Please download
VundoFix.exe to your desktop.
Double-click
VundoFix.exe to run it.
Put a check next to
Run VundoFix as a task. You will receive a message saying vundofix will close and re-open in a minute or less. Click
OK When VundoFix re-opens, click the
Scan for Vundo button.
Once it's done scanning, click the
Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click
YES Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click
OK.
Turn your computer back on.
Please post the contents of C:\
vundofix.txt and a new HiJackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 5:28:17 PM, on 6/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Update your Java. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
Go to the start menu - select run - type in
appwiz.cpl This should bring up add/remove programs
Look for all entries entitiled JS2 or JS2E - there may be more than one entry, select the option to remove them
Go
here and download and install
JRE 5.0 Update 7. Click the link that says
Download JRE 5.0 Update 7. You will then need to select
Accept License Agreement and click the
Continue button that is beside it. Then click the link that says
Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click
jre-1_5_0_07-windows-i586-p.exe to start the install.
Open HJT by double clicking on the icon and select the second button entitled "do a system scan only". Make sure you close any windows that are open or minumised
Now select the followng entries by placing a tick in the left hand check box
thanks for all the help to date Dorian. i was away so sorry hope the thread will refresh your memory. i followed all of your steps in your last message. How much more till its gone?
here is the new hijack log
Logfile of HijackThis v1.99.1
Scan saved at 8:13:22 PM, on 7/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Good news on your log. From looking through your results im happy to conclude that your log is visually free from any signs of malware
Below is my standard clean speech, feel free to read it through and ask any questions that you may have
Please advise on any problems that you may still be experiencing.
First lets rehide your System Files
ClickStart.
Open My Computer.
SelectTools menu
Click Folder Options.
Select the View Tab.
Uncheck Show hidden files and folders in the Hidden files and folders section.
Select Hide protected operating system files (recommended) option.
Check the Hide file extensions for known file types option.
ClickYes.
Click OK
Next lets reset your system restore points please follow these simple steps in order:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Clickthe System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn ON System Restore.
On the Desktop, right-clickMy Computer.
Click Properties.
Click theSystem Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then clickOK.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the
Apply button and then the
OK to exit the Internet Properties page.
Make sure you are protected with a known anti-virus checker and a firewall Windows XP will supply its own firewall but it will only monitor traffic in one direction
Recommended Anti-Virus Programs
There are many antivirus products out there, and at first, with there being so many different products it may look confusuing to you, some are free products and others are fully licienced products. It is up to you which you go for. For free antivirus product I would be looking at either
Avast Home edition or
AVG Free edition. If you are going to be looking at fully licienced software then I would seriously consider either
Nod32 or
kaspersky Antivirus products, both are excellent in their job of keeping viruses at bay.
Recommended Firewalls
Firewalls.... A firewall serves as a program that monitors ports, connections and programs, both incomming and outgoing from your computer. Windows does come with its own firewall but unfortunatly it only monitors traffic in one direction. As a result we advise that you install your own independant firewall. Two good firewalls you can choose from (both are free) are
Sunbelt Kerio Firewall and also
Zonealarm As with the above anti virus packages, both are excellent in their job.
Please note.... only ever install one anti virus product and one firewall, if you try running more than one antivirus on your computer they will conflct and cause problems with each other. Once you have these products installed and on board your computer the next thing is to update your anti virus, this will check for the latest virus definitions so that your anti virus can detect the latest viruses. One you have updated then you should run a full complete scan on your computer, this may take some time but it is highly advisable that you let this finish on its own accord.
Next, if they're not already present, I would reccomend the download and installation of some or all of the following programs (Unlike firewalls and virus checkers you can run more than one application at once, feel free to download ALL of the below if you wish)
Ad-Aware SE - This is a program that scans for and removes known spyware from your machine.
Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. These two tools (Ad-Aware & spybot) are perfect complements to each other as one will most always find something the other missed.
Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer.
For added protection you may also like to add a host file, for more information regarding host files read
here
Once you have installed and updated any malware solution tools you must remember to update regularly, I would advise at least a manual check of once a week as well as any auto scheduled checks.
Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint. The infection you had was vundo
Register your complaint about malware that has infected you - Stand and shout, let your voice be heard - Let others know how you feel
Dorian05
220 Posts
0
June 30th, 2006 17:00
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\ vundofix.txt and a new HiJackThis log.
Thanks - Dorian
nanopant
4 Posts
0
June 30th, 2006 20:00
Scan saved at 5:28:17 PM, on 6/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1143987430\ee\AOLHostManager.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\AOL\1143987430\ee\AOLServiceHost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1143987430\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1143987430\ee\AOLServiceHost.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/site/msa/?epi_menuItemID=3a9b88b68533ccc35f23b61153295c48&nv=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143987430\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail05b.shu.edu/iNotes6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139758741843
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
nanopant
4 Posts
0
June 30th, 2006 20:00
VundoFix V4.2.84
Running as SYSTEM
from c:\windows\system32\VundoFix.exe
Checking Java version...
Java version is 1.5.0.3
Scan started at 5:23:03 PM 6/30/2006
Listing files found while scanning....
C:\WINDOWS\System32\geeby.dll
C:\WINDOWS\System32\ybeeg.ini
C:\WINDOWS\System32\ybeeg.bak1
C:\WINDOWS\System32\ybeeg.bak2
C:\WINDOWS\System32\ybeeg.ini2
C:\WINDOWS\System32\ybeeg.tmp
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.tmp
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini2
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\ybeeg.ini2
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.tmp
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini2
C:\WINDOWS\system32\geeby.dll
Attempting to delete C:\WINDOWS\System32\geeby.dll
C:\WINDOWS\System32\geeby.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\ybeeg.ini
C:\WINDOWS\System32\ybeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\ybeeg.bak1
C:\WINDOWS\System32\ybeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\ybeeg.bak2
C:\WINDOWS\System32\ybeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\ybeeg.ini2
C:\WINDOWS\System32\ybeeg.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\ybeeg.tmp
C:\WINDOWS\System32\ybeeg.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Message Edited by nanopant on 06-30-200604:30 PM
Dorian05
220 Posts
0
July 1st, 2006 05:00
Just a couple of things to tidy up on
Update your Java.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
Go to the start menu - select run - type in appwiz.cpl This should bring up add/remove programs
Look for all entries entitiled JS2 or JS2E - there may be more than one entry, select the option to remove them
Go here and download and install JRE 5.0 Update 7. Click the link that says Download JRE 5.0 Update 7. You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-1_5_0_07-windows-i586-p.exe to start the install.
Open HJT by double clicking on the icon and select the second button entitled "do a system scan only".
Make sure you close any windows that are open or minumised
Now select the followng entries by placing a tick in the left hand check box
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://miniclip.com/platypus/miniclipGameLoader.dll
Once you have selected all entries then click once on the " fix checked" button to clear the entries from your log
Next reboot your computer and send me a resh HJT log - Thanks :)
nanopant
4 Posts
0
July 8th, 2006 23:00
Scan saved at 8:13:22 PM, on 7/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1143987430\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1143987430\ee\AOLServiceHost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\program files\common files\aol\1143987430\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1143987430\ee\AOLServiceHost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/site/msa/?epi_menuItemID=3a9b88b68533ccc35f23b61153295c48&nv=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143987430\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail05b.shu.edu/iNotes6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139758741843
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Dorian05
220 Posts
0
July 9th, 2006 05:00
Good news on your log. From looking through your results im happy to conclude that your log is visually free from any signs of malware
Below is my standard clean speech, feel free to read it through and ask any questions that you may have
Please advise on any problems that you may still be experiencing.
First lets rehide your System Files
- ClickStart.
- Open My Computer.
- SelectTools menu
- Click Folder Options.
- Select the View Tab.
- Uncheck Show hidden files and folders in the Hidden files and folders section.
- Select Hide protected operating system files (recommended) option.
- Check the Hide file extensions for known file types option.
- ClickYes.
- Click OK
Next lets reset your system restore points please follow these simple steps in order:
- Turn off System Restore.
- On the Desktop, right-click My Computer.
- Click Properties.
- Clickthe System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
- Turn ON System Restore.
- On the Desktop, right-clickMy Computer.
- Click Properties.
- Click theSystem Restore tab.
- Un-Check Turn off System Restore.
- Click Apply, and then clickOK.
Make your Internet Explorer more secure - This can be done by following these simple instructions:Restart your computer
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialise and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.Make sure you are protected with a known anti-virus checker and a firewall
Windows XP will supply its own firewall but it will only monitor traffic in one direction
Recommended Anti-Virus Programs
There are many antivirus products out there, and at first, with there being so many different products it may look confusuing to you, some are free products and others are fully licienced products. It is up to you which you go for. For free antivirus product I would be looking at either Avast Home edition or AVG Free edition. If you are going to be looking at fully licienced software then I would seriously consider either Nod32 or kaspersky Antivirus products, both are excellent in their job of keeping viruses at bay.
Recommended Firewalls
Firewalls.... A firewall serves as a program that monitors ports, connections and programs, both incomming and outgoing from your computer. Windows does come with its own firewall but unfortunatly it only monitors traffic in one direction. As a result we advise that you install your own independant firewall. Two good firewalls you can choose from (both are free) are Sunbelt Kerio Firewall and also Zonealarm As with the above anti virus packages, both are excellent in their job.
Please note.... only ever install one anti virus product and one firewall, if you try running more than one antivirus on your computer they will conflct and cause problems with each other. Once you have these products installed and on board your computer the next thing is to update your anti virus, this will check for the latest virus definitions so that your anti virus can detect the latest viruses. One you have updated then you should run a full complete scan on your computer, this may take some time but it is highly advisable that you let this finish on its own accord.
Next, if they're not already present, I would reccomend the download and installation of some or all of the following programs (Unlike firewalls and virus checkers you can run more than one application at once, feel free to download ALL of the below if you wish)
- Ad-Aware SE - This is a program that scans for and removes known spyware from your machine.
- Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. These two tools (Ad-Aware & spybot) are perfect complements to each other as one will most always find something the other missed.
- Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
- IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer.
For added protection you may also like to add a host file, for more information regarding host files read hereOnce you have installed and updated any malware solution tools you must remember to update regularly, I would advise at least a manual check of once a week as well as any auto scheduled checks.
Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........
Malware Complaints
If you were infected .... Stand Up and be Counted.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.
The infection you had was vundo
Register your complaint about malware that has infected you - Stand and shout, let your voice be heard - Let others know how you feel
Take care and happy surfin......
Dorian - aKa Steve