6 replies to this topic

[knasky]

I've tried numerous software, but it keeps coming back! Malwarebytes is the only scan that even picks it up. But like others have posted, after quarantine/deletion/reboot, it's back again (and again...) Any help would be greatly appreciated. Thanks so much. (Panda results soon to follow.)

Malwarebytes' Anti-Malware 1.29
Database version: 1286
Windows 5.1.2600 Service Pack 3

11/2/2008 8:56:01 PM
mbam-log-2008-11-02 (20-55-53).txt

Scan type: Quick Scan
Objects scanned: 56692
Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
G:\WINDOWS\system32\urqOHAPj.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: g:\windows\system32\urqohapj -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: g:\windows\system32\urqohapj -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
G:\WINDOWS\system32\urqOHAPj.dll (Trojan.Vundo.H) -> No action taken.
G:\WINDOWS\system32\jPAHOqru.ini (Trojan.Vundo.H) -> No action taken.
G:\WINDOWS\system32\jPAHOqru.ini2 (Trojan.Vundo.H) -> No action taken.
G:\WINDOWS\system32\tcpyjmwd.dll (Trojan.Vundo.H) -> No action taken.
G:\WINDOWS\system32\dwmjypct.ini (Trojan.Vundo.H) -> No action taken.
G:\WINDOWS\system32\hmvsquss.dll (Trojan.Vundo.H) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:53 PM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\WINDOWS\eHome\ehRecvr.exe
G:\WINDOWS\eHome\ehSched.exe
G:\Program Files\MozyHome\mozybackup.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
G:\WINDOWS\ehome\ehtray.exe
G:\Program Files\Windows Defender\MSASCui.exe
G:\WINDOWS\stsystra.exe
G:\WINDOWS\system32\hphmon04.exe
G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Documents and Settings\Kevin\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
G:\Program Files\MozyHome\mozystat.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\system32\dllhost.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Documents and Settings\Kevin\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\Kevin\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
G:\Program Files\Webroot\Spy Sweeper\SSU.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

- (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -

G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] "G:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HPHmon04] G:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common

Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "G:\Program Files\Webroot\Spy

Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "G:\Documents and Settings\Kevin\Local

Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] "G:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "G:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "G:\Program

Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" -s
O4 - Global Startup: MozyHome Status.lnk = G:\Program

Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://G:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}

- G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager -

{531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - G:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

G:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windowsupd...n/x86/client/wu

web_site.cab?1216838510671
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553545000} -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: jnmvpw.dll g:\progra~1\google\google~1\goec62~1.dll

yrwycw.dll labkne.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated -

G:\Program Files\Common Files\Adobe\Adobe Version Cue

CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) -

Unknown owner - G:\Program Files\Adobe\Photoshop Elements

6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

G:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.8522

(GoogleDesktopManager-090808-172447) - Google - G:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision

- G:\Program Files\Common

Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner -

G:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPH11 - HP - G:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. -

G:\WINDOWS\system32\STacSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -

Webroot Software, Inc. (www.webroot.com) - G:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe

--
End of file - 10653 bytes

[AdvancedSetup]

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

NOTE: You're running an OLD version of Malwarebytes. Following the instructions in the above post asks you to UPDATE the program.

When ready please post your logs back here again.

During this scan and cleanup process you should not install any other software unless requested to do so.

[knasky]

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-11-03 07:48:48
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Defender 1.1.4005.0 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00519333 Application/Processor HackTools No 0 Yes No G:\Documents and Settings\Kevin\My Documents\Downloads\VirtumundoBeGone.exe
03991908 Generic Backdoor Virus/Trojan No 0 Yes No G:\Documents and Settings\Kevin\Local Settings\Temp\is-LPCVQ.tmp\askBarSetup.exe
03991908 Generic Backdoor Virus/Trojan No 0 Yes No G:\Documents and Settings\Kevin\Local Settings\Temp\is-74LAH.tmp\askBarSetup.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location Q
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description Q
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

[knasky]

AdvancedSetup, on Nov 3 2008, 02:03 AM, said:

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

NOTE: You're running an OLD version of Malwarebytes. Following the instructions in the above post asks you to UPDATE the program.

When ready please post your logs back here again.

During this scan and cleanup process you should not install any other software unless requested to do so.

Malwarebytes' Anti-Malware 1.30
Database version: 1358
Windows 5.1.2600 Service Pack 3

11/3/2008 8:05:47 AM
mbam-log-2008-11-03 (08-05-47).txt

Scan type: Quick Scan
Objects scanned: 58210
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
G:\WINDOWS\system32\urqOHAPj.dll (Trojan.Vundo.H) -> Delete on reboot.
G:\WINDOWS\system32\jnmvpw.dll (Trojan.Vundo) -> Delete on reboot.
G:\WINDOWS\system32\yrwycw.dll (Trojan.Vundo) -> Delete on reboot.
G:\WINDOWS\system32\labkne.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c8c403a8-87c6-4317-afca-56d53e702ea8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9902602e-e817-4835-9231-150d86331284} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hxgzeiw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hxgzeiw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: g:\windows\system32\urqohapj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: g:\windows\system32\urqohapj -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
G:\WINDOWS\system32\urqOHAPj.dll (Trojan.Vundo.H) -> Delete on reboot.
G:\WINDOWS\system32\jPAHOqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\jPAHOqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\jnmvpw.dll (Trojan.Vundo) -> Delete on reboot.
G:\WINDOWS\system32\yrwycw.dll (Trojan.Vundo) -> Delete on reboot.
G:\WINDOWS\system32\labkne.dll (Trojan.Vundo) -> Delete on reboot.
G:\WINDOWS\system32\bbwjpsjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\csndunxl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\ctdjhz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\lploxast.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\mlJYpqpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\nnnkHyay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\opnommlk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\rsgihpbc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\sxjicgoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\trxcwr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\drivers\pabe.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

[AdvancedSetup]

Please update MBAM again and do another Quick Scan. Fix anything listed and REBOOT your computer.

After the reboot run HJT and do a Scan and save log.

Then post back both of those logs.

[AdvancedSetup]

Please provide a status update on this.

[AdvancedSetup]

[indent]Since there has been no response for 5 days I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions


Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org[/indent]

.