Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92032 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!



  • This topic is locked This topic is locked
1 reply to this topic

#1 Ozzie


    New Member

  • New Member
  • Pip
  • 2 posts

Posted 20 May 2008 - 05:26 PM

Here is my log file. Malwarebytes' Anti-Malware 1.12 Database version: 722 Scan type: Quick Scan Objects scanned: 34613 Time elapsed: 5 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 19 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\geBSIaXn.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\urqRKAtS.dll (Trojan.Vundo) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c85ff07-7063-4746-8755-6cd7428ba4d6} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3c85ff07-7063-4746-8755-6cd7428ba4d6} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{37c7544b-ff31-4ebe-8c03-57d1e2d0ebf7} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{47551f98-cc7f-4701-a650-d7231eea60bd} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47551f98-cc7f-4701-a650-d7231eea60bd} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrkats (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{47551f98-cc7f-4701-a650-d7231eea60bd} (Trojan.Vundo) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsiaxn -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsiaxn -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\boskudrq.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\qrduksob.ini (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\geBSIaXn.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\nXaISBeg.ini (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\nXaISBeg.ini2 (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\hexkqmny.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\ynmqkxeh.ini (Trojan.Vundo) -> No action taken. C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken. C:\WINDOWS\system32\urqRKAtS.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\yayaBRJY.dll (Trojan.Vundo) -> No action taken. I clicked the remove problems button and it said certain files could not be fixed and told me to restart the computer. Leah


Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 21 May 2008 - 04:46 AM

Your post has been Moved, Closed or Edited for one of the following reasons:

1.) You posted multiple topics and only one is required

2.) You are spamming links to other places without approval

3.) You have posted your hijackthis log to the wrong forum:
( http://forums.whatth...emoval_f27.html ) <--- correct forum for HijackThis Logs

4.) Abusive language or other problems in your text

5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you

If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense

This is a family oriented forum to help those that need help.


Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users