Malwarebytes' Anti-Malware 1.31 Database version: 1543 Windows 5.1.2600 Service Pack 2 12/25/2008 1:27:59 PM mbam-log-2008-12-25 (13-27-59).txt Scan type: Full Scan (C:\|E:\|) Objects scanned: 430077 Time elapsed: 2 hour(s), 33 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 5 Registry Keys Infected: 9 Registry Values Infected: 4 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: E:\WINDOWS\system32\jovivumo.dll (Trojan.Vundo.H) -> Delete on reboot. E:\WINDOWS\system32\zewewegi.dll (Trojan.Vundo.H) -> Delete on reboot. E:\WINDOWS\system32\reziguge.dll (Trojan.Vundo.H) -> Delete on reboot. E:\WINDOWS\system32\memovovo.dll (Trojan.Vundo.H) -> Delete on reboot. e:\WINDOWS\system32\gawojuso.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f45bb4-bb6c-475d-93c2-91605035ed83} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{39f45bb4-bb6c-475d-93c2-91605035ed83} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39f45bb4-bb6c-475d-93c2-91605035ed83} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm7b0a8457 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\farafuhuki (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: e:\windows\system32\zewewegi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\zewewegi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zewewegi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: e:\windows\system32\memovovo.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\memovovo.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: E:\WINDOWS\system32\besenije.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. E:\WINDOWS\system32\ejineseb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. E:\WINDOWS\system32\jovivumo.dll (Trojan.Vundo.H) -> Delete on reboot. E:\WINDOWS\system32\omuvivoj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. E:\WINDOWS\system32\memovovo.dll (Trojan.Vundo.H) -> Delete on reboot. E:\WINDOWS\system32\reziguge.dll (Trojan.Vundo.H) -> Delete on reboot. E:\WINDOWS\system32\zewewegi.dll (Trojan.Vundo.H) -> Delete on reboot. e:\WINDOWS\system32\gawojuso.dll (Trojan.Vundo) -> Delete on reboot. E:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\HB7BHW9S\style[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{1AE1C943-8357-4687-A932-E08BC23ECB9F}\RP322\A0045761.dll (Trojan.Vundo) -> Quarantined and deleted successfully. E:\WINDOWS\system32\ntyoweoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. E:\WINDOWS\system32\hdsrhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.