Removal Of Trojan.heur.vundo
Hi, I am having troubles removing a couple Trojans from my system.
The viruses are the Gen:Trojan.Heur.Vundo.402CD3C3C3. After running a deep system scan, Bit Defender was not able to fix or delete the two viruses.
In addition to that, every time I boot up Windows, I am getting an alert from Bit Defender, trying to add Virusine.dll in the system32 folder to the Windows Registry. It gives me the option to Allow or Block, but no matter what I select, the alert will keep popping up forever.
Can someone please tell me how to resolve these two problems. I am assuming the Virusine.dll is related somehow to the Trojans I have picked up.
Thanks!
Comments
-
Please paste here the full scan log. We need to see the files(s) location
0 -
I'm a different person, but I'm having the same issue! I have BitDefender Antivirus 2009. Here's my log.
BitDefender Log File
Product : BitDefender Antivirus 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 15:52:37 05/03/2009
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1236286357_1_02.xml
Scan Paths:Path 0000: C:\
Path 0001:
\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 2752905
Archive plugins : 45
Email plugins : 6
Scan plugins : 13
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 503952
Infected items : 385
Suspicious items : 0
Resolved items : 13
Unresolved items : 378
Password-protected items : 6
Individual viruses found : 369
Scanned directories : 11680
Scanned boot sectors : 4
Scanned archives : 11975
Input-output errors : 52
Scan time : 02:04:58
Files per second : 66
Scanned processes summaryScanned : 77
Infected : 0
Scanned registry keys summaryScanned : 1232
Infected : 0
Scanned cookies summaryScanned : 1232
Infected : 0
Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\Ashlee\.housecall6.6\Quarantine\netpass[1].zip.bac_a05788=](Quarantine-4)=]netpass.exe Application.NetPass.I Delete Failed (file was in an archive)
[system]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\parupiwawo=]C:\WINDOWS\SYSTEM32\SETIHIKI.DLL Gen:Trojan.Heur.Vundo.402CD3C3C3 Infected
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 Delete Failed
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 Delete Failed
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\setihiki.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
C:\WINDOWS\system32\vezewavu.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 No action was possible
[system]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CPM3d975d56=]C:\WINDOWS\SYSTEM32\MABARILI.DLL Gen:Trojan.Heur.Vundo.600CF3E3E3 Infected
[system]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\SSODL=]C:\WINDOWS\SYSTEM32\FUZOYALU.DLL Gen:Trojan.Heur.Vundo.600CF3E3E3 Infected
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 Delete Failed
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 Delete Failed
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 Delete Failed
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
c:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 No action was possible
C:\WINDOWS\system32\fuzoyalu.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 Delete Failed
C:\WINDOWS\system32\mabarili.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 Delete Failed
C:\WINDOWS\system32\muzupera.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 Delete Failed
[system]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{57C111F1-BE7F-45E3-8B94-55AC0DE85FD5}=]C:\WINDOWS\SYSTEM32\VNGYYO.DLL Gen:Trojan.Heur.Vundo.80EC130303 Infected
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 Delete Failed
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
C:\WINDOWS\system32\vngyyo.dll Gen:Trojan.Heur.Vundo.80EC130303 No action was possible
Resolved issues:Object Name Threat Name Final Status
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 Backdoor.Generic.89850 Deleted
C:\Documents and Settings\Ashlee\.housecall6.6\Quarantine\setihiki.dll.bac_a05788=](Quarantine-4) Gen:Trojan.Heur.Vundo.402CD3C3C3 Deleted
C:\Documents and Settings\Ashlee\.housecall6.6\Quarantine\vezewavu.dll.bac_a05788=](Quarantine-4) Gen:Trojan.Heur.Vundo.402CD3C3C3 Deleted
C:\Documents and Settings\Ashlee\.housecall6.6\Quarantine\viseloko.dll.bac_a05788=](Quarantine-4) Gen:Trojan.Heur.Vundo.402CD3C3C3 Deleted
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP312\A0041408.dll Gen:Trojan.Heur.Vundo.402CD3C3C3 Deleted
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP312\A0041410.dll Gen:Trojan.Heur.Vundo.600CF3E3E3 Deleted
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP312\A0041409.dll Gen:Trojan.Heur.Vundo.80EC130303 Deleted
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP312\A0041415.dll Gen:Trojan.Heur.Vundo.80EC130303 Deleted
C:\WINDOWS\system32\mefapiga.dll Gen:Trojan.Heur.Vundo.80EC130303 Deleted
C:\WINDOWS\system32\mkbbzu.dll Gen:Trojan.Heur.Vundo.80EC130303 Deleted
C:\WINDOWS\system32\peyobire.dll Gen:Trojan.Heur.Vundo.80EC130303 Deleted
C:\WINDOWS\system32\wekedahu.dll Gen:Trojan.Heur.Vundo.80EC130303 Deleted
C:\WINDOWS\system32\zumidiba.dll Gen:Trojan.Heur.Vundo.80EC130303 Deleted
Objects that were not scanned:Object Name Reason Final Status
C:\Documents and Settings\Ashlee\Local Settings\Temp\GLB3.tmp=](Dropped 0) Overcompressed No action was possible
C:\Documents and Settings\Ashlee\Local Settings\Temp\GLBEE.tmp=](Dropped 0) Overcompressed No action was possible
C:\Documents and Settings\Ashlee\Local Settings\Temp\GLBF9.tmp=](Dropped 0) Overcompressed No action was possible
C:\SWSetup\Adobe2\US\Adobe Reader 7.0.50.cab=]read0700win_ENUhpcq0700.pdf Password-protected No action was possible
C:\SWSetup\Adobe2\US\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\SWSetup\Adobe2\US\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible0 -
Firs of all, turn off System Restore.
To turn off Windows XP System Restore:1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer.
or for Vista...1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer
You have 2 options:
* Scan with BitDefender in Safe Mode: http://forum.bitdefender.com/index.php?showtopic=1378
or
* Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.
Open Notepad and copy/paste the text in the quotebox below into it:File::
C:\Documents and Settings\Ashlee\Local Settings\Temp\GLB3.tmp
C:\Documents and Settings\Ashlee\Local Settings\Temp\GLBEE.tmp
C:\Documents and Settings\Ashlee\Local Settings\Temp\GLBF9.tmp
C:\WINDOWS\system32\vngyyo.dll
C:\WINDOWS\system32\mefapiga.dll
C:\WINDOWS\system32\mkbbzu.dll
C:\WINDOWS\system32\peyobire.dll
C:\WINDOWS\system32\wekedahu.dll
C:\WINDOWS\system32\zumidiba.dll
C:\WINDOWS\system32\vngyyo.dll
C:\WINDOWS\system32\setihiki.dll
C:\WINDOWS\system32\muzupera.dll
C:\WINDOWS\system32\fuzoyalu.dll
C:\WINDOWS\system32\mabarili.dll
Save this as:
CFScript.txt
Drag CFScript.txt into ComboFix.exe
Then post the resultant log here.0 -
thank you so much for helping me. here's the log:
ComboFix 09-03-06.02 - Ashlee 2009-03-08 15:00:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.425 [GMT -4:00]
Running from: c:\documents and settings\Ashlee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ashlee\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Resident AV is active
FILE ::
c:\documents and settings\Ashlee\Local Settings\Temp\GLB3.tmp
c:\documents and settings\Ashlee\Local Settings\Temp\GLBEE.tmp
c:\documents and settings\Ashlee\Local Settings\Temp\GLBF9.tmp
c:\windows\system32\fuzoyalu.dll
c:\windows\system32\mabarili.dll
c:\windows\system32\mefapiga.dll
c:\windows\system32\mkbbzu.dll
c:\windows\system32\muzupera.dll
c:\windows\system32\peyobire.dll
c:\windows\system32\setihiki.dll
c:\windows\system32\vngyyo.dll
c:\windows\system32\wekedahu.dll
c:\windows\system32\zumidiba.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Ashlee\Local Settings\Temp\GLB3.tmp
c:\documents and settings\Ashlee\Local Settings\Temp\GLBEE.tmp
c:\documents and settings\Ashlee\Local Settings\Temp\GLBF9.tmp
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\ajugonoy.ini
c:\windows\system32\dosesero.dll
c:\windows\system32\ejimubol.ini
c:\windows\system32\fomikago.dll
c:\windows\system32\fuzoyalu.dll
c:\windows\system32\gumizoju.dll
c:\windows\system32\hepozili.dll
c:\windows\system32\ihuvuvaz.ini
c:\windows\system32\ikozopav.ini
c:\windows\system32\ilizopeh.ini
c:\windows\system32\jajeluno.dll
c:\windows\system32\lobumije.dll
c:\windows\system32\lumatiwu.dll
c:\windows\system32\mabarili.dll
c:\windows\system32\muzupera.dll
c:\windows\system32\ogakimof.ini
c:\windows\system32\onulejaj.ini
c:\windows\system32\oresesod.ini
c:\windows\system32\ujozimug.ini
c:\windows\system32\uwitamul.ini
c:\windows\system32\vapozoki.dll
c:\windows\system32\vezewavu.dll
c:\windows\system32\yonoguja.dll
c:\windows\system32\zavuvuhi.dll\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://82.98.235.205
.
((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.
2009-03-05 14:40 . 2009-03-08 14:07 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-05 14:34 . 2009-03-05 14:34 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-03-05 14:34 . 2009-03-05 14:34 385 --a------ c:\windows\system32\user_gensett.xml
2009-03-05 14:31 . 2009-03-05 14:31 <DIR> d-------- c:\documents and settings\Ashlee\Application Data\BitDefender
2009-03-05 14:30 . 2009-03-05 14:30 <DIR> d-------- c:\program files\BitDefender
2009-03-05 14:30 . 2009-03-05 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-03-05 14:26 . 2009-03-05 14:31 <DIR> d-------- c:\program files\Common Files\BitDefender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-05 18:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-05 18:27 --------- d-----w c:\program files\Lavasoft
2009-03-02 11:07 --------- d-----w c:\documents and settings\Ashlee\Application Data\Move Networks
2009-02-11 16:48 --------- d-----w c:\program files\Palm
2009-02-11 16:43 --------- d-----w c:\program files\Lx_cats
2009-01-20 20:09 --------- d-----w c:\documents and settings\Ashlee\Application Data\ZoomBrowser EX
2007-05-16 15:26 98,184 -c--a-w c:\documents and settings\Ashlee\Application Data\GDIPFONTCACHEV1.DAT
2007-02-11 14:57 476,752 -c--a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-12-16 22:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2008-08-06 16:43 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-10-16 22:28 88 --sh--r c:\windows\system32\FE9BC17504.sys
2007-10-16 22:28 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-07 17:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 188416]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-06 29744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-01 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"MsmqIntCert"="mqrt.dll" [2008-04-13 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-23 c:\windows\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Ashlee\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
ImageMixer 3 SE Camera Monitor for SD.lnk - c:\program files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe [2008-12-11 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-04 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2009-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{57c111f1-be7f-45e3-8b94-55ac0de85fd5} - c:\windows\system32\vngyyo.dll
BHO-{b0e0ccc9-f821-469c-816a-29dd4dd5a16d} - c:\windows\system32\viseloko.dll
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-parupiwawo - c:\windows\system32\setihiki.dll
HKLM-Run-CPM3d975d56 - c:\windows\system32\fuzoyalu.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://stories.scrapbooksetc.com/create/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Ashlee\Application Data\Mozilla\Firefox\Profiles\kjp96wep.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - WR Definición
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/|http://mail.google.com/mail/?zx=1458o0owoygdw&shva=1#inbox|http://acrossthebranch.blogspot.com/|http://acrossthebranch.smugmug.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Ashlee\Application Data\Mozilla\Firefox\Profiles\kjp96wep.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 15:06:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????P????????@???????@
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\msdtc.exe
c:\program files\Lexmark 5200 Series\lxbtbmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-03-08 15:11:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-08 19:11:30
Pre-Run: 7,915,188,224 bytes free
Post-Run: 9,400,086,528 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
264 --- E O F --- 2009-02-26 11:08:120 -
Please pack this folder in an archive, protected with the password infected.
C:\Qoobox
Upload it on www.rapidshare.com or other server and leave here the download link.0 -
Thanks again for helping. Everything seems to be all better!
1. Download Link: Click here to download file
http://rapidshare.com/files/207190219/Qoobox.zip.html
MD5: 04294BEA644547619211F036DD294ADC
1. Delete Link: Click here to delete file
[removed]0 -
Thank you for the samples.
Do you still have problems ?
Please run again a full scan with BitDefender and past here the scan log.0 -
It seems to be only finding them in the Qoobox folders. Should I just delete those to take care of the problem?
BitDefender Log File
Product : BitDefender Antivirus 2009
Version : BitDefender UIScanner v.12
Scanning task : Full System Scan
Log date : 10:41:03 10/03/2009
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1236696063_1_02.xml
Scan Paths:Path 0000: C:\
Path 0001:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : No
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 2773477
Archive plugins : 45
Email plugins : 6
Scan plugins : 13
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 200188
Infected items : 4
Suspicious items : 0
Resolved items : 0
Unresolved items : 37
Password-protected items : 33
Individual viruses found : 3
Scanned directories : 11600
Scanned boot sectors : 4
Scanned archives : 3
Input-output errors : 30
Scan time : 00:59:31
Files per second : 55
Scanned processes summaryScanned : 75
Infected : 0
Scanned registry keys summaryScanned : 1224
Infected : 0
Scanned cookies summaryScanned : 1224
Infected : 0
Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\Ashlee\.housecall6.6\Quarantine\netpass[1].zip.bac_a05788=](Quarantine-4)=]netpass.exe Application.NetPass.I Disinfect Failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\vezewavu.dll.vir Gen:Trojan.Heur.Vundo.402CD3C3C3 Disinfect Failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\mabarili.dll.vir Gen:Trojan.Heur.Vundo.600CF3E3E3 Disinfect Failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\muzupera.dll.vir Gen:Trojan.Heur.Vundo.600CF3E3E3 Disinfect Failed
Objects that were not scanned:Object Name Reason Final Status
C:\Qoobox.zip=]Qoobox/Add-Remove Programs.txt Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/appdata.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/cache.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/Cookies.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/desktop.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/favorites.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/localappdata.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/localsettings.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/mypictures.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/personal.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/Profiles.Folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/programs.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/SetPath.bat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/startmenu.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/startup.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/SysPath.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/BackEnv/templates.folder.dat Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/CFScript_used_2009-03-08@15.00.txt Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/ComboFix-quarantined-files.txt Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/Documents and Settings/All Users/Application Data/Microsoft/Network/Downloader/qmgr0.dat.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/Documents and Settings/All Users/Application Data/Microsoft/Network/Downloader/qmgr1.dat.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/Documents and Settings/Ashlee/Local Settings/Temp/GLB3.tmp.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/Documents and Settings/Ashlee/Local Settings/Temp/GLBEE.tmp.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/Documents and Settings/Ashlee/Local Settings/Temp/GLBF9.tmp.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/_000006_.tmp.dll.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/_000007_.tmp.dll.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/_000008_.tmp.dll.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/_000011_.tmp.dll.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/_000019_.tmp.dll.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/ajugonoy.ini.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/dosesero.dll.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/ejimubol.ini.vir Password-protected No action was possible
C:\Qoobox.zip=]Qoobox/Quarantine/C/WINDOWS/system32/fomikago.dll.vir Password-protected No action was possible0 -
Good.
Delete ComboFix quarantine( C:\Qoobox\ && C:\Qoobox.zip ).
Do you still have problems ?!0 -
No, no more problems! Thanks so much!
0
