Heyas. I've got some problems getting rid of Virtumonde on my pc. :/ I did the Kaspersky online scan and it said the following files were infeceted: File name Threat name Threats count C:\WINDOWS\system32\lojygurd.0ll Infected: Trojan.Win32.Monder.rhy 1 C:\WINDOWS\system32\mmpxdnpe.0ll Infected: Trojan-Spy.Win32.BZub.ffq 1 The selected area was scanned. And this is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:39, on 6.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Wallpaper Master\Wallpaper.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsavgui.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Last.fm\LastFM.exe C:\DOCUME~1\Matias\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\Matias\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Ascii\Rm2k3\rpg2003\RPG2003.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://D:\components\A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://D:\components\wmvhdrating.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: hyyloh.dll fymmwk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8796 bytes Thanks for the help in advance!
Hi Rei00 Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required. Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop. Configuring Malwarebytes • Click on the tab Settings. • Make sure only these boxes are checked: Code: Terminate Internet Explorer Automatically save and display logfile after removal Always scan memory objects Always scan registry objects Always scan filesystem Always scan extra and heuristics objects Updating Malwarebytes • Click on the tab Update. • Press the button Check for Updates • Wait for Malwarebytes to be fully updated. Scanning Time • Click on the tab Scanner. • Check Perform full scan and click on Scan • Wait for the scan to complete, and then click on Show Results. • Make sure all items are checked, then click on Remove Selected. **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately. Post A Log • A text box will pop up after the removal process is over. Post the contents of the text here. • If no text box pops up, launch Malwarebytes, and click on the tab Logs. • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open. • Post the log here. Best Regards
I appreciate the help so far! Malwarebytes' Anti-Malware seemed really efficent. Here's the log... apparently it's in finnish partly though.. : Malwarebytes' Anti-Malware 1.28 Tietokantaversio: 1235 Windows 5.1.2600 Service Pack 2 7.10.2008 7:09:19 mbam-log-2008-10-07 (07-09-19).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 227528 Kulunut aika: 2 hour(s), 12 minute(s), 25 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 7 Saastuneita rekisteriavaimia: 14 Saastuneita rekisteriarvoja: 5 Saastuneita rekisterikohteita: 2 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 46 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: C:\WINDOWS\system32\ddcCUkjh.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gytbkwhf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hyyloh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fymmwk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\cbXQklkL.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gmroepng.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\uokfko.dll (Trojan.Vundo) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4def575c-ad09-4f00-a268-75bb5c71a8be} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{4def575c-ad09-4f00-a268-75bb5c71a8be} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d425b2-3452-427a-96be-b3cd66620205} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxqklkl (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{c2d425b2-3452-427a-96be-b3cd66620205} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{3a1e9e72-b765-47c9-bfc0-d31fcca2396f} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c06700fd-a404-43e4-af57-fa4a5286cc21} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9201be21-160e-489b-9c61-45e96899f49d} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c2d425b2-3452-427a-96be-b3cd66620205} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb3489 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd6925 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga7607 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc87 (Trojan.Vundo.H) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddccukjh -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddccukjh -> Delete on reboot. Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\ddcCUkjh.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hjkUCcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hjkUCcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXQklkL.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gytbkwhf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fhwkbtyg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hyyloh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fymmwk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\gmroepng.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\uokfko.dll (Trojan.Vundo) -> Delete on reboot. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065777.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065787.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065789.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065790.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065791.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067124.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067096.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067097.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067118.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067119.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067120.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067121.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067122.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067123.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067125.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067126.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067127.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067128.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067129.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067130.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067131.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067132.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067133.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067134.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mmpxdnpe.0ll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wldkiwvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vjxcpt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cuphuxld.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dwckwwuf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gogkok.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lojygurd.0ll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jcafhbok.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Matias\Local Settings\Temporary Internet Files\Content.IE5\0TQ7CPIZ\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Matias\Local Settings\Temporary Internet Files\Content.IE5\EF78FVEO\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM671d1646.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM671d1646.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Hey Rei00 Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
Hey Rei00 You've posted way too many Combofix logs. Please delete all of them except one. It makes it confusing for me to proceed. Best Regards
