Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vundo

Started by natalie888 , Dec 05 2008 10:43 AM

  • Please log in to reply

#1
natalie888
Posted 05 December 2008 - 10:43 AM

natalie888

    New Member

  • Member
  • Pip
  • 3 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:04 AM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell....s...;l=es&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell....s...;l=es&s=gen
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\ARCHIV~1\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\archivos de programa\mcafee\spamkiller\mcapfbho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OASClnt] C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\ARCHIV~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\ARCHIV~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPSExe] c:\ARCHIV~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BM27bf8a0b] Rundll32.exe "C:\WINDOWS\system32\pyfavelp.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [248cb997] rundll32.exe "C:\WINDOWS\system32\epxedhxr.dll",b
O4 - HKCU\..\Run: [Sys4.exe] C:\Sys4.exe
O4 - HKCU\..\Run: [Sys3.exe] C:\Sys3.exe
O4 - HKCU\..\Run: [Sys2.exe] C:\Sys2.exe
O4 - HKCU\..\Run: [Sys1.exe] C:\Sys1.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Antivirus] C:\Archivos de programa\VAV\vav.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\archivos de programa\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\archivos de programa\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1228452267265
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE591F52-705B-48D1-98C9-4F9C1C47FDF8}: NameServer = 216.230.128.32,216.230.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ujditw.dll
O21 - SSODL: KbdCheck - {3aa47398-566b-4f02-a73d-70a277ed0ba6} - C:\WINDOWS\Resources\KbdCheck.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: AMON - Unknown owner - E:\kav\NOD32\amon.sys (file missing)
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Programador AntiVir PersonalEdition Premium (AntiVirScheduler) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard servicio de ayuda (AVEService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Archivos de programa\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - E:\kav\NOD32\nod32krn.exe (file missing)

--
End of file - 10802 bytes
  • 0

Advertisements

#2
Gravity Gripp
Posted 05 December 2008 - 10:54 AM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
natalie888, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your
issues.

First, when you post logs here, post them directly into the reply. Do not attach them, unless told to do so. Also, do not alter the font, color, or size of these logs. This will help me, help you.

Also, if I have not responded to you in a time period longer than 4 days, please feel free to PM me.

Thanks and I look forward to working with you. :)

As of right now, I'm waiting on your malwarebytes log. Once you post that, I will proceed with my instructions.
  • 0

#3
natalie888
Posted 05 December 2008 - 11:11 AM

natalie888

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/5/2008 10:16:05 AM
mbam-log-2008-12-05 (10-16-05).txt

Scan type: Quick Scan
Objects scanned: 56077
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 36
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 49

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccbXRif.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ujditw.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45d06dd4-7b73-4ce0-bf56-b3b2142e93fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnooiij (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45d06dd4-7b73-4ce0-bf56-b3b2142e93fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f74be91a-43ed-451f-b6bb-02bd3d1e9eab} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f74be91a-43ed-451f-b6bb-02bd3d1e9eab} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa93e4c8-0641-40fb-8c12-0d4463353838} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa93e4c8-0641-40fb-8c12-0d4463353838} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fa93e4c8-0641-40fb-8c12-0d4463353838} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f74be91a-43ed-451f-b6bb-02bd3d1e9eab} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.btpb (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{11ea6f11-55b4-4460-ade5-b0b06736790f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{25ddd24d-1a1b-41ac-919b-b6bc6dfbc2fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63bb2189-05db-4e6b-9542-82c9a1c53c0b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63bb2189-05db-4e6b-9542-82c9a1c53c0b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{984c42ae-0b1d-4495-b16b-935da5671133} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{45d06dd4-7b73-4ce0-bf56-b3b2142e93fa} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d440f412-7bef-49f2-9b8f-5b1be16388db} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d440f412-7bef-49f2-9b8f-5b1be16388db} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{63bb2189-05db-4e6b-9542-82c9a1c53c0b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45d06dd4-7b73-4ce0-bf56-b3b2142e93fa} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xvorfwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccbxrif -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccbxrif -> Delete on reboot.

Folders Infected:
C:\Archivos de programa\Antivirus 2008 PRO (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Archivos de programa\Antivirus 2008 PRO\Infected (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Archivos de programa\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\763444 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\nnnoOiiJ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbXRif.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fiRXbccf.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fiRXbccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ujditw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cdjqdfpy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypfdqjdc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\epxedhxr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rxhdexpe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gifyjcve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evcjyfig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lndakfov.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vofkadnl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\okbdcvdj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdvcdbko.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qpnpxalj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlaxpnpq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgndodxv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vxdodngw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\sqvgnrpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fllgbhla.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isvnhjsj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxecfknq.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prkeftav.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbuveapg.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frqfsokw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yooavv(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Archivos de programa\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Archivos de programa\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Archivos de programa\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Archivos de programa\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Archivos de programa\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM27bf8a0b.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM27bf8a0b.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

#4
Gravity Gripp
Posted 05 December 2008 - 12:21 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
STEP ONE
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by Gravity Gripp, 05 December 2008 - 12:56 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP