Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll Error - X Error Loading C:\windows\system32\kfyxjtam.dll


  • Please log in to reply
15 replies to this topic

#1 Sprinks

Sprinks

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:07:26 AM

Posted 09 May 2008 - 12:01 PM

Dell Dimension 8250 running Windows XP.
Here are the details when starting my computer;
1. Start up
2. Select user
3. While my personal settings are loading I get the following error message: Error loading c:\windows\system32\kfyxjtam.dll Access denied
4. Open up Windows Explorer and my home web site loads, but then I notice many other sites attempting to load, this prevents me from going to any other web sites. This continues indefinitely (I think my computers anti-virus keeps it from successfully loading). An example of what attempts to load is ADS.Trasapretty.com
5. I give up and close down my computer.

I am sending this message from work because I cannot access your web site from the problem computer at home, so what ever you suggest will have to be transferred from work to home. Thank you in advance for your help and for your patience.

Sprinks

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 09 May 2008 - 12:07 PM

to avoid duplication of programs suggested, we need to know which antivirus program you ARE running and what other protection programs are on board; when last fully updated and run on deep computer scans

#3 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:07:26 AM

Posted 12 May 2008 - 05:47 AM

Thanks for your reply Ruby.
I use Bsafeonline Security Suite that provides McAfee anti-virus and spyware, pop-up blocker and other protection software. The web site is http://bsafehome.com/?gclid=CIz_y7jioJMCFQRJFQodKi303g should you need more information on this product. I should also mention that I use many of the cleaning programs suggested here. They identify the intruders, but some appear to not be eliminated when selected to do so.

Sprinks

#4 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:07:26 AM

Posted 16 May 2008 - 06:55 AM

I've updated my anti-virus and run a complete check and quarantined the viruses it found. I have also updated and run Ad-Ware and deleted those problems. I do not get the start-up errors I originally wrote about. The most prevalent problem that keeps showing up is something called “VUNDO”. This is showing up in several locations and cannot be deleted. What can you suggest? I have the whole weekend to dedicate to this issue. Looking forward to your reply.

Thanks again,
Sprinks

#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 16 May 2008 - 09:08 AM

you may like to try running this program


Superantispyware; guide on how to install and run



If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


http://www.superantispyware.com/index.html

Download to the Downloads folder the free exe to superantispyware from here


http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure


please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’


A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu


If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program

#6 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:07:26 AM

Posted 18 May 2008 - 08:02 PM

Thank you Ruby1, I down-loaded Superantispyware and ran it in safe mode. It found stuff but did not save the log file, so I ran it again in normal mode and here is what it found;
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2008 at 09:07 PM

Application Version : 4.0.1154

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type : Quick Scan
Total Scan Time : 00:17:34

Memory items scanned : 454
Memory threats detected : 0
Registry items scanned : 488
Registry threats detected : 10
File items scanned : 8616
File threats detected : 114

Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35c20813-e94e-436f-aa0f-adef0b59956a}
HKCR\CLSID\{35C20813-E94E-436F-AA0F-ADEF0B59956A}
HKCR\CLSID\{35C20813-E94E-436F-AA0F-ADEF0B59956A}\InprocServer32
HKCR\CLSID\{35C20813-E94E-436F-AA0F-ADEF0B59956A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JTPAJURS.DLL
C:\WINDOWS\SYSTEM32\BIKLJXQL.DLL
C:\WINDOWS\SYSTEM32\HTEREFJL.DLL
C:\WINDOWS\SYSTEM32\IMDCJKDH.DLL
C:\WINDOWS\SYSTEM32\JBMYDBBY.DLL
C:\WINDOWS\SYSTEM32\JYXPAGTU.DLL
C:\WINDOWS\SYSTEM32\KDVOSWVO.DLL
C:\WINDOWS\SYSTEM32\OIOCEPUQ.DLL
C:\WINDOWS\SYSTEM32\TDILYLYI.DLL
C:\WINDOWS\SYSTEM32\TNMYUMGR.DLL

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63AB48C9-01A8-495C-8194-A715DB8A37A2}
HKCR\CLSID\{63AB48C9-01A8-495C-8194-A715DB8A37A2}
HKCR\CLSID\{63AB48C9-01A8-495C-8194-A715DB8A37A2}\InprocServer32
HKCR\CLSID\{63AB48C9-01A8-495C-8194-A715DB8A37A2}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\EFCCRQNL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{63AB48C9-01A8-495C-8194-A715DB8A37A2}
HKCR\CLSID\{63AB48C9-01A8-495C-8194-A715DB8A37A2}

Adware.Tracking Cookie
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@ads.vlaze[3].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@cz8.clickzs[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@nextag[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@burstnet[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@site[3].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@cgi-bin[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@stat.onestat[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@image.masterstats[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@eas.apm.emediate[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@mb[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@bs.serving-sys[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@cz3.clickzs[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@insight[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@trafficmp[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@sales.liveperson[3].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@statcounter[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@ads.expedia[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@adnetserver[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@e-2dj6wcliqhczkkp.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@cz5.clickzs[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@e-2dj6wgmielcpwko.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@e-2dj6wgmysndjwfq.stats.esomniture[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@anat.tacoda[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@e-2dj6wfmyspc5wfq.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@ads.pointroll[3].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@toplist[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@e-2dj6wjlyugcjcbo.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@ads.topix[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@server.iad.liveperson[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@e-2dj6wjnyomcpegp.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@media.hotels[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@paypal.112.2o7[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@collective-media[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@ad.yieldmanager[3].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@account.family[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@sales.liveperson[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@rotator.adjuggler[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@realmedia[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@cz6.clickzs[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@atwola[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@e-2dj6wjkygjajakp.stats.esomniture[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@ads.monster[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@e-2dj6wfkiomczodo.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@media.cardomain[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@rotator.dex.adjuggler[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@ads.traderonline[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@e-2dj6wjnyglajwep.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@secure.advancedcleaner[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@2o7[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@precisionclick[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@www.sexy-photos[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@www.popuptraffic[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@cz7.clickzs[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@servedby.adxpower[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@gotquestions[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@82.98.235[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@e-2dj6wcmyajazwfo.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@clickbank[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@www.checkmystats.com[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@ads.oneplace[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@5255712[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@adportmedia[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@primedia.us.intellitxt[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@deepdiscount[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@hitbox[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@e-2dj6wfkosocjwgo.stats.esomniture[2].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@www.puristat[3].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick_eskelson@anad.tacoda[1].txt
C:\Documents and Settings\Kendrick Eskelson\Cookies\kendrick eskelson@e-2dj6wjkysodzmgo.stats.esomniture[2].txt
C:\Documents and Settings\Ashley Eskelson\Cookies\ashley eskelson@insightexpress[2].txt
C:\Documents and Settings\Ashley Eskelson\Cookies\ashley eskelson@suncountry[1].txt
C:\Documents and Settings\Ashley Eskelson\Local Settings\Temp\Cookies\ashley eskelson@insightfirst[1].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@countomat[1].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@engine.adnet[1].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@kontera[3].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@kontera[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler_eskelson@kontera[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@scanner.malwarealarm[1].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@www.gatorcountry[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@te100.kontera[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@insightexpressai[1].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@te.kontera[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler_eskelson@adnetserver[1].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@gatorcountry[1].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@nir.regaccount[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler_eskelson@adnetserver[3].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler_eskelson@adnetserver[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler_eskelson@insightexpressai[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@whatcounts[2].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler_eskelson@insightexpressai[1].txt
C:\Documents and Settings\Tyler Eskelson\Cookies\tyler eskelson@inkcartrigediscounts[1].txt

Trojan.Unclassified/NVCOI
C:\Program Files\CPV

Trojan.Unclassified/MRT-Fake
C:\WINDOWS\SYSTEM32\BDKOWOHV.DLL
C:\WINDOWS\SYSTEM32\LSSOXKDS.DLL
C:\WINDOWS\SYSTEM32\OFNIVIWX.DLL
C:\WINDOWS\SYSTEM32\QHRFGWFY.DLL

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\EDUUJRWG.DLL
C:\WINDOWS\SYSTEM32\IWWEQLRC.DLL
C:\WINDOWS\SYSTEM32\KNRVBNDU.DLL
C:\WINDOWS\SYSTEM32\YHQGWTTI.DLL

Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\TOLIORLX.DLL

Adware.Vundo-Variant/N
C:\WINDOWS\SYSTEM32\UOKDRHVT.DLL

My computer seems to be running better, thanks. Take a look at this and let me know if there is more to do. I also updated all my MicroSoft Windows stuff and it also seemed to help rid me of VUNDO.

I look forward to your reply,
Sprinks

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:26 AM

Posted 18 May 2008 - 09:18 PM

Looks good now follow with this scan . Run in Normal mode.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Edited by boopme, 18 May 2008 - 09:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:07:26 AM

Posted 20 May 2008 - 08:13 PM

Thanks!
I downloaded Malwarebytes Anti-Malware per your instructions and saved both before and after cleaning logs, here they are:
Before removing:
Malwarebytes' Anti-Malware 1.12
Database version: 772

Scan type: Quick Scan
Objects scanned: 61763
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 89

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinBudget (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> No action taken.

Files Infected:
C:\Documents and Settings\Kendrick Eskelson\Local Settings\Temporary Internet Files\Content.IE5\B6CFR90L\moorate[1] (Trojan.AVKiller) -> No action taken.
C:\Documents and Settings\Kendrick Eskelson\Local Settings\Temporary Internet Files\Content.IE5\PW4799G1\kriv[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Kendrick Eskelson\Local Settings\Temporary Internet Files\Content.IE5\W3TJQU79\glas[1] (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\xxywVlKD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\xxyawvTN.dll (Backdoor.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\xxyayYpq.dll (Backdoor.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\nnnkHbAQ.dll (Backdoor.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\tuvSjIyv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\tuvTnLcB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\tuvtstuu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\tuvWqRJD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qoMccYPF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qoMgeCSM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qoMgeDtq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qoMghfGX.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qoMghgHb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXNFyyV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXOFyyY.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXOHBUl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXPgeeb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXQiJay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXQjhig.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXRJCvu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\geBqOiFw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jkkIATNE.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jkkIBSIx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jkkICspP.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jkkJdEwU.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jkkKawxu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\opnkkllM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\opnooMEW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ddcAppoM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ddcBQjKA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ddcYpoLD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRHbBRJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRHBqPG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRHxutt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRIaXRK.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRIxvVN.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRIYOIC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRJAsrP.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRJCVOH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRKEVNh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pmnoMcDV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\awtqoLeF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\awtrRLDV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\awttsRLD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\byXPIxwv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\byXQKdAR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\byXRkLFW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\efcASkjG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\hgGyvtSk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\hgGyyxYO.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\iiffEuUk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\iifgExwx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlJApMdE.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlJApMgD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlJAqqOG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlJBRKCu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlJCTNGx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlJDvTNh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlJYqQjH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yayaWQhf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yayvSmLE.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yaywwWME.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yayxxyXP.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ssqNHaWp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ssqPjhed.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ljJAPIbB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ljJBtsrs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ljJCsqOI.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ljJDSJaw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ljJyaWPj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ljJYRKef.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wvUkIYoO.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wvUlljkH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccbCsRl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccbYqNg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccbYron.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccccCVo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccdawWn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccdeeeb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccYOGYQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\khfDsroM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\khfDvwUO.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Kendrick Eskelson\g2mdlhlpx.exe (Trojan.Agent) -> No action taken.

After removing:
Malwarebytes' Anti-Malware 1.12
Database version: 772

Scan type: Quick Scan
Objects scanned: 61763
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 89

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Kendrick Eskelson\Local Settings\Temporary Internet Files\Content.IE5\B6CFR90L\moorate[1] (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kendrick Eskelson\Local Settings\Temporary Internet Files\Content.IE5\PW4799G1\kriv[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kendrick Eskelson\Local Settings\Temporary Internet Files\Content.IE5\W3TJQU79\glas[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xxywVlKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xxyawvTN.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xxyayYpq.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nnnkHbAQ.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tuvSjIyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tuvTnLcB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tuvtstuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tuvWqRJD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qoMccYPF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qoMgeCSM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qoMgeDtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qoMghfGX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qoMghgHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cbXNFyyV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cbXOFyyY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cbXOHBUl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cbXPgeeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cbXQiJay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cbXQjhig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cbXRJCvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\geBqOiFw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jkkIATNE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jkkIBSIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jkkICspP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jkkJdEwU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jkkKawxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\opnkkllM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\opnooMEW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ddcAppoM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ddcBQjKA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ddcYpoLD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRHbBRJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRHBqPG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRHxutt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRIaXRK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRIxvVN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRIYOIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRJAsrP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRJCVOH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRKEVNh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pmnoMcDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\awtqoLeF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\awtrRLDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\awttsRLD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\byXPIxwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\byXQKdAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\byXRkLFW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\efcASkjG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hgGyvtSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hgGyyxYO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\iiffEuUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\iifgExwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mlJApMdE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mlJApMgD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mlJAqqOG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mlJBRKCu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mlJCTNGx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mlJDvTNh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mlJYqQjH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yayaWQhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yayvSmLE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yaywwWME.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yayxxyXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ssqNHaWp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ssqPjhed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJAPIbB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJBtsrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJCsqOI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJDSJaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJyaWPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJYRKef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wvUkIYoO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wvUlljkH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fccbCsRl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fccbYqNg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fccbYron.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fccccCVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fccdawWn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fccdeeeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fccYOGYQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\khfDsroM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\khfDvwUO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kendrick Eskelson\g2mdlhlpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Looking forward to your next assignment.

Appreciately,
Sprinks

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:26 AM

Posted 20 May 2008 - 09:13 PM

Is the original problem still there?
Lets run another Vundo tool.
First clean out the dead files...

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

NOW
Please download VundoFix to your desktop.
  • Double-click VundoFix.exe to run it. If using Windows Vista be sure to Run As Administrator.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the 'Fix Vundo' button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot. Follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Edited by boopme, 21 May 2008 - 10:48 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:07:26 AM

Posted 21 May 2008 - 07:40 PM

In the modern saying of Jack Benny "I have nothing to post". Thank you Boopme. I ran ATF-Cleaner then VundoFix and then rebooted my computer and ran VundoFix again, nothing!

Am I finally rid of these menaces?

Now what?

Sprinks

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:26 AM

Posted 21 May 2008 - 07:57 PM

Looks good... Finish up with this

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Unicron-1

Unicron-1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 27 May 2008 - 05:08 PM

:trumpet: :flowers: :thumbsup: I had the same problems and followed the same instructions. It's wonderful that this works! I didn't just find and kill the VUNDO but 8 other problems as well. I recommend this fix for everyone who has got a Antivirus warning from their primary virus scanner. Thank you for the great information and reliable teaching! ~ Jim

#13 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:07:26 AM

Posted 30 May 2008 - 07:13 AM

:trumpet: Sorry for the delayed reply, holiday weekend you know.
I completed the rest of your instructions and my computer is finally clean! :thumbsup: Thank you so much for your help!

I will be sending you a donation. I only mention this hoping others who have benefited from this web site also support it. Have you checked out brick and mortar computer service prices? BleepingComputer is a gift! :flowers:

Thank you again,
Sprinks

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:26 AM

Posted 30 May 2008 - 07:38 AM

You're welcome on behalf of the Bleeping Computer community.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Best Practices - Internet Safety for 2008".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings".
• "How to Set Security Options in the Firefox Browser".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 30 May 2008 - 09:58 AM

:trumpet: :flowers: :thumbsup: I had the same problems and followed the same instructions. It's wonderful that this works! I didn't just find and kill the VUNDO but 8 other problems as well. I recommend this fix for everyone who has got a Antivirus warning from their primary virus scanner. Thank you for the great information and reliable teaching! ~ Jim

with the greatest of respect; you should NEVER follow instructions given to another person on a forum ;your computer if different from/to theirs; to do so CAN render a comp sicker than before , if not unuseable

if you encounter another problem please start your OWN thread to seek help :inlove:

also


I recommend this fix for everyone who has got a Antivirus warning from their primary virus scanner.


you do not know that this 'fix' will be appropriate for anyone elses computer do you?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users