trojan.vundo

My wife has contracted trojan.vundo on her work laptop on Thanksgiving
weekend. (don't know how or where) We have spent well over $200 on
various "guaranteed fixes" but none of them have worked even though
the program being used at the time says it was either removed or
couldn't be found in the first place.Is there a product that can
remove trojan.vundo??? Often times the pop-ups go wild and open 100+
windows at a time making any useful computing tasks impossible. If
there is anything avaiable that can irradicate this bastard PLEASE LET
ME KNOW as this has been driving us crazy.

"Fixes" I've tried: (All programs were run in Safe Mode with the
Restore points turned off.)

FixVundo by Symantec/Norton
VundoFix by Atribune
AGV Antivirus
Fix-It Utilities Internet Security Suite v8
Trend-Micro Internet Security 2008
McAfee's removal tool
Shouting/cussing
Kicking the dog
etc.

All have reported that they have found trojan.vundo (trojan_vundo.???)
and attempted to remove it. And few even reported that they did remove
it.

Any other suggestions on getting rid of trojan.vundo other than body-
slamming the damned laptop on the driveway?

If you can offer any help PLEASE email me @ wwwebmail@yahoo.com

If it helps any here is a hijackthis log file that I ran yesterday. I
was warned that if I didn't know what I was doing, not to try and fix
anything myself as I could render the computer useless.

~~~~~~~ Beginning of Log file ~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 12:35:40 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-
C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion
\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:
\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar1.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-
C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure
\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS
\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS
\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging
\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe
\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It
\MemCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro
\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer
\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence
Eliminator\ee.exe /m
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger
\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Peto] "C:\WINDOWS\system32\YSTEM3~1\tracert.exe" -
vt yazb
O4 - HKCU\..\Run: [Rfdmt] C:\WINDOWS\??crosoft\?pool32.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk
\pddlghlp.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless
\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech
\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon
\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files
\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client)
- https://ra.53.com/CitrixSessionInit/...a32/icaweb.cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} -
http://www.silvercrk.com/php/hwheart...99_9141658.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX
Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-
C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger
\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files
\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS
\CDANTSRV.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files
\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co.,
Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:
\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. -
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec
\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS
\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS
\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) -
Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security
\SfCtlCom.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service
(TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM
\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro
Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc.
- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
~~~~~~~ End of Log file ~~~~~~~

On Jan 4, 9:53*am, KJB <wwwebm...@yahoo.com> wrote:
>
> If you can offer any help PLEASE email me @ wwwebm...@yahoo.com
>
Looks like my email address was removed.(I am posting through Google)

Email address is: wwwebmail at yahoo.com

Let's see if that works :-)

"KJB" <wwwebmail@yahoo.com> wrote in message
news:409a33f6-a1f7-443f-a5e3-a0dfbe3ab684@c4g2000hsg.googlegroups.com...
> My wife has contracted trojan.vundo on her work laptop on Thanksgiving
> weekend. (don't know how or where) We have spent well over $200 on
> various "guaranteed fixes" but none of them have worked even though
> the program being used at the time says it was either removed or
> couldn't be found in the first place.Is there a product that can
> remove trojan.vundo??? Often times the pop-ups go wild and open 100+
> windows at a time making any useful computing tasks impossible. If
> there is anything avaiable that can irradicate this bastard PLEASE LET
> ME KNOW as this has been driving us crazy.
> "Fixes" I've tried: (All programs were run in Safe Mode with the
> Restore points turned off.)
[snip *inappropriate for Usenet* HJT log]

You need to post your Hijackthis log to an appropriate forum to get
assistance from an expert.
This sounds like one of the new variants of Vundo/Zlob/SDBot. This is
pretty nasty, and you'll need their expertise to get rid of it.
Post your Hijackthis log to:
Hijackthis Guidelines - Read Before Posting
http://www.castlecops.com/postitle102301-0-0-.html

-jen

On Jan 4, 3:53*pm, "jen" <j...@example.com> wrote:
> "KJB" <wwwebm...@yahoo.com> wrote in message
>
>
> You need to post your Hijackthis log to an appropriate forum to get
> assistance from an expert.
> This sounds like one of the new variants of Vundo/Zlob/SDBot. This is
> pretty nasty, and you'll need their expertise to get rid of it.
> Post your Hijackthis log to:
> Hijackthis Guidelines - Read Before Postinghttp://www.castlecops.com/postitle102301-0-0-.html
>
> -jen

Thanks!!!

"KJB" <wwwebmail@yahoo.com> wrote in message
news:4d875236-7097-429f-bcdb-044d2e0436c8@r60g2000hsc.googlegroups.com...
On Jan 4, 3:53 pm, "jen" <j...@example.com> wrote:
>> You need to post your Hijackthis log to an appropriate forum to get
>> assistance from an expert.
>> This sounds like one of the new variants of Vundo/Zlob/SDBot. This is
>> pretty nasty, and you'll need their expertise to get rid of it.
>> Post your Hijackthis log to:
>> Hijackthis Guidelines - Read Before Posting
>> http://www.castlecops.com/postitle102301-0-0-.html
> Thanks!!!

You're welcome :)

-jen

Go here and download two files, Remove-it and Whatslivern run Remove-it
first and if the malware is still there then run the second diagnostic file
called whatslivern. That file will generate a log file, send me a copy of
that log file. It is much more detailed then HJT.
http://pcbutts1.com/downloads/tools/tools.htm

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"KJB" <wwwebmail@yahoo.com> wrote in message
news:409a33f6-a1f7-443f-a5e3-a0dfbe3ab684@c4g2000hsg.googlegroups.com...
> My wife has contracted trojan.vundo on her work laptop on Thanksgiving
> weekend. (don't know how or where) We have spent well over $200 on
> various "guaranteed fixes" but none of them have worked even though
> the program being used at the time says it was either removed or
> couldn't be found in the first place.Is there a product that can
> remove trojan.vundo??? Often times the pop-ups go wild and open 100+
> windows at a time making any useful computing tasks impossible. If
> there is anything avaiable that can irradicate this bastard PLEASE LET
> ME KNOW as this has been driving us crazy.
>
> "Fixes" I've tried: (All programs were run in Safe Mode with the
> Restore points turned off.)
>
> FixVundo by Symantec/Norton
> VundoFix by Atribune
> AGV Antivirus
> Fix-It Utilities Internet Security Suite v8
> Trend-Micro Internet Security 2008
> McAfee's removal tool
> Shouting/cussing
> Kicking the dog
> etc.
>
> All have reported that they have found trojan.vundo (trojan_vundo.???)
> and attempted to remove it. And few even reported that they did remove
> it.
>
> Any other suggestions on getting rid of trojan.vundo other than body-
> slamming the damned laptop on the driveway?
>
> If you can offer any help PLEASE email me @ wwwebmail@yahoo.com
>
> If it helps any here is a hijackthis log file that I ran yesterday. I
> was warned that if I didn't know what I was doing, not to try and fix
> anything myself as I could render the computer useless.
>
> ~~~~~~~ Beginning of Log file ~~~~~~~
> Logfile of HijackThis v1.99.1
> Scan saved at 12:35:40 PM, on 1/3/2008
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16574)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\Documents and Settings\Kevin\Desktop\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://red.clientapps.yahoo.com/cust...search/ie.html
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://red.clientapps.yahoo.com/cust.../www.yahoo.com
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://us.rd.yahoo.com/customize/ie/...ch/search.html
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
> http://red.clientapps.yahoo.com/cust.../www.yahoo.com
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
> \blank.htm
> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-
> C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion
> \Installs\cpn1\yt.dll
> O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:
> \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
> - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
> \program files\google\googletoolbar1.dll
> O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-
> C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure
> \TransactionProtector\TSToolbar.dll
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS
> \System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
> O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
> O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS
> \System32\ezSP_Px.exe
> O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
> O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging
> \{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
> O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
> Update\HPWuSchd2.exe
> O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe
> \Acrobat 7.0\Distillr\Acrotray.exe"
> O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It
> \MemCheck.exe
> O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
> O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro
> \Internet Security\UfSeAgnt.exe"
> O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer
> \RealPlay.exe SYSTEMBOOTHIDEPLAYER
> O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence
> Eliminator\ee.exe /m
> O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger
> \8876480\Program\LogitechDesktopMessenger.exe
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Peto] "C:\WINDOWS\system32\YSTEM3~1\tracert.exe" -
> vt yazb
> O4 - HKCU\..\Run: [Rfdmt] C:\WINDOWS\??crosoft\?pool32.exe
> O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
> \GoogleToolbarNotifier.exe
> O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk
> \pddlghlp.exe
> O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless
> \VZAccess Manager\VZAccess Manager.exe
> O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
> O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech
> \SetPoint\SetPoint.exe
> O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon
> \PictureProject\NkbMonitor.exe
> O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
> O8 - Extra context menu item: Convert link target to Adobe PDF -
> res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
> AcroIECapture.html
> O8 - Extra context menu item: Convert link target to existing PDF -
> res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
> AcroIEAppend.html
> O8 - Extra context menu item: Convert selected links to Adobe PDF -
> res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
> AcroIECaptureSelLinks.html
> O8 - Extra context menu item: Convert selected links to existing PDF -
> res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
> AcroIEAppendSelLinks.html
> O8 - Extra context menu item: Convert selection to Adobe PDF -
> res://C:\Program
> Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
> O8 - Extra context menu item: Convert selection to existing PDF -
> res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/
> AcroIEAppend.html
> O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
> Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
> O8 - Extra context menu item: Convert to existing PDF - res://C:\Program
> Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
> O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files
> \Yahoo!\Common/ycsrch.htm
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
> - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
> AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> C:\WINDOWS\System32\Shdocvw.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
> - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
> d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
> \xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
>- C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
> O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client)
> - https://ra.53.com/CitrixSessionInit/...a32/icaweb.cab
> O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} -
> http://www.silvercrk.com/php/hwheart...99_9141658.cab
> O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
> - C:\Program Files\Yahoo!\Common\yinsthelper.dll
> O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX
> Control) -
> http://www.trendsecure.com/easy_inst...syInstallX.CAB
> O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-
> C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger
> \8876480\Program\GAPlugProtocol-8876480.dll
> O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files
> \Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS
> \CDANTSRV.EXE
> O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files
> \Toshiba\Power Management\CeEPwrSvc.exe
> O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co.,
> Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
> O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:
> \PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common Files\InstallShield\Driver
> \1050\Intel 32\IDriverT.exe
> O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. -
> C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
> O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec
> \LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS
> \SYSTEM32\LxrJD31s.exe
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
> Corporation - C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS
> \system32\HPZipm12.exe
> O23 - Service: Trend Micro Central Control Component (SfCtlCom) -
> Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security
> \SfCtlCom.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
> \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> O23 - Service: Trend Micro Unauthorized Change Prevention Service
> (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM
> \TMBMSRV.exe" /service (file missing)
> O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro
> Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
> O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc.
> - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
> ~~~~~~~ End of Log file ~~~~~~~
>

In article <vhBfj.2908$pr6.1023@nlpi070.nbdc.sbc.com>, pcbutts1
@leythosthestalker.com says...
> Go here and download two files, Remove-it and Whatslivern run Remove-it
> first and if the malware is still there then run the second diagnostic file
> called whatslivern. That file will generate a log file, send me a copy of
> that log file. It is much more detailed then HJT.

Yea, right, anyone sending a help request to a person that hosts so much
nasty porno, one that has such a bad reputation, etc...

There are dozens of reputable websites to post the HJ logs on that will
give quality feedback without the risk of sending it to a site that
hosts filth like yours.

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

KJB <wwwebmail@yahoo.com> wrote in
news:409a33f6-a1f7-443f-a5e3-a0dfbe3ab684@c4g2000hsg.googlegroups.com:

> My wife has contracted trojan.vundo on her work laptop on Thanksgiving
> weekend. (don't know how or where) We have spent well over $200 on
> various "guaranteed fixes" but none of them have worked even though
> the program being used at the time says it was either removed or
> couldn't be found in the first place.Is there a product that can
> remove trojan.vundo??? Often times the pop-ups go wild and open 100+
> windows at a time making any useful computing tasks impossible. If
> there is anything avaiable that can irradicate this bastard PLEASE LET
> ME KNOW as this has been driving us crazy.
>
> "Fixes" I've tried: (All programs were run in Safe Mode with the
> Restore points turned off.)

I've seen a few entries in your posted HiJackthis log file that indicates a
possible vundo infection.

You can try BugHunter if you'd like, it may know the particular trojans you
have. If it doesn't help the issue, send me an email and we'll go thru your
hijackthis log file manually.

--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

On Jan 5, 12:39 pm, Dustin Cook <bughunter.dus...@gmail.com> wrote:
> KJB <wwwebm...@yahoo.com> wrote innews:409a33f6-a1f7-443f-a5e3-a0dfbe3ab684@c4g2000hsg.googlegroups.com:
>
> > My wife has contracted trojan.vundo on her work laptop on Thanksgiving
> > weekend. (don't know how or where) We have spent well over $200 on
> > various "guaranteed fixes" but none of them have worked even though
> > the program being used at the time says it was either removed or
> > couldn't be found in the first place.Is there a product that can
> > remove trojan.vundo??? Often times the pop-ups go wild and open 100+
> > windows at a time making any useful computing tasks impossible. If
> > there is anything avaiable that can irradicate this bastard PLEASE LET
> > ME KNOW as this has been driving us crazy.
>
> > "Fixes" I've tried: (All programs were run in Safe Mode with the
> > Restore points turned off.)
>
> I've seen a few entries in your posted HiJackthis log file that indicates a
> possible vundo infection.
>
> You can try BugHunter if you'd like, it may know the particular trojans you
> have. If it doesn't help the issue, send me an email and we'll go thru your
> hijackthis log file manually.
>
> --
> Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
> Email.: bughunter.dus...@gmail.com
> Web...:http://bughunter.it-mate.co.uk
> Pad...:http://bughunter.it-mate.co.uk/pad.xml
> PGP...:http://bughunter.it-mate.co.uk/bughunter.dustin.txt

The problem is Free Anti-Virus and free spy ware software does not
WORK !!
if your going to stop Virus's, spy ware, and Hackers you need a team
of trained computer and security experts
to completely manage your online security for you.
it save you a bunch of TIME and MONEY by not charging you enormous
fees for expert service and support and you enjoy unlimited technical
support, And your Personal Identity Theft Insurance - $25,000 policy!
and a lot more www.myinvisusdirect.com/smith

WOW a spammer with a picture www.myinvisusdirect.com/smith and address and
phone number
http://infospace.intelius.com/result...=SC--Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloadsThe list grows. Leythos the stalker http://www.leythosthestalker.com, DavidH. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell"smithfam1" <smithfam1@yahoo.com> wrote in messagenews:79b9fe6d-3b00-4371-81db-b55e7a7e9209@t1g2000pra.googlegroups.com...> On Jan 5, 12:39 pm, Dustin Cook <bughunter.dus...@gmail.com> wrote:>> KJB <wwwebm...@yahoo.com> wroteinnews:409a33f6-a1f7-443f-a5e3-a0dfbe3ab684@c4g2000hsg.googlegroups.com:>>>> > My wife has contracted trojan.vundo on her work laptop on Thanksgiving>> > weekend. (don't know how or where) We have spent well over $200 on>> > various "guaranteed fixes" but none of them have worked even though>> > the program being used at the time says it was either removed or>> > couldn't be found in the first place.Is there a product that can>> > remove trojan.vundo??? Often times the pop-ups go wild and open 100+>> > windows at a time making any useful computing tasks impossible. If>> > there is anything avaiable that can irradicate this bastard PLEASE LET>> > ME KNOW as this has been driving us crazy.>>>> > "Fixes" I've tried: (All programs were run in Safe Mode with the>> > Restore points turned off.)>>>> I've seen a few entries in your posted HiJackthis log file that indicatesa>> possible vundo infection.>>>> You can try BugHunter if you'd like, it may know the particular trojansyou>> have. If it doesn't help the issue, send me an email and we'll go thruyour>> hijackthis log file manually.>>>> -->> Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e>> Email.: bughunter.dus...@gmail.com>> Web...:http://bughunter.it-mate.co.uk>> Pad...:http://bughunter.it-mate.co.uk/pad.xml>> PGP...:http://bughunter.it-mate.co.uk/bughunter.dustin.txt>> The problem is Free Anti-Virus and free spy ware software does not> WORK !!> if your going to stop Virus's, spy ware, and Hackers you need a team> of trained computer and security experts> to completely manage your online security for you.> it save you a bunch of TIME and MONEY by not charging you enormous> fees for expert service and support and you enjoy unlimited technical> support, And your Personal Identity Theft Insurance - $25,000 policy!> and a lot more www.myinvisusdirect.com/smith

smithfam1 <smithfam1@yahoo.com> wrote in
news:79b9fe6d-3b00-4371-81db-b55e7a7e9209@t1g2000pra.googlegroups.com:

> On Jan 5, 12:39 pm, Dustin Cook <bughunter.dus...@gmail.com> wrote:
>> KJB <wwwebm...@yahoo.com> wrote
>> innews:409a33f6-a1f7-443f-a5e3-a0dfbe3ab684@c4g2000hsg.googlegroups.co
>> m:
>>
>> > My wife has contracted trojan.vundo on her work laptop on
>> > Thanksgiving weekend. (don't know how or where) We have spent well
>> > over $200 on various "guaranteed fixes" but none of them have
>> > worked even though the program being used at the time says it was
>> > either removed or couldn't be found in the first place.Is there a
>> > product that can remove trojan.vundo??? Often times the pop-ups go
>> > wild and open 100+ windows at a time making any useful computing
>> > tasks impossible. If there is anything avaiable that can
>> > irradicate this bastard PLEASE LET ME KNOW as this has been driving
>> > us crazy.
>>
>> > "Fixes" I've tried: (All programs were run in Safe Mode with the
>> > Restore points turned off.)
>>
>> I've seen a few entries in your posted HiJackthis log file that
>> indicates a possible vundo infection.
>>
>> You can try BugHunter if you'd like, it may know the particular
>> trojans you have. If it doesn't help the issue, send me an email and
>> we'll go thru your hijackthis log file manually.
>>
>> --
>> Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
>> Email.: bughunter.dus...@gmail.com
>> Web...:http://bughunter.it-mate.co.uk
>> Pad...:http://bughunter.it-mate.co.uk/pad.xml
>> PGP...:http://bughunter.it-mate.co.uk/bughunter.dustin.txt
>
> The problem is Free Anti-Virus and free spy ware software does not
> WORK !!

LOL. So sayeth the subscription spammer. :)

> if your going to stop Virus's, spy ware, and Hackers you need a team
> of trained computer and security experts

Wahahahahahaa... OKie. :)


> to completely manage your online security for you.
> it save you a bunch of TIME and MONEY by not charging you enormous
> fees for expert service and support and you enjoy unlimited technical
> support, And your Personal Identity Theft Insurance - $25,000 policy!
> and a lot more www.myinvisusdirect.com/smith

I don't know, your 29.95 per pc fee and an ongoing 9.95 per month charge
doesn't seem to cheap to me.




--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

WOW a spammer with a picture www.myinvisusdirect.com/smith and address and
phone number
http://infospace.intelius.com/result...qn=Smith&qs=SC

On Sat, 05 Jan 2008 18:47:25 -0500, smithfam1 <smithfam1@yahoo.com> wrote:

> The problem is Free Anti-Virus and free spy ware software does not
> WORK !!

I hope anyone reading the antivirus newsgroups will not trust someone who
spams the newsgroups with the same canned response, time after time.

Free Anti-Virus and Free spyware/trojan scanners work very well for most
people. Trying to gouge those who don't know how to fix their systems
themselves, is what I would expect from an obvious spammer.

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

On Jan 5, 10:39*pm, Dustin Cook <bughunter.dus...@gmail.com> wrote:
> KJB <wwwebm...@yahoo.com> wrote innews:409a33f6-a1f7-443f-a5e3-a0dfbe3ab684@c4g2000hsg.googlegroups.com:
>
> > My wife has contracted trojan.vundo on her work laptop on Thanksgiving
> > weekend. (don't know how or where) We have spent well over $200 on
> > various "guaranteed fixes" but none of them have worked even though
> > the program being used at the time says it was either removed or
> > couldn't be found in the first place.Is there a product that can
> > remove trojan.vundo??? *Often times the pop-ups go wild and open 100+
> > windows at a time making any useful computing tasks impossible. *If
> > there is anything avaiable that can irradicate this bastard PLEASE LET
> > ME KNOW as this has been driving us crazy.
>
> > "Fixes" I've tried: (All programs were run in Safe Mode with the
> > Restore points turned off.)
>
> I've seen a few entries in your posted HiJackthis log file that indicates a
> possible vundo infection.
>
> You can try BugHunter if you'd like, it may know the particular trojans you
> have. If it doesn't help the issue, send me an email and we'll go thru your
> hijackthis log file manually.
>
> --
> Dustin Cook, *Author of BugHunter - MalWare Removal Tool - v2.2e
> Email.: bughunter.dus...@gmail.com
> Web...:http://bughunter.it-mate.co.uk
> Pad...:http://bughunter.it-mate.co.uk/pad.xml
> PGP...:http://bughunter.it-mate.co.uk/bughunter.dustin.txt
you can download a tool from the link below ..

http://www.symantec.com/security_res...112210-3747-99