Had a bit of a problem with the vundo scan thing as it would freeze when trying to reboot but i restarted and re-ran the scan and it was clean and the log says it fixed everything:


VundoFix V6.3.5
Checking Java version...
Java version is 1.5.0.8
Java version is 1.5.0.9
Scan started at 23:02:29 08/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\gebayyy.dll
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mnnmp.tmp
C:\WINDOWS\system32\pmnnm.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gebayyy.dll
C:\WINDOWS\system32\gebayyy.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mnnmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.tmp
C:\WINDOWS\system32\mnnmp.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gebayyy.dll
C:\WINDOWS\system32\gebayyy.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.5
Checking Java version...
Java version is 1.5.0.8
Java version is 1.5.0.9
Scan started at 23:50:04 08/02/2007
Listing files found while scanning....
No infected files were found.


---


Should i do all of these scans and stuff on my laptop now aswell?

Sarah

If you like . . . . But start a new thread for the laptop so we don't get confused.

I still have yet to take a thorough look at the combofix log for this thread.

For the laptop - a HJT Log, a combofix log and AVG Anti-spy log ought to be enough to get us started.
If you want to have a pass with VundoFix, that's up to you.

Cheers
PP

Combofix log looks OK.

Can you tell me what this is?
2007-02-04 16:23 <DIR> d-------- C:\Program Files\ProxyLicense

PP

Sorry should have realised it could get confusing having everything in one thread, silly me :rolleyes:
Will start another for the laptop problems but i understand if you dont have time to look into both for me.

I deleted that folder last night because it was empty ... but im sure that is the same thing i had to delete from windows when i rebooted in safe mode.

Sarah

Hi Sarah,

I should have time to look at the new thread.

--- What I was wondering is whether you knew what that Program Files/ProxyLicense folder was.... I imagine it was indeed related to the file you deleted --> C:\DOCUME~1\SARAH~1.SAR\APPLIC~1\PROXYL~1\atom okay.exe

I just want to make sure it was not something legit (certainly did not look legit) and needed. Do you/did you need a Proxy?


No wrries, I guess. We'll deal with that if we need to.

PP

Well if you do have time i thank you in advance

I dont know what a proxy is so im not sure if it was needed but i dont ever remember seeing it before i had the problems.

Is there anything else i can be doing or should i just wait for you to look through the logs now?

Sarah

I posted some steps for you - pretty much the same as before, as you probably figured...

I guess we won't worry about that file we deleted. If it was legit and down the road you find you need it, should be no problem to get another copy....

PP