my xps boots in safe mode just fine, im using it now with networking in fact. i have run spybot, malwarebytes, spyware doctor and mcafee. all of them find virtumonde but cant get rid of it and a slew of others, the biggest problem and why i am in safe mode is when i boot normally, log on my profile, as soon as it loads the backround, not including the start bar and any icons,also whenever i shut it down in safe mode explorer says it cant close and the classic message to end task or wait
moved to correct forum as not a pc hardware issue. take a look in msconfig\startup to see what is not supposed to be there & uncheck it.
type at the run command line msconfig & look at the startup tab near top right side. whatever is not to be there.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:00:21 PM, on 10/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\virusscan\scriptsn.dll O2 - BHO: (no name) - {8144A1E8-D187-48F8-AA9B-38F256984A51} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O2 - BHO: (no name) - {b45b0a31-44cd-40f4-94a8-94b005090e09} - mejunavi.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: (no name) - {fe6ddb56-e1ef-46b9-99e2-6777dc3a92b1} - yezoyihu.dll (file missing) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: (no name) - {9285901C-2731-4E57-8F17-6B016168CA98} - (no file) O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [vosigotal] Rundll32.exe "c:\windows\system32\zijokomo.dll",a O4 - HKLM\..\Run: [meyafugafa] Rundll32.exe "hutikovu.dll",s O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\MICAHG~1\LOCALS~1\Temp\IXP000.TMP\" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotDeletingA8796] command.com /c del "c:\windows\system32\numonuji.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC1199] cmd.exe /c del "c:\windows\system32\numonuji.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA2356] command.com /c del "c:\windows\system32\dabezoda.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC8070] cmd.exe /c del "c:\windows\system32\dabezoda.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA7074] command.com /c del "C:\WINDOWS\system32\diyobela.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC8524] cmd.exe /c del "C:\WINDOWS\system32\diyobela.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA3498] command.com /c del "c:\windows\system32\yovorize.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC7774] cmd.exe /c del "c:\windows\system32\yovorize.dll_old" O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" O4 - HKCU\..\RunOnce: [SpybotDeletingB6868] command.com /c del "c:\windows\system32\numonuji.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD8820] cmd.exe /c del "c:\windows\system32\numonuji.dll_old" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user') O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219946583906 O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///D:/tools/en/bin/npseatools.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - AppInit_DLLs: ystem32\yamadeko.dll c:\windows\system32\sumopuwu.dll hutikovu.dll c:\windows\system32\zijokomo.dll O21 - SSODL: diduduyik - {892a4132-a52c-4ccd-8c68-03063be2f1f9} - (no file) O21 - SSODL: letomazok - {d05ad4d5-da1d-43f3-8ad8-43459f3e31d6} - (no file) O21 - SSODL: ripemogis - {9dcfea13-bb91-41d6-9586-ef9b17f1202c} - c:\windows\system32\zijokomo.dll O22 - SharedTaskScheduler: gahurihor - {892a4132-a52c-4ccd-8c68-03063be2f1f9} - (no file) O22 - SharedTaskScheduler: mujuzedij - {d05ad4d5-da1d-43f3-8ad8-43459f3e31d6} - (no file) O22 - SharedTaskScheduler: gahurihor - {9dcfea13-bb91-41d6-9586-ef9b17f1202c} - c:\windows\system32\zijokomo.dll O23 - Service: McAfee Application Installer Cleanup (0228471252054382) (0228471252054382mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0228471252054382mcinst.exe (file missing) O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Sonic Solutions - (no file) O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe -- End of file - 14346 bytes AND alwarebytes' Anti-Malware 1.41 Database version: 2910 Windows 5.1.2600 Service Pack 3 (Safe Mode) 10/5/2009 5:50:04 PM mbam-log-2009-10-05 (17-49-59).txt Scan type: Quick Scan Objects scanned: 176300 Time elapsed: 13 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 5 Registry Values Infected: 6 Registry Data Items Infected: 3 Folders Infected: 10 Files Infected: 43 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding (Trojan.FakeAlert) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vosigotal (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ripemogis (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3498 (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7774 (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meyafugafa (Trojan.Agent) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zijokomo.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zijokomo.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\Documents and Settings\Administrator\Application Data\3669333503 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\4686938722 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\5358676803 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\5550527513 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\6595257630 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\9360477137 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\2144228881 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\2514220284 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\8730853769 (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\9464637585 (Rogue.SecurityTool) -> No action taken. Files Infected: c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\yovorize.dll_old (Trojan.Vundo) -> No action taken. C:\ktvyameo.exe (Trojan.FakeAlert) -> No action taken. C:\xgje.exe (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\guporobe.exe (Rogue.SecurityTool) -> No action taken. C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\javavuso.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\mawivawo.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\mejunavi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\merenugu.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\mopujoju.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> No action taken. C:\WINDOWS\system32\togubiza.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\tohufepa.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\vitamine.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\zotumuge.dll (Trojan.Vundo) -> No action taken. C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.cfg (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.bat (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.cfg (Rogue.SecurityTool) -> No action taken. C:\WINDOWS\system32\nuar.old (Malware.Trace) -> No action taken. C:\WINDOWS\wf3.dat (Malware.Trace) -> No action taken. C:\WINDOWS\wf4.dat (Malware.Trace) -> No action taken. Can anybody help with that info?
and after i press fix Malwarebytes' Anti-Malware 1.41 Database version: 2910 Windows 5.1.2600 Service Pack 3 (Safe Mode) 10/5/2009 5:51:41 PM mbam-log-2009-10-05 (17-51-41).txt Scan type: Quick Scan Objects scanned: 176300 Time elapsed: 13 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 5 Registry Values Infected: 6 Registry Data Items Infected: 3 Folders Infected: 10 Files Infected: 43 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vosigotal (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ripemogis (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3498 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7774 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meyafugafa (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zijokomo.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zijokomo.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\Administrator\Application Data\3669333503 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\4686938722 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\5358676803 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\5550527513 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\6595257630 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\9360477137 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\2144228881 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\2514220284 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\8730853769 (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\9464637585 (Rogue.SecurityTool) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\system32\yovorize.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ktvyameo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\xgje.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\guporobe.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\javavuso.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mawivawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mejunavi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\merenugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mopujoju.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\WINDOWS\system32\togubiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tohufepa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vitamine.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zotumuge.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nuar.old (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\wf3.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\wf4.dat (Malware.Trace) -> Quarantined and deleted successfully.
also it says it has to fix a few on reboot but when i reboot it crashes when i logon and i cant disable the zijimodo or whatever one cuz it says i have to have admin priveleges to do it and i am on admin profile now
