Random pop up searches

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Tennisbear

Thread Starter
Joined
Sep 27, 2008
Messages
3
Hi, just today I somehow picked up a nasty virus. I ran both adaware and AVG and neither seemed to pick up anything. However adaware noticed a suspicious process called "faceback.exe" and advised me to report it to them, however they provided no help as to what it was. I've been getting random pop ups (mostly in IE) for search results of random words like "korn" and books". Two trojan installers were also found on my desktop after the attack so I quickly deleted them. I haven't been able to get IE to load anything at all. Also, this may or may not be related, but when i go to the google homepage there are two search bars with the google logo over there. Like one on top of the other, kindof weird. Here is a copy of my hijack this log and let me know if you need any additional information. (currently running xp)

[NEW LOG FILE BELOW]

Any help would be greatly appreciated

*also it appears that whenever I click a link something called http://interplusclick.com/ opens a new tab then redirects to a random site. I've also got a "server busy" error popup.
*another update, I downloaded spyware search and destroy and it appeared to fine 70 items and recovered them all. however when windows restarted a bunch of MSDOS windows popped up and started doing things and then closed. After all this the problems persisted and now with spybot running i keep getting detections that an important registry entry has been changed.
*alright one more update, I guess im infected with some trojan called Virtumonde. I'm not really sure what that means but I've been trying to figure out a fix. Please help!

I did something right and now my google is back to normal and I can once again load things with internet explorer. When i now run spybot i get two infections everytime, virtumonde.dll and virtumonde.prx. I've rescanned with hijackthis and here is my new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:08 PM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: ogrzjv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9888 bytes

Help plleeeeeeease :)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm

then

Please download http://www.malwarebytes.org/affiliates/thespykiller/mbam-setup.exe (Malwarebytes' Anti-Malware) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please include this log in your next reply.
 

Tennisbear

Thread Starter
Joined
Sep 27, 2008
Messages
3
Hey thanks a lot! here is my log file

Malwarebytes' Anti-Malware 1.28
Database version: 1222
Windows 5.1.2600 Service Pack 2

9/30/2008 12:48:18 AM
mbam-log-2008-09-30 (00-48-18).txt

Scan type: Quick Scan
Objects scanned: 46456
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 24
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yayvSjkj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ydeingev.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ogrzjv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yggimc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ijtvypob.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qfilxz.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccawmlm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{914afb5a-ee73-4df0-8dc0-635a00d4bf22} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{914afb5a-ee73-4df0-8dc0-635a00d4bf22} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8930567-1408-450c-9685-90c34a7a5d0b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e8930567-1408-450c-9685-90c34a7a5d0b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{89046018-62c3-45e2-a6e9-07231ab38775} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bchanger (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1cefa9ea (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrblock21 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1fdc9a76 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayvsjkj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvsjkj -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\SpyGuardPro (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BChanger (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpyGuardPro (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpyGuardPro\Logs (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fccaWmlM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfilxz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayvSjkj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkjSvyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkjSvyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ydeingev.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vegniedy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogrzjv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yggimc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ijtvypob.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qttcmuwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaWmlM.dll.bak (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmpwajpl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sqjcembq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tatoyr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\gettpa221.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\gettpa421.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\86AHJKD1\upd105320[1] (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\WJSL6HEB\nd82m0[1] (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\SpyGuardPro\history.db (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
C:\Program Files\SpyGuardPro\ResErrors.log (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BChanger\bchanger.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BChanger\data.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BChanger\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpyGuardPro\avtasks.dat (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpyGuardPro\Logs\av.log (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpyGuardPro\Logs\ga6Support.log (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpyGuardPro\Logs\update.log (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpbqoldt.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1fdc9a76.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1fdc9a76.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That seems to have found & fixed quite abit

reboot TWICE

then run MBAM again and post its new log please
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top