Subscribe to AfterDawn's weekly newsletter.
xps 600 virus issues
#1
05 Oct 2009 @ 13:47
x_of_halo
Send private message to this user
Member
my xps boots in safe mode just fine, im using it now with networking in fact. i have run spybot, malwarebytes, spyware doctor and mcafee. all of them find virtumonde but cant get rid of it and a slew of others, the biggest problem and why i am in safe mode is when i boot normally, log on my profile, as soon as it loads the backround, not including the start bar and any icons,also whenever i shut it down in safe mode explorer says it cant close and the classic message to end task or wait
AfterDawn
Advertisement
#2
05 Oct 2009 @ 14:02
ddp
Moderator
moved to correct forum as not a pc hardware issue. take a look in msconfig\startup to see what is not supposed to be there & uncheck it.
#5
05 Oct 2009 @ 14:39
ddp
Moderator
type at the run command line msconfig & look at the startup tab near top right side. whatever is not to be there.
#6
05 Oct 2009 @ 18:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:21 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {8144A1E8-D187-48F8-AA9B-38F256984A51} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: (no name) - {b45b0a31-44cd-40f4-94a8-94b005090e09} - mejunavi.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fe6ddb56-e1ef-46b9-99e2-6777dc3a92b1} - yezoyihu.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {9285901C-2731-4E57-8F17-6B016168CA98} - (no file)
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [vosigotal] Rundll32.exe "c:\windows\system32\zijokomo.dll",a
O4 - HKLM\..\Run: [meyafugafa] Rundll32.exe "hutikovu.dll",s
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\MICAHG~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8796] command.com /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1199] cmd.exe /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2356] command.com /c del "c:\windows\system32\dabezoda.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8070] cmd.exe /c del "c:\windows\system32\dabezoda.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7074] command.com /c del "C:\WINDOWS\system32\diyobela.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8524] cmd.exe /c del "C:\WINDOWS\system32\diyobela.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3498] command.com /c del "c:\windows\system32\yovorize.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7774] cmd.exe /c del "c:\windows\system32\yovorize.dll_old"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6868] command.com /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8820] cmd.exe /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1219946583906
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///D:/tools/en/bin/npseatools.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - AppInit_DLLs: ystem32\yamadeko.dll c:\windows\system32\sumopuwu.dll hutikovu.dll c:\windows\system32\zijokomo.dll
O21 - SSODL: diduduyik - {892a4132-a52c-4ccd-8c68-03063be2f1f9} - (no file)
O21 - SSODL: letomazok - {d05ad4d5-da1d-43f3-8ad8-43459f3e31d6} - (no file)
O21 - SSODL: ripemogis - {9dcfea13-bb91-41d6-9586-ef9b17f1202c} - c:\windows\system32\zijokomo.dll
O22 - SharedTaskScheduler: gahurihor - {892a4132-a52c-4ccd-8c68-03063be2f1f9} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {d05ad4d5-da1d-43f3-8ad8-43459f3e31d6} - (no file)
O22 - SharedTaskScheduler: gahurihor - {9dcfea13-bb91-41d6-9586-ef9b17f1202c} - c:\windows\system32\zijokomo.dll
O23 - Service: McAfee Application Installer Cleanup (0228471252054382) (0228471252054382mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0228471252054382mcinst.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Sonic Solutions - (no file)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 14346 bytes
AND
alwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 3 (Safe Mode)
10/5/2009 5:50:04 PM
mbam-log-2009-10-05 (17-49-59).txt
Scan type: Quick Scan
Objects scanned: 176300
Time elapsed: 13 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 43
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vosigotal (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ripemogis (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3498 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7774 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meyafugafa (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zijokomo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zijokomo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Documents and Settings\Administrator\Application Data\3669333503 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585 (Rogue.SecurityTool) -> No action taken.
Files Infected:
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yovorize.dll_old (Trojan.Vundo) -> No action taken.
C:\ktvyameo.exe (Trojan.FakeAlert) -> No action taken.
C:\xgje.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\guporobe.exe (Rogue.SecurityTool) -> No action taken.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\javavuso.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mawivawo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mejunavi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\merenugu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mopujoju.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> No action taken.
C:\WINDOWS\system32\togubiza.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tohufepa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vitamine.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zotumuge.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.cfg (Rogue.SecurityTool) -> No action taken.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> No action taken.
C:\WINDOWS\wf3.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\wf4.dat (Malware.Trace) -> No action taken.
Can anybody help with that info?
Scan saved at 3:00:21 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {8144A1E8-D187-48F8-AA9B-38F256984A51} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: (no name) - {b45b0a31-44cd-40f4-94a8-94b005090e09} - mejunavi.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fe6ddb56-e1ef-46b9-99e2-6777dc3a92b1} - yezoyihu.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {9285901C-2731-4E57-8F17-6B016168CA98} - (no file)
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [vosigotal] Rundll32.exe "c:\windows\system32\zijokomo.dll",a
O4 - HKLM\..\Run: [meyafugafa] Rundll32.exe "hutikovu.dll",s
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\MICAHG~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8796] command.com /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1199] cmd.exe /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2356] command.com /c del "c:\windows\system32\dabezoda.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8070] cmd.exe /c del "c:\windows\system32\dabezoda.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7074] command.com /c del "C:\WINDOWS\system32\diyobela.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8524] cmd.exe /c del "C:\WINDOWS\system32\diyobela.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3498] command.com /c del "c:\windows\system32\yovorize.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7774] cmd.exe /c del "c:\windows\system32\yovorize.dll_old"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6868] command.com /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8820] cmd.exe /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1219946583906
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///D:/tools/en/bin/npseatools.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - AppInit_DLLs: ystem32\yamadeko.dll c:\windows\system32\sumopuwu.dll hutikovu.dll c:\windows\system32\zijokomo.dll
O21 - SSODL: diduduyik - {892a4132-a52c-4ccd-8c68-03063be2f1f9} - (no file)
O21 - SSODL: letomazok - {d05ad4d5-da1d-43f3-8ad8-43459f3e31d6} - (no file)
O21 - SSODL: ripemogis - {9dcfea13-bb91-41d6-9586-ef9b17f1202c} - c:\windows\system32\zijokomo.dll
O22 - SharedTaskScheduler: gahurihor - {892a4132-a52c-4ccd-8c68-03063be2f1f9} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {d05ad4d5-da1d-43f3-8ad8-43459f3e31d6} - (no file)
O22 - SharedTaskScheduler: gahurihor - {9dcfea13-bb91-41d6-9586-ef9b17f1202c} - c:\windows\system32\zijokomo.dll
O23 - Service: McAfee Application Installer Cleanup (0228471252054382) (0228471252054382mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0228471252054382mcinst.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Sonic Solutions - (no file)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 14346 bytes
AND
alwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 3 (Safe Mode)
10/5/2009 5:50:04 PM
mbam-log-2009-10-05 (17-49-59).txt
Scan type: Quick Scan
Objects scanned: 176300
Time elapsed: 13 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 43
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vosigotal (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ripemogis (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3498 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7774 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meyafugafa (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zijokomo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zijokomo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Documents and Settings\Administrator\Application Data\3669333503 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585 (Rogue.SecurityTool) -> No action taken.
Files Infected:
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yovorize.dll_old (Trojan.Vundo) -> No action taken.
C:\ktvyameo.exe (Trojan.FakeAlert) -> No action taken.
C:\xgje.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\guporobe.exe (Rogue.SecurityTool) -> No action taken.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\javavuso.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mawivawo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mejunavi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\merenugu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mopujoju.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> No action taken.
C:\WINDOWS\system32\togubiza.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tohufepa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vitamine.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zotumuge.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.cfg (Rogue.SecurityTool) -> No action taken.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> No action taken.
C:\WINDOWS\wf3.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\wf4.dat (Malware.Trace) -> No action taken.
Can anybody help with that info?
#7
05 Oct 2009 @ 18:53
and after i press fix
Malwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 3 (Safe Mode)
10/5/2009 5:51:41 PM
mbam-log-2009-10-05 (17-51-41).txt
Scan type: Quick Scan
Objects scanned: 176300
Time elapsed: 13 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 43
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vosigotal (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ripemogis (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3498 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7774 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meyafugafa (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zijokomo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zijokomo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Administrator\Application Data\3669333503 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\yovorize.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ktvyameo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\xgje.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guporobe.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\javavuso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mawivawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mejunavi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\merenugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mopujoju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\togubiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tohufepa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vitamine.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zotumuge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wf3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wf4.dat (Malware.Trace) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 3 (Safe Mode)
10/5/2009 5:51:41 PM
mbam-log-2009-10-05 (17-51-41).txt
Scan type: Quick Scan
Objects scanned: 176300
Time elapsed: 13 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 43
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vosigotal (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ripemogis (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3498 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7774 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meyafugafa (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zijokomo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zijokomo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Administrator\Application Data\3669333503 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\yovorize.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ktvyameo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\xgje.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guporobe.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\javavuso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mawivawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mejunavi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\merenugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mopujoju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\togubiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tohufepa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vitamine.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zotumuge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wf3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wf4.dat (Malware.Trace) -> Quarantined and deleted successfully.
#8
05 Oct 2009 @ 18:55
also it says it has to fix a few on reboot but when i reboot it crashes when i logon and i cant disable the zijimodo or whatever one cuz it says i have to have admin priveleges to do it and i am on admin profile now
This discussion thread has been automatically closed, as it hasn't received any new posts during the last 180 days. This means that you can't post replies or new questions to this discussion thread.
If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.
If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.
