Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Please Help with Vundu(RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Please Help with Vundu(RESOLVED)

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 09-10-2009, 12:37 AM
Junior Member
New Recruit
  
Join Date: Jan 2005
Posts: 31
Draco Is a beginner here at D-A-L
Please Help with Vundu(RESOLVED)
Hi All,

I was infected with Vundu today . My friend told me to run SuperAntiSpyware and it did remove some items, but now I get:

"Error loading misahavuu.dll The specified module could not be found" every time I boot.

Also, it takes forever for the task manager to load and the internet is slow (I use IE) and eventually crashes.

Please help.

Thanks,

Draco

P.S. My system is running better after I ran MalwareBytes in Safe Mode (issues I mentioned above are gone), but my HJT log still has some 020 entries that don't look right:

O20 - AppInit_DLLs: kemituba.dll c:\windows\system32\misahavu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aSinadin - C:\WINDOWS\SYSTEM32\Sinadin.dll
O20 - Winlogon Notify: GEWinlogonNotify - C:\WINDOWS\SYSTEM32\GENotify.dll
Last edited by Draco; 09-10-2009 at 06:01 AM. Reason: update
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 09-10-2009, 08:08 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
re: Please Help with Vundu(RESOLVED)
please post the entire hijackthis log, a new one.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 10-10-2009, 04:59 AM
Junior Member
New Recruit
  
Join Date: Jan 2005
Posts: 31
Draco Is a beginner here at D-A-L
re: Please Help with Vundu(RESOLVED)
Hi Neal,

Thank you so much for jumping in and helping with this. Here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:12 PM, on 10/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliADSIComm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\SProtector.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageService.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageMgmtService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\RSGUIProvider.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe
C:\WINDOWS\system32\Simba.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe /p
O4 - HKLM\..\Run: [RunSimba] Simba.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1185287506235
O20 - AppInit_DLLs: kemituba.dll c:\windows\system32\misahavu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aSinadin - C:\WINDOWS\SYSTEM32\Sinadin.dll
O20 - Winlogon Notify: EARSWlNotify - EARSWlNotify.dll (file missing)
O20 - Winlogon Notify: GEWinlogonNotify - C:\WINDOWS\SYSTEM32\GENotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
O23 - Service: GuardianEdge Device Control (GuardianEdgeDCS) - GuardianEdge Technologies Inc. - C:\WINDOWS\system32\SProtector.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Removable Storage Service (RemovableStorageService) - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageService.exe
O23 - Service: Removable Storage Mgmt Service (RSMgmtSrvc) - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageMgmtService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7770 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 11-10-2009, 01:23 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
re: Please Help with Vundu(RESOLVED)
Let's run malwarebytes again but this time run it from safe mode:


Now reboot into safe mode( without networking support) by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

Post a new hijackthis log also please as well as malwarebytes log. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 12-10-2009, 12:18 AM
Junior Member
New Recruit
  
Join Date: Jan 2005
Posts: 31
Draco Is a beginner here at D-A-L
re: Please Help with Vundu(RESOLVED)
Hi Neal,

I was hoping that the entries in HJT were just orphaned keys, but something strange happened today... I got an "Auto Protect results" window telling me bojudiki.exe had been quarantined.

The mbam log was clean and HJT looks about the same to me. Here they are:

Malwarebytes' Anti-Malware 1.41
Database version: 2927
Windows 5.1.2600 Service Pack 2 (Safe Mode)

10/11/2009 6:51:33 PM
mbam-log-2009-10-11 (18-51-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 250007
Time elapsed: 56 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:00 PM, on 10/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe /p
O4 - HKLM\..\Run: [RunSimba] Simba.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1185287506235
O20 - AppInit_DLLs: kemituba.dll c:\windows\system32\misahavu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aSinadin - C:\WINDOWS\SYSTEM32\Sinadin.dll
O20 - Winlogon Notify: EARSWlNotify - EARSWlNotify.dll (file missing)
O20 - Winlogon Notify: GEWinlogonNotify - C:\WINDOWS\SYSTEM32\GENotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
O23 - Service: GuardianEdge Device Control (GuardianEdgeDCS) - GuardianEdge Technologies Inc. - C:\WINDOWS\system32\SProtector.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Removable Storage Service (RemovableStorageService) - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageService.exe
O23 - Service: Removable Storage Mgmt Service (RSMgmtSrvc) - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageMgmtService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6598 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 12-10-2009, 08:00 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
re: Please Help with Vundu(RESOLVED)
Pretty stubborn little booger, this ought to fininsh it off:


Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 12-10-2009, 09:15 PM
Junior Member
New Recruit
  
Join Date: Jan 2005
Posts: 31
Draco Is a beginner here at D-A-L
re: Please Help with Vundu(RESOLVED)
Hi Neal,

Thanks for sticking with this. Here is the log:

ComboFix 09-10-11.03 - jnathan 10/12/2009 15:34.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.455 [GMT -4:00]
Running from: c:\documents and settings\jnathan\Desktop\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\LOGD.tmp
c:\recycler\S-1-5-21-1761738190-3904273701-647144228-500
c:\recycler\S-1-5-21-1861051921-3496700317-2876151802-500
c:\recycler\S-1-5-21-2105523473-4164081215-3469813190-500
c:\recycler\S-1-5-21-264786636-820104479-3074361215-500
c:\recycler\S-1-5-21-3051292694-1012182518-900664899-500
c:\recycler\S-1-5-21-3175252470-752427379-1193816168-500
c:\recycler\S-1-5-21-3245786311-1634538207-1390268302-500
c:\recycler\S-1-5-21-3480471170-3890069715-3091554322-500
c:\recycler\S-1-5-21-3583946917-693770359-1077556492-500
c:\recycler\S-1-5-21-3607164100-3242601036-2387963287-500
c:\recycler\S-1-5-21-3784771607-1307642829-1866252449-500
c:\recycler\S-1-5-21-670218718-3299215079-1369253316-500
c:\recycler\S-1-5-21-842925246-1957994488-1708537768-500

----- BITS: Possible infected sites -----

hxxp://brkutil02
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-09 02:27 . 2009-10-09 02:27 -------- d-----w- c:\program files\Trend Micro
2009-10-09 01:18 . 2009-10-09 01:18 -------- d-----w- c:\documents and settings\jnathan\Application Data\Malwarebytes
2009-10-09 00:14 . 2009-10-09 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-09 00:14 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 00:14 . 2009-10-09 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-09 00:14 . 2009-10-09 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 00:14 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 22:58 . 2009-10-08 22:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-08 20:27 . 2009-10-08 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-08 20:27 . 2009-10-08 20:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-08 20:27 . 2009-10-08 20:27 -------- d-----w- c:\documents and settings\jnathan\Application Data\SUPERAntiSpyware.com
2009-10-08 20:22 . 2009-10-08 20:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-12 19:41 . 2007-07-26 22:14 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-12 19:18 . 2008-05-17 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-20 12:11 . 2007-07-25 15:49 64368 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 19:25 . 2009-07-08 19:25 26624 --sha-w- c:\windows\system32\gomuliwe.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca chedFileOverlayIcon]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2008-06-26 20:54 155648 ----a-w- c:\program files\GuardianEdge\GuardianEdge Clients\RSShellExCachedFileOverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\My OverlayIcon]
@="{0FADB634-82AE-4F25-976A-F44DFB1ED11F}"
[HKEY_CLASSES_ROOT\CLSID\{0FADB634-82AE-4F25-976A-F44DFB1ED11F}]
2008-06-26 20:54 151552 ----a-w- c:\program files\GuardianEdge\GuardianEdge Clients\RSShellExEncryptedFileOverlayIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-05-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-20 125632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-03-31 138008]
"EAFRCliStart"="c:\program files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe" [2008-06-30 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"RunSimba"="Simba.exe" - c:\windows\system32\Simba.exe [2008-07-14 1246528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSC lientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2008-5-12 6144]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aSinadin]
2008-07-14 13:30 582976 ----a-w- c:\windows\system32\Sinadin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\EARSWlNotify]
2008-06-26 20:52 19968 ----a-w- c:\program files\GuardianEdge\GuardianEdge Clients\EARSWlNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GEWinlogonNotify]
2008-06-30 17:31 73728 ----a-w- c:\windows\system32\GENotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-1301757911-1839964613-4090028354-8633\Scripts\Logon\0\0]
"Script"=setdesktopbackground.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SP]
@="Driver Group"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Diego;Diego;c:\windows\system32\drivers\Diego.sys [7/14/2008 9:30 AM 56768]
R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafs prot.sys [6/5/2008 10:53 AM 13440]
R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [6/5/2008 10:53 AM 83584]
R0 GEFilter;GEFilter;c:\windows\system32\drivers\EARS Fltr.sys [6/23/2008 1:41 PM 114304]
R0 Sahara;Sahara;c:\windows\system32\drivers\Sahara.s ys [7/14/2008 9:30 AM 138432]
R0 Salvador;Salvador;c:\windows\system32\drivers\Salv ador.sys [7/14/2008 9:30 AM 107584]
R0 Scarlet;Scarlet;c:\windows\system32\drivers\Scarle t.sys [7/14/2008 9:30 AM 39104]
R0 Sidney;Sidney;c:\windows\system32\drivers\Sidney.s ys [7/14/2008 9:30 AM 116160]
R1 Santa;Santa;c:\windows\system32\drivers\Santa.sys [7/14/2008 9:30 AM 55744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 EAFRCliManager;EAFRCliManager;c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe [6/30/2008 1:26 PM 221184]
R2 GuardianEdgeDCS;GuardianEdge Device Control;c:\windows\system32\SProtector.exe [7/14/2008 9:30 AM 206144]
R2 RemovableStorageService;Removable Storage Service;c:\program files\GuardianEdge\GuardianEdge Clients\RemovableStorageService.exe [6/26/2008 4:52 PM 1159168]
R2 RSMgmtSrvc;Removable Storage Mgmt Service;c:\program files\GuardianEdge\GuardianEdge Clients\RemovableStorageMgmtService.exe [6/26/2008 4:53 PM 6656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 8:02 PM 102448]
R3 Shlos;Shlos;c:\windows\system32\drivers\Shlos.sys [7/14/2008 9:30 AM 22208]
R3 Sofia;Safend Protector Network Filter Driver;c:\windows\system32\drivers\Sofia.sys [7/14/2008 9:30 AM 55104]
R3 Sofy;Sofy;c:\windows\system32\drivers\Sofy.sys [7/14/2008 9:30 AM 46272]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/20/2006 2:29 PM 116928]

--- Other Services/Drivers In Memory ---

*Deregistered* - ephdlink
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-17 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-SafendProtector
SafeBoot-SafendPS



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-12 15:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\ DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1692)
c:\windows\system32\CSGina.dll
c:\windows\system32\EAFRCliGina.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliMgr.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliPwdUser.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EACaseConverter.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliSso.dll
c:\program files\GuardianEdge\GuardianEdge Clients\GENovell.dll
c:\windows\system32\EAFRCliDBWrapper.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliManagerPS.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliWinGUI.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliDB.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliUserManagement.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAECC.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EPCL32.DLL
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliPwdUser.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EARSCliPwdUser.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFREventLog.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliDBWrapper.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliXlat.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliSSO.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Sinadin.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EARSWlNotify.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliEAFS.dll

- - - - - - - > 'explorer.exe'(3852)
c:\program files\GuardianEdge\GuardianEdge Clients\RSShellExCachedFileOverlayIcon.dll
c:\program files\GuardianEdge\GuardianEdge Clients\RSShellExEncryptedFileOverlayIcon.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliADSIComm.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SimonPro.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\GuardianEdge\GuardianEdge Clients\RSGUIProvider.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\wbem\wmiadap.exe
.
************************************************** ************************
.
Completion time: 2009-10-12 15:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 19:45

Pre-Run: 70,168,256,512 bytes free
Post-Run: 70,053,269,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn

239 --- E O F --- 2009-03-17 13:28
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 13-10-2009, 12:56 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
re: Please Help with Vundu(RESOLVED)
Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE

Quote:
File::
c:\windows\system32\misahavu.dll
c:\windows\system32\gomuliwe.dll
Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.






This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 13-10-2009, 03:13 AM
Junior Member
New Recruit
  
Join Date: Jan 2005
Posts: 31
Draco Is a beginner here at D-A-L
re: Please Help with Vundu(RESOLVED)
Hi Neal,

It’s scary how powerful this Vundu is. Thanks for all your help. Here are the logs:

ComboFix 09-10-12.02 - jnathan 10/12/2009 21:35.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.450 [GMT -4:00]
Running from: c:\documents and settings\jnathan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jnathan\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\system32\gomuliwe.dll"
"c:\windows\system32\misahavu.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gomuliwe.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-09 02:27 . 2009-10-09 02:27 -------- d-----w- c:\program files\Trend Micro
2009-10-09 01:18 . 2009-10-09 01:18 -------- d-----w- c:\documents and settings\jnathan\Application Data\Malwarebytes
2009-10-09 00:14 . 2009-10-09 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-09 00:14 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 00:14 . 2009-10-09 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-09 00:14 . 2009-10-09 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 00:14 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 22:58 . 2009-10-08 22:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-08 20:27 . 2009-10-08 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-08 20:27 . 2009-10-08 20:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-08 20:27 . 2009-10-08 20:27 -------- d-----w- c:\documents and settings\jnathan\Application Data\SUPERAntiSpyware.com
2009-10-08 20:22 . 2009-10-08 20:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-13 01:32 . 2007-07-26 22:14 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-12 19:18 . 2008-05-17 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-20 12:11 . 2007-07-25 15:49 64368 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_19.42.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2009-10-12 19:22 67622 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-10-13 01:28 67622 c:\windows\system32\perfc009.dat
+ 2009-10-08 19:20 . 2009-10-12 19:53 1858 c:\windows\SoftwareDistribution\EventCache\{FFD566 F1-8717-4909-B735-EAA0A6313856}.bin
+ 2001-08-23 12:00 . 2009-10-13 01:28 431064 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-10-12 19:22 431064 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca chedFileOverlayIcon]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2008-06-26 20:54 155648 ----a-w- c:\program files\GuardianEdge\GuardianEdge Clients\RSShellExCachedFileOverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\My OverlayIcon]
@="{0FADB634-82AE-4F25-976A-F44DFB1ED11F}"
[HKEY_CLASSES_ROOT\CLSID\{0FADB634-82AE-4F25-976A-F44DFB1ED11F}]
2008-06-26 20:54 151552 ----a-w- c:\program files\GuardianEdge\GuardianEdge Clients\RSShellExEncryptedFileOverlayIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-05-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-20 125632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-03-31 138008]
"EAFRCliStart"="c:\program files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe" [2008-06-30 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"RunSimba"="Simba.exe" - c:\windows\system32\Simba.exe [2008-07-14 1246528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSC lientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2008-5-12 6144]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aSinadin]
2008-07-14 13:30 582976 ----a-w- c:\windows\system32\Sinadin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\EARSWlNotify]
2008-06-26 20:52 19968 ----a-w- c:\program files\GuardianEdge\GuardianEdge Clients\EARSWlNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GEWinlogonNotify]
2008-06-30 17:31 73728 ----a-w- c:\windows\system32\GENotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-1301757911-1839964613-4090028354-8633\Scripts\Logon\0\0]
"Script"=setdesktopbackground.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SP]
@="Driver Group"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Diego;Diego;c:\windows\system32\drivers\Diego.sys [7/14/2008 9:30 AM 56768]
R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafs prot.sys [6/5/2008 10:53 AM 13440]
R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [6/5/2008 10:53 AM 83584]
R0 GEFilter;GEFilter;c:\windows\system32\drivers\EARS Fltr.sys [6/23/2008 1:41 PM 114304]
R0 Sahara;Sahara;c:\windows\system32\drivers\Sahara.s ys [7/14/2008 9:30 AM 138432]
R0 Salvador;Salvador;c:\windows\system32\drivers\Salv ador.sys [7/14/2008 9:30 AM 107584]
R0 Scarlet;Scarlet;c:\windows\system32\drivers\Scarle t.sys [7/14/2008 9:30 AM 39104]
R0 Sidney;Sidney;c:\windows\system32\drivers\Sidney.s ys [7/14/2008 9:30 AM 116160]
R1 Santa;Santa;c:\windows\system32\drivers\Santa.sys [7/14/2008 9:30 AM 55744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 EAFRCliManager;EAFRCliManager;c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe [6/30/2008 1:26 PM 221184]
R2 GuardianEdgeDCS;GuardianEdge Device Control;c:\windows\system32\SProtector.exe [7/14/2008 9:30 AM 206144]
R2 RemovableStorageService;Removable Storage Service;c:\program files\GuardianEdge\GuardianEdge Clients\RemovableStorageService.exe [6/26/2008 4:52 PM 1159168]
R2 RSMgmtSrvc;Removable Storage Mgmt Service;c:\program files\GuardianEdge\GuardianEdge Clients\RemovableStorageMgmtService.exe [6/26/2008 4:53 PM 6656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 8:02 PM 102448]
R3 Shlos;Shlos;c:\windows\system32\drivers\Shlos.sys [7/14/2008 9:30 AM 22208]
R3 Sofia;Safend Protector Network Filter Driver;c:\windows\system32\drivers\Sofia.sys [7/14/2008 9:30 AM 55104]
R3 Sofy;Sofy;c:\windows\system32\drivers\Sofy.sys [7/14/2008 9:30 AM 46272]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/20/2006 2:29 PM 116928]

--- Other Services/Drivers In Memory ---

*Deregistered* - ephdlink
.
Contents of the 'Scheduled Tasks' folder

2009-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-17 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-12 21:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\ DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\CSGina.dll
c:\windows\system32\EAFRCliGina.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliMgr.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliPwdUser.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EACaseConverter.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliSso.dll
c:\program files\GuardianEdge\GuardianEdge Clients\GENovell.dll
c:\windows\system32\EAFRCliDBWrapper.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliManagerPS.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliWinGUI.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliDB.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliUserManagement.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAECC.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EPCL32.DLL
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliPwdUser.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EARSCliPwdUser.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFREventLog.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliDBWrapper.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliXlat.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliSSO.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Sinadin.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EARSWlNotify.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliEAFS.dll
.
Completion time: 2009-10-13 21:41
ComboFix-quarantined-files.txt 2009-10-13 01:41
ComboFix2.txt 2009-10-12 19:45

Pre-Run: 70,072,885,248 bytes free
Post-Run: 70,034,636,800 bytes free

197 --- E O F --- 2009-03-17 13:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:04 PM, on 10/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliADSIComm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\SProtector.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageService.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageMgmtService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\RSGUIProvider.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Simba.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe /p
O4 - HKLM\..\Run: [RunSimba] Simba.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1185287506235
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aSinadin - C:\WINDOWS\SYSTEM32\Sinadin.dll
O20 - Winlogon Notify: EARSWlNotify - EARSWlNotify.dll (file missing)
O20 - Winlogon Notify: GEWinlogonNotify - C:\WINDOWS\SYSTEM32\GENotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
O23 - Service: GuardianEdge Device Control (GuardianEdgeDCS) - GuardianEdge Technologies Inc. - C:\WINDOWS\system32\SProtector.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Removable Storage Service (RemovableStorageService) - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageService.exe
O23 - Service: Removable Storage Mgmt Service (RSMgmtSrvc) - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\RemovableStorageMgmtService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7799 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 13-10-2009, 06:20 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
re: Please Help with Vundu(RESOLVED)
I think we got it, how is she behaveing now?
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump


All times are GMT +1. The time now is 12:41 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav