running from: "C:\Sergio_Docs\Virus_Clean\"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Irene
C:\qoobox\purity\C\DOCUME~1\Irene\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\Irene\APPLIC~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe
C:\qoobox\purity\C\DOCUME~1\Irene\APPLIC~1\DOBE~1\?dobe
C:\qoobox\purity\C\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\C\WINDOWS\ICROSO~1.NET
C:\qoobox\purity\C\WINDOWS\ICROSO~1.NET\m?dtc.exe

(((((((((((((((((((((((((((((((   Files Created from 2007-04-05 to 2007-05-15  ))))))))))))))))))))))))))))))))))

2007-05-14 08:17 60,928 --a------ C:\WINDOWS\system32\aubauq.dll
2007-05-14 08:17 2 --a------ C:\WINDOWS\system32\wnstssv32.exe
2007-05-14 08:17 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-05-12 19:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-12 18:16 <DIR> d-------- C:\Program Files\CCleaner
2007-05-10 13:44 132,660 --------- C:\WINDOWS\system32\ywlnyjwb.dll
2007-05-08 15:43 961,176 --ahs---- C:\WINDOWS\system32\rrqss.bak2
2007-05-07 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-05-07 07:38 961,392 --ahs---- C:\WINDOWS\system32\rrqss.bak1
2007-05-07 07:29 <DIR> d-------- C:\DOCUME~1\Irene\APPLIC~1\?dobe

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-16 01:49:12 -------- d-----w C:\DOCUME~1\Irene\APPLIC~1\?dobe
2007-05-15 10:04:13 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-05-12 13:27:46 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-08 10:54:35 -------- d-----w C:\Program Files\Google
2007-05-07 22:24:07 -------- d-----w C:\DOCUME~1\Irene\APPLIC~1\AdobeUM

((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 01:47]
{0B72141A-3863-4F22-85A1-966A3CC475D2}=C:\WINDOWS\system32\ssqrr.dll []
{35E0AF65-4783-3F51-A73D-6DE33FEFFB93}=C:\WINDOWS\system32\kcunkt.dll []
{60B4FC36-47D3-3E51-F03D-6DE33FEFFD98}=C:\WINDOWS\system32\aubauq.dll [2007-03-19 14:30]
{61802808-BB20-49CD-8904-9CF136EBFC11}=C:\WINDOWS\system32\srqhaygk.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"SManager"="smanager.7.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-02-27 04:06]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 17:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-07 15:40]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 12:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"SManager"="smanager.7.exe" [])
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-12 18:49]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:07]
"Cubs"="C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe" [2007-05-07 07:29]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-07 11:07]
"Naosk"="C:\WINDOWS\?icrosoft.NET\m?dtc.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WeatherEye"="C:\\program files\\TheWeatherNetwork\\WeatherEye\\WeatherEye"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Cubs"="\"C:\\DOCUME~1\\Irene\\APPLIC~1\\DOBE~1\\dexplore.exe\" -vt yazb"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Naosk"="C:\\WINDOWS\\?icrosoft.NET\\m?dtc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqqnm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages msv1_0\0\0
   Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages scecli\0\0
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 21:49:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************
Completion time: 2007-05-15 21:49:39
C:\ComboFix-quarantined-files.txt ... 2007-05-15 21:49
 
Hijackthis Log;
Logfile of HijackThis v1.99.1
Scan saved at 9:55:54 PM, on 5/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\?icrosoft.NET\m?dtc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Sergio_Docs\Virus_Clean\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/montreal/montrealgazette/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B72141A-3863-4F22-85A1-966A3CC475D2} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {35E0AF65-4783-3F51-A73D-6DE33FEFFB93} - C:\WINDOWS\system32\kcunkt.dll (file missing)
O2 - BHO: (no name) - {60B4FC36-47D3-3E51-F03D-6DE33FEFFD98} - C:\WINDOWS\system32\aubauq.dll
O2 - BHO: (no name) - {61802808-BB20-49CD-8904-9CF136EBFC11} - C:\WINDOWS\system32\srqhaygk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cubs] "C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Naosk] C:\WINDOWS\?icrosoft.NET\m?dtc.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110651297645
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: rqrqqnm - rqrqqnm.dll (file missing)
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Radidmr - Sonic Solutions - (no file)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
The end...

 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/16/2007 11:16 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
You can safely delete c: qoobox folder
 
 
Please download free  Trial of Superantispyware
 
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 
 
Please download ATF Cleaner:
 http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
O2 - BHO: (no name) - {0B72141A-3863-4F22-85A1-966A3CC475D2} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {35E0AF65-4783-3F51-A73D-6DE33FEFFB93} - C:\WINDOWS\system32\kcunkt.dll (file missing)
O2 - BHO: (no name) - {60B4FC36-47D3-3E51-F03D-6DE33FEFFD98} - C:\WINDOWS\system32\aubauq.dll
O2 - BHO: (no name) - {61802808-BB20-49CD-8904-9CF136EBFC11} - C:\WINDOWS\system32\srqhaygk.dll (file missing)
O4 - HKCU\..\Run: [Cubs] "C:\DOCUME~1\Irene\APPLIC~1\DOBE~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Naosk] C:\WINDOWS\?icrosoft.NET\m?dtc.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O20 - Winlogon Notify: rqrqqnm - rqrqqnm.dll (file missing)
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
 
 
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch (Windows XP) only.
Java Cache
Recycle Bin
NB. It's normal after running ATF cleaner that the PC will be slower to boot the first time.
 
 
 
 
Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
 
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
 
 
 
Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running  ?
 
 
 
 
 
 
 
 
 
 
 


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

asaygo
Junior Member


Date Joined Apr 2007
Total Posts : 60
 
   Posted 5/16/2007 12:08 PM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
I have seen on your report that Trojan.Downloader.Winfixer was present on your system. You can find details and clean instructions in the BullGuard Tech Guides: How to remove Trojan.Downloader.Winfixer.O

Post Edited (asaygo) : 11-06-2007 05:33:37 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/18/2007 2:11 PM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
cole trickle - Haven´t You read My signature ?
 
 
Click here - ->>  Before posting a log 
 
 
 After You have run the scan tools -
 
Reboot normally
 
Post AVG Antispyware log along with hijackthis log, rootchk log
in Your own thread/topic and tell how things are running
 


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

elsmootho
New Member




Date Joined Jan 2007
Total Posts : 34
 
   Posted 5/21/2007 6:55 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Dear Touch, shocked 
    Did all you said, here are the Superantispyware log, and new Hijackthis log, did not get Dr. Web log, Dr. Web is asking to remove all antivirus programs before install, not sure i wanna do that, is it really necessary? Last SuperAntispyware said everything was clean.
 
Thanks again for your ongoing support.
 
 
Superantispyware log;
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/20/2007 at 11:24 PM
Application Version : 3.7.1018
Core Rules Database Version : 3241
Trace Rules Database Version: 1252
Scan type       : Complete Scan
Total Scan Time : 00:28:21
Memory items scanned      : 514
Memory threats detected   : 0
Registry items scanned    : 5492
Registry threats detected : 0
File items scanned        : 25566
File threats detected     : 0
 
New Hijackthis log;
Logfile of HijackThis v1.99.1
Scan saved at 11:46:00 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Sergio_Docs\Virus_Clean\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/montreal/montrealgazette/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110651297645
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Radidmr - Sonic Solutions - (no file)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
THE END
..elsmootho out. freaked
 
 
 
 
 
 
Back to Top
 

elsmootho
New Member




Date Joined Jan 2007
Total Posts : 34
 
   Posted 5/21/2007 8:01 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Dear Touch,
   Just  for the heck of it, ran AVG antispyware one more time and found this;
Yikes   freaked
 
..elsmootho...
 
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
 + Created at: 12:57:14 AM 5/21/2007
 + Scan result: 
 
C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP751\A0034432.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{983C3FED-DBC1-4AD4-9A68-AB8B0FAF62B6}\RP748\A0034310.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

::Report end
 
Back to Top
 

elsmootho
New Member




Date Joined Jan 2007
Total Posts : 34
 
   Posted 5/26/2007 9:23 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Dear Touch,
    Didn hear from you with regards to my last communique,
hoping u missed it for some reason, please help!...
...elsmootho  freaked
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/26/2007 10:17 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Sorry, I have missed You blush
 
Please do this -
 
To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
System Restore
 
 
And You will get rid of any possible infections in Systemrestore/System Volume Information -
 
 
Here are some additional software you may wish to consider using, to prevent malicious software installing in your PC  - >

IE-SPYADS  IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known ad/spy servers and domains to the "Restricted Zone" of Internet Explorer. (Choose between IE-SPYAD and IE-SPYAD2). Freeware
 
Spyware Guard  Background process to check applications as they begin to run for known spyware and malicious code, produces an alert if necessary.  
Freeware.

SpywareBlaster  
From the same company as Spyware guard, this is not a scanner, it blocks malicious objects and code from being downloaded, in addition to blocking access to sites known to download malware. Spyware Blaster runs silently in the background and does not need to be open to protect your PC.  
Freeware
 
 
Make sure to keep these programs up-to-date
 
 


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

elsmootho
New Member




Date Joined Jan 2007
Total Posts : 34
 
   Posted 6/3/2007 5:27 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Dear Touch,
   Toggled the system restore, and installed Spyware Guard/Blaster as you suggested, Things seem to be running normally now. Thanks a million for your expert guidance, don't know what we would do without your support, you guys are the best...
...elsmootho. hop
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 6/3/2007 5:54 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
I was glad to help- Nice chopper btw smilewinkgrin


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

elsmootho
New Member




Date Joined Jan 2007
Total Posts : 34
 
   Posted 6/24/2007 4:47 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Hi Andrei,
   Just noticed that my recycle bin has disappeared. freaked Not sure if it was something I did when i was using HijackThis, or whatever. I tried to restore the recycle bin  with the instructions "edit the registry" in this link;
but it didn't do anything. shocked
Not sure if u have any experience with this but i thought i'd run it by you in this thread since it dissappeared about the time that we did all these repairs.
Again, Thanks in advance for your help...
..> elsmootho.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 6/25/2007 9:58 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Download this reg file -
 
 
Replace/Repair the Recycle Bin (Line 64) - Right pane
http://www.kellys-korner-xp.com/xp_tweaks.htm
 
Doubleclick on the reg file, say Yes to merge.
 
Reboot and see if You´ve got recycle bin back on desktop


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

elsmootho
New Member




Date Joined Jan 2007
Total Posts : 34
 
   Posted 8/5/2007 5:50 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Dear Touch,
    Just wanted to let you know that i got my recycle bin back and computer running great. You guys are the best! Many thanks for your excellent support! hop
.>>S
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 8/5/2007 9:26 AM (GMT +3)    Quote: Trojan.Vundo, Trojan.horse.generic, How to remove?Alert an admin about: Trojan.Vundo, Trojan.horse.generic, How to remove?
Thanks for feedback cool


Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please PM a Moderator and we will reopen it for you



Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 
New Topic Locked Topic Printable version of : Trojan.Vundo, Trojan.horse.generic, How to remove?
 
Forum Information
Currently it is Thursday, July 31, 2014 12:21 AM (GMT +3)
There are a total of 60,529 posts in 13,304 threads.
In the last 3 days there were 0 new threads and 0 reply posts. View Active Threads
Who's Online
This forum has 36191 registered members. Please welcome our newest member, EddieMayo.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads