Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Tuesday 4.3.2025 / 00:08
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > xps 600 virus issues
Show topics
 
Forums
Forums
xps 600 virus issues
  Jump to:
 
Posted Message
x_of_halo
Member
_ 		5. October 2009 @ 13:47 _ Link to this message    Send private message to this user   
my xps boots in safe mode just fine, im using it now with networking in fact. i have run spybot, malwarebytes, spyware doctor and mcafee. all of them find virtumonde but cant get rid of it and a slew of others, the biggest problem and why i am in safe mode is when i boot normally, log on my profile, as soon as it loads the backround, not including the start bar and any icons,also whenever i shut it down in safe mode explorer says it cant close and the classic message to end task or wait
[ + quote]
Advertisement
_ 		__
ddp
Moderator
_ 		5. October 2009 @ 14:02 _ Link to this message    Send private message to this user   
moved to correct forum as not a pc hardware issue. take a look in msconfig\startup to see what is not supposed to be there & uncheck it.
[ + quote]
x_of_halo
Member
_ 		5. October 2009 @ 14:07 _ Link to this message    Send private message to this user   
okay thanks ill check
[ + quote]
x_of_halo
Member
_ 		5. October 2009 @ 14:15 _ Link to this message    Send private message to this user   
where is msconfig at and what should i be looking for
[ + quote]
ddp
Moderator
_ 		5. October 2009 @ 14:39 _ Link to this message    Send private message to this user   
type at the run command line msconfig & look at the startup tab near top right side. whatever is not to be there.
[ + quote]
x_of_halo
Member
_ 		5. October 2009 @ 18:52 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:21 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {8144A1E8-D187-48F8-AA9B-38F256984A51} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: (no name) - {b45b0a31-44cd-40f4-94a8-94b005090e09} - mejunavi.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fe6ddb56-e1ef-46b9-99e2-6777dc3a92b1} - yezoyihu.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {9285901C-2731-4E57-8F17-6B016168CA98} - (no file)
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [vosigotal] Rundll32.exe "c:\windows\system32\zijokomo.dll",a
O4 - HKLM\..\Run: [meyafugafa] Rundll32.exe "hutikovu.dll",s
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\MICAHG~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8796] command.com /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1199] cmd.exe /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2356] command.com /c del "c:\windows\system32\dabezoda.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8070] cmd.exe /c del "c:\windows\system32\dabezoda.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7074] command.com /c del "C:\WINDOWS\system32\diyobela.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8524] cmd.exe /c del "C:\WINDOWS\system32\diyobela.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3498] command.com /c del "c:\windows\system32\yovorize.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7774] cmd.exe /c del "c:\windows\system32\yovorize.dll_old"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6868] command.com /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8820] cmd.exe /c del "c:\windows\system32\numonuji.dll_old"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1219946583906
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///D:/tools/en/bin/npseatools.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - AppInit_DLLs: ystem32\yamadeko.dll c:\windows\system32\sumopuwu.dll hutikovu.dll c:\windows\system32\zijokomo.dll
O21 - SSODL: diduduyik - {892a4132-a52c-4ccd-8c68-03063be2f1f9} - (no file)
O21 - SSODL: letomazok - {d05ad4d5-da1d-43f3-8ad8-43459f3e31d6} - (no file)
O21 - SSODL: ripemogis - {9dcfea13-bb91-41d6-9586-ef9b17f1202c} - c:\windows\system32\zijokomo.dll
O22 - SharedTaskScheduler: gahurihor - {892a4132-a52c-4ccd-8c68-03063be2f1f9} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {d05ad4d5-da1d-43f3-8ad8-43459f3e31d6} - (no file)
O22 - SharedTaskScheduler: gahurihor - {9dcfea13-bb91-41d6-9586-ef9b17f1202c} - c:\windows\system32\zijokomo.dll
O23 - Service: McAfee Application Installer Cleanup (0228471252054382) (0228471252054382mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0228471252054382mcinst.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Sonic Solutions - (no file)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 14346 bytes



AND


alwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/5/2009 5:50:04 PM
mbam-log-2009-10-05 (17-49-59).txt

Scan type: Quick Scan
Objects scanned: 176300
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vosigotal (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ripemogis (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3498 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7774 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meyafugafa (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zijokomo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zijokomo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\3669333503 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769 (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585 (Rogue.SecurityTool) -> No action taken.

Files Infected:
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yovorize.dll_old (Trojan.Vundo) -> No action taken.
C:\ktvyameo.exe (Trojan.FakeAlert) -> No action taken.
C:\xgje.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\guporobe.exe (Rogue.SecurityTool) -> No action taken.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\javavuso.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mawivawo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mejunavi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\merenugu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mopujoju.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> No action taken.
C:\WINDOWS\system32\togubiza.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tohufepa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vitamine.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zotumuge.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.cfg (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.bat (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.cfg (Rogue.SecurityTool) -> No action taken.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> No action taken.
C:\WINDOWS\wf3.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\wf4.dat (Malware.Trace) -> No action taken.

Can anybody help with that info?
[ + quote]
x_of_halo
Member
_ 		5. October 2009 @ 18:53 _ Link to this message    Send private message to this user   
and after i press fix


Malwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/5/2009 5:51:41 PM
mbam-log-2009-10-05 (17-51-41).txt

Scan type: Quick Scan
Objects scanned: 176300
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vosigotal (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9dcfea13-bb91-41d6-9586-ef9b17f1202c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ripemogis (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3498 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7774 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\meyafugafa (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zijokomo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zijokomo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\3669333503 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\zijokomo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hutikovu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yezoyihu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\yovorize.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ktvyameo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\xgje.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guporobe.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\intro.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\javavuso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mawivawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mejunavi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\merenugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mopujoju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\togubiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tohufepa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vitamine.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zotumuge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\3669333503\3669333503.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\4686938722\4686938722.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5358676803\5358676803.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5550527513\5550527513.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\6595257630\6595257630.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\9360477137\9360477137.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2144228881\2144228881.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\2514220284\2514220284.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\8730853769\8730853769.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micah Gajewski\Application Data\9464637585\9464637585.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wf3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wf4.dat (Malware.Trace) -> Quarantined and deleted successfully.
[ + quote]
x_of_halo
Member
_ 		5. October 2009 @ 18:55 _ Link to this message    Send private message to this user   
also it says it has to fix a few on reboot but when i reboot it crashes when i logon and i cant disable the zijimodo or whatever one cuz it says i have to have admin priveleges to do it and i am on admin profile now
[ + quote]
Advertisement
_ 		__
 
_
x_of_halo
Member
_ 		5. October 2009 @ 19:54 _ Link to this message    Send private message to this user   
*zijikomo
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > xps 600 virus issues
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork