You are here:
Computer Security & Viruses/Malware
Advertisement
Question
QUESTION: I think my comp is infected. If you can find out and tell me what to do that would be great! Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:06 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\algg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windowsisearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windowsisearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windowsisearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.51/hp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.yimg.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.mail.yahoo.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;*.pogo.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lwinst Run Profiler] .\Lwtest.exe /detect /quiet /launch ".\Lwpevntm.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvfk.exe] C:\WINDOWS\system32\kdvfk.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [BM3bc918ed] Rundll32.exe "C:\WINDOWS\system32\bjeothhi.dll",s
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F21AB3C-26E8-494F-B382-C1725372D8CD}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC0F60C2-E963-4B4A-BE96-65929F642B43}: NameServer = 85.255.115.61,85.255.112.113
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: qnryld.dll dxxent.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 11065 bytes
ANSWER: Hi Adam
Yes, it most certainly is infected by several forms of malware. Let's start the cleanup by running a Malwarebytes Anti-Malware scan in safe mode, then post me that log and a new HJT log.
Restart the computer in Safe Mode by continuously tapping the F8 key on boot until a black screen with a menu appears. Choose to Start Windows in Safe Mode with Networking. Log on as usual.
Please download Malwarebytes' Anti-Malware to your desktop from here:
http://www.malwarebytes.org/mbam-download.php
Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to
o Update Malwarebytes' Anti-Malware
* then click Finish.
* If an update is found, it will download and install the latest version.
*Run a Full Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Save that log and reboot normally.
Brian
---------- FOLLOW-UP ----------
QUESTION: Hey, Adam again. The other day when I tried to download malwarebytes, Mozilla and internet explorer wouldn't open it. Is there another site you would recommend? I will try malewarebytes again, but i don't know if it will work.
ANSWER: Hi Adam
The trojans on your system are blocking access to known sites which will delete them. The folks that write these codes are no dummies. Safe mode usually bypasses this filter, but not this time I suppose. I will send you the file directly to your inbox. Drop me a note at numbersix6@yahoo.com and I will send the MBAM file back to you.
Brian
---------- FOLLOW-UP ----------
QUESTION: Adam here. Here's what I've done. I decided to go to my friends house and get malwarebytes. I installed it, updated, scanned, and removed the invasive trojans.
Here is the report from malwarebytes-post scan before removal.
Malwarebytes' Anti-Malware 1.36
Database version: 2066
Windows 5.1.2600 Service Pack 2
5/1/2009 7:31:15 PM
mbam-log-2009-05-01 (19-31-02).txt
Scan type: Quick Scan
Objects scanned: 86388
Time elapsed: 14 minute(s), 6 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 5
Registry Keys Infected: 40
Registry Values Infected: 10
Registry Data Items Infected: 24
Folders Infected: 2
Files Infected: 230
Memory Processes Infected:
C:\WINDOWS\SYSTEM32\algg.exe (Trojan.Zlob) -> No action taken.
Memory Modules Infected:
C:\WINDOWS\SYSTEM32\nnnmjkKE.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\bjeothhi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qnryld.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\dxxent.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ddcAspop.dll (Trojan.Vundo) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1764af3f-400c-415e-9a92-67a7d55c2c71} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcaspop (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1764af3f-400c-415e-9a92-67a7d55c2c71} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f00158d-cf7e-4c1b-b447-0bd455fe81b6} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f00158d-cf7e-4c1b-b447-0bd455fe81b6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{426867c1-47a2-4256-8a87-2a751ec61f3b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{426867c1-47a2-4256-8a87-2a751ec61f3b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63b09dc8-529a-4aea-b73e-c138fcc68dbd} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63b09dc8-529a-4aea-b73e-c138fcc68dbd} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{426867c1-47a2-4256-8a87-2a751ec61f3b} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1764af3f-400c-415e-9a92-67a7d55c2c71} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b05a613-988e-4fa1-b2d7-55a1145fd1ef} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{69d8c10a-19ea-4c43-a6ac-0ad5f674e8d6} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{69d8c10a-19ea-4c43-a6ac-0ad5f674e8d6} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3f00158d-cf7e-4c1b-b447-0bd455fe81b6} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live.com (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3bc918ed (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1764af3f-400c-415e-9a92-67a7d55c2c71} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.Antivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.Antivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnmjkke -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdvfk.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnmjkke -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7f21ab3c-26e8-494f-b382-c1725372d8cd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7f21ab3c-26e8-494f-b382-c1725372d8cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dc0f60c2-e963-4b4a-be96-65929f642b43}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dc0f60c2-e963-4b4a-be96-65929f642b43}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7f21ab3c-26e8-494f-b382-c1725372d8cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dc0f60c2-e963-4b4a-be96-65929f642b43}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dc0f60c2-e963-4b4a-be96-65929f642b43}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7f21ab3c-26e8-494f-b382-c1725372d8cd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7f21ab3c-26e8-494f-b382-c1725372d8cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{dc0f60c2-e963-4b4a-be96-65929f642b43}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{dc0f60c2-e963-4b4a-be96-65929f642b43}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7f21ab3c-26e8-494f-b382-c1725372d8cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{dc0f60c2-e963-4b4a-be96-65929f642b43}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{dc0f60c2-e963-4b4a-be96-65929f642b43}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> No action taken.
Folders Infected:
C:\resycled (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\SYSTEM32\242112 (Trojan.BHO) -> No action taken.
Files Infected:
C:\WINDOWS\SYSTEM32\ddcAspop.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\nnnmjkKE.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\EKkjmnnn.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\EKkjmnnn.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\dxxent.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\acuynqck.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\kcqnyuca.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ahrdbtuq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qutbdrha.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\aolditlv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vltidloa.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\aphstexo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\oxetshpa.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\avcsuntg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\gtnuscva.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\bmypyugs.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\sguypymb.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\bnypcawt.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\twacpynb.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\cdlkxqjp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\pjqxkldc.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\cjaqxtxc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\cxtxqajc.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\cojpralx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\xlarpjoc.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\dboxjtyl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\lytjxobd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\eurvaggq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qggavrue.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\fomlnhku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ukhnlmof.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\frjyguda.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\adugyjrf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\fvnwqixt.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\txiqwnvf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\gtoxoucc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ccuoxotg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\hoiupomq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qmopuioh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\houvdpus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\supdvuoh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\hxlvknpa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\apnkvlxh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\iryowdqk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\kqdwoyri.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jrhublpj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jplbuhrj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jyeytmbd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\dbmtyeyj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\kxnnmbxg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\gxbmnnxk.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\labgceev.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\veecgbal.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\mlyowamw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\wmawoylm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\mnmqupob.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\bopuqmnm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\mqluvktj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jtkvulqm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\mwuyviso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\osivyuwm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ndtxnkio.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\oiknxtdn.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\nkwtcpgi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\igpctwkn.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\oetacpio.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\oipcateo.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\oidbvsdf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\fdsvbdio.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\oqglefoj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jofelgqo.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ormvhtsg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\gsthvmro.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\pmpkoflr.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\rlfokpmp.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\pmvshxsx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\xsxhsvmp.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ppkfhxid.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\dixhfkpp.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qhicsrws.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\swrscihq.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qiwycoad.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\daocywiq.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\sawgxstv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vtsxgwas.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\sclaqihp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\phiqalcs.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\siwduihe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ehiudwis.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\sjolbqsw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\wsqblojs.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\tprjubwy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ywbujrpt.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\tpylpued.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\deuplypt.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\uchjnfcc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ccfnjhcu.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ufsieiul.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\luieisfu.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\uhihhslf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\flshhihu.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vitmimjf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\fjmimtiv.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vqbiieij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jieiibqv.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vwrcetoq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qotecrwv.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\woadhvaf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\favhdaow.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\wtjskeeo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\oeeksjtw.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\xjhsgjmt.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\tmjgshjx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\xwyityjm.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\mjytiywx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ybjccjjo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ojjccjby.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\bjeothhi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kdvfk.exe (Rootkit.DNSChanger.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qnryld.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
C:\WINDOWS\SYSTEM32\242112\242112.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\ohatyz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ohijgonj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\abixlqni.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ccalwq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\dgzcfa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\efcDWOFY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\efwlonoj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ggfvin.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\glhdlt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\gnkuhgwx.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\SYSTEM32\gtxekcmq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\hcohxmhf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\kfuoig.dll (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\SYSTEM32\kshbjjgn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jiepclef.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jjkrzd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jjzcrr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jxayftqs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\kapwbi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\lnmnux.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mdqhdveh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mobqzh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\nsnrevfa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rcmioc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\oroohqks.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\oydeasyo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pddlptsu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pelgtc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pkkfsr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\saasftui.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ucscxnew.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\vesfootv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wcjfhqwd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wegrpm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\welpcpll.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\chtwpa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cibocisw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cltxmx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\clytkqeq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\usnvmomw.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\SYSTEM32\uwmjhfgc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\uyvleh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\swhsbrwm.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\SYSTEM32\tiisccih.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\tkcwqx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\affypleh.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\SYSTEM32\hoieogmv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\oaoouxay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ocsbbbet.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ocymsi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pvxmho.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pyhgmx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pzttmy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\shpkhx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wldfwn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\bfqhsa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\itiofqsh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ivlwzi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jcpvpl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rvtuxlhc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ftycxgth.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\danhoyes.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ifmxmufa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qqiuyi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\xexvorby.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\xgituovq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yuivrjrq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\zdwroa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\buglix.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mvdkyx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mysvbv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\lxgdgs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\lyfueoth.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\nljtxbxq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\nmqrmsxs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\gbbrkkof.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccfrqvk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fmksqs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlnhkahi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\lgmldj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\vqhbrgij.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\vqjwgjwn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\vxtwmcds.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\iaouvfla.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\htyxrjcd.dll (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\SYSTEM32\upsydroh.dll (Trojan.Vundo) -> No action taken.
C:\autorun.inf (Trojan.DNSChanger) -> No action taken.
C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\wav.cpl (Rogue.WindowsAntivirus2008) -> No action taken.
C:\Documents and Settings\Jason Arnold\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Jason Arnold\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Jason Arnold\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Jason Arnold\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM3bc918ed.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM3bc918ed.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Temp\tempo-832.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\SYSTEM32\algg.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> No action taken.
c:\documents and settings\Jason Arnold\favorites\Antivirus Scan.url (Rogue.Link) -> No action taken.
Here is the hijackthis log after scan and removal.
rend Micro HijackThis v2.0.2
Scan saved at 8:16:12 PM, on 5/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.51/hp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.yimg.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.mail.yahoo.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;*.pogo.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {63B5242F-B69B-47DC-AAD3-5319546F0C2C} - (no file)
O2 - BHO: (no name) - {ACEE3F05-8427-4D68-A2EC-44640162C588} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lwinst Run Profiler] .\Lwtest.exe /detect /quiet /launch ".\Lwpevntm.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvfk.exe] C:\WINDOWS\system32\kdvfk.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: qnryld.dll dxxent.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 9789 bytes
Hi Adam
Glad you got it working again. To continue the cleanup:
Start HJT and click to do a Scan Only. Place a check mark in the box next to the following items, close all open browser windows, then click the Fix Checked button:
O2 - BHO: (no name) - {63B5242F-B69B-47DC-AAD3-5319546F0C2C} - (no file)
O2 - BHO: (no name) - {ACEE3F05-8427-4D68-A2EC-44640162C588} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvfk.exe] C:\WINDOWS\system32\kdvfk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: qnryld.dll dxxent.dll
After fixing, close HJT and reboot.
Next, please download ComboFix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Note: It is important that it is saved directly to your desktop.
Close any open browsers.
Double click on combofix.exe and follow the prompts.
If asked to install Recovery Console, please allow it.
When it's finished it will produce a log.
Post me the log and a new HJT log.
Note: Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Brian
Related Articles
Computer Security & Viruses
Answers by Expert:
Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributor of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
©2012 About.com, a part of The New York Times Company. All rights reserved.