Virus Removal Help

Posted on 2009-02-18
Medium Priority
Last Modified: 2013-11-22
On my home computer I have a virus that has taken over and screwed things up pretty badly.  

First some history:  I had Symantec Coporate Edition installed on it but it stopped updateing itself.  It was an old version.  I installed AVG Free but after doing that my computer would blue screen in Windows Explorer.  So, I uninstalled, VPN'd in, and added it to my work list for Trend Micro Worry Free Business Advanced and installed that.

This virus is locking up programs as I open them, making them "hang."  Also it disabled my Task Manager.  I was able to log in as the Administrator in Safe Mode, install Spybot, and was able to remove many problems it found.  After I rebooted, the programs continue to lock up and are doing so now in Safe Mode as the Administrator as well.  I cannot even open regedit or install any program to fight it.  The first screen pops up, then it freezes.

Windows starts right up just fine.  But as soon as I log in as anyone the problems start.  I am able to get to Start --> Run which also allows me to get to the Command Prompt  I was thinking I could do something there or maybe even a bootable anti-virus disc might help also.  

Any suggestions?  They would be much appreciated.  
Question by:FH_JGoodwin
  • 4
  • 2
  • 2
  • +1
LVL 28

Assisted Solution

jhyiesla earned 400 total points
ID: 23672762
I'd download and run malwarebytes in safe mode (www.malwarebytes.org). It probably does a better job than spybot.

Hopefully that would make your system at least more stable.

However, personal opinion, if I get a PC that is that messed up, I usually try and stabilize it, remove any important data and reformat the drive and reinstall the OS.

Author Comment

ID: 23673251
I can try but like I said, I cannot run any program or .exe files - they just lock up.  Even in Safe Mode now as the Admin.
LVL 28

Expert Comment

ID: 23673366
Sorry... missed that.

If you have or can do so, create a BartPE disk and boot from that.  Could be that might give you access to do something on the disk like run malwarebytes.

My only other suggestion would be to put the drive in another system as a secondary and copy all of the data off, put it back in original PC, reformat and reload.
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

LVL 10

Expert Comment

ID: 23675324
Hi there,

Well I think the first thing we need to do is remove symantec from the pc.
It can be a bit of a bother to remove.
See if you can run this tool on the machine:


Author Comment

ID: 23675361
Symantec has been removed.  AVG has been installed and removed because of the blue screens.  I only run one Anti-Virus on my computer at a time.  Thanks for trying to help though.  

jhyiesla, i'm going to try the BartPE disc thing.  That might actually work, as long as I can track down my original OS CD.  I'll let you know if it works.  Thanks again!
LVL 10

Assisted Solution

frostburn earned 400 total points
ID: 23675480
Well in that case booting from either BartPE and running a spyware app to see what i can detect is a good option.
Also running a repair from your XP CD would replace all corrupt/infected system files and might give you a better shot at getting into the O/S.

Good Luck

Author Comment

ID: 23675574
I might try the repair from the XP CD first before I make the BartPE disc.  Good idea.  Thanks.
LVL 47

Accepted Solution

rpggamergirl earned 1200 total points
ID: 23699770
1. If you go to Start > Run > and type in:


In the command prompt, type:

ftype exefile="%1" %*

Are you able to run .exes?
The above procedure restores the default association for exe files in case some nasties are messing with it.

2.  If you re-download MalwareBytes and rename it before saving to your desktop and rename the .exe again after installation does it run? If could be one of those rootkits like TDSS.
It's also possible that this could be a file infector virut or sality that infects all .exes.
3.  Also check if you can run Combofix, rename it before saving to your desktop(rename without the string combofix or combo)

Please download ComboFix by sUBs:

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Author Closing Comment

ID: 31548353
I've assined points to everyone who attempted to help.  Thanks again.

rpggamergirl, I ran the command that you suggested.  I then rebooted.  My computer was stuck in "windows is shutting down" mode so I manually shut it down.  I then started it back up and back into safe mode as the admin.  I could run .exe files!!!!!!  I quickly downloaded malwarebytes and then disconnected my internet cable.  Malwarebytes found 178 infected files!!!!  I haven't had much time to play with it but I think my computer is fixed and back and running now.  Thanks again everyone.  

In case you are curious, here is the log from malwarebytes.  It left a few that it did not remove but supposedly fixed them after a reboot:

Malwarebytes' Anti-Malware 1.34
Database version: 1799
Windows 5.1.2600 Service Pack 3

2/24/2009 2:01:26 PM
mbam-log-2009-02-24 (14-01-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 234065
Time elapsed: 42 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 18
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 146

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\obylxlqv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jqpfdw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\iifcDWQh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\awwcaeet.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\llwmsh.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcdwqh (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91d9cfa0-ed10-4ee1-a689-29bc3ae3f464} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{91d9cfa0-ed10-4ee1-a689-29bc3ae3f464} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b4a5614-8c08-4e67-9846-4ebbbd47e3aa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b4a5614-8c08-4e67-9846-4ebbbd47e3aa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0de64c3b-4f8e-4660-a67e-40735542ae3a} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{390ffc25-d6a1-43f6-a36e-4ffca834534f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{32998497-11af-41a0-932c-a0ef05b1975e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a085f0bc (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\iifcDWQh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\opnmJBtQ.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\QtBJmnpo.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\QtBJmnpo.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\llwmsh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\catdlras.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\sarldtac.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\obylxlqv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vqlxlybo.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\oryfdsdj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jdsdfyro.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\utxwsxpa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\apxswxtu.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jqpfdw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\awwcaeet.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4BC1P63B\index[1] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4BC1P63B\qw[1] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Haddix\Local Settings\Temporary Internet Files\Content.IE5\3R5V556C\upd105320[1] (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1383\A0130084.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1383\A0130085.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1383\A0130088.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1388\A0131085.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1388\A0131088.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1388\A0131094.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1389\A0131177.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1389\A0131178.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1392\A0131468.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1392\A0131469.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1393\A0131520.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1393\A0131521.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1393\A0131535.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1393\A0131541.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1394\A0133542.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1395\A0133548.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\adtmtm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\aquhcw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\awtQiJdB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\awtrrRiI.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\awttrRkL.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\bflanz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\bqypbuha.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\bxhbzs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\byXPIxvw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\byXQGxxw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\byXQIXno.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\byXrOFuS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXNGwuU.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXOEvut.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\cbXRLfdb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\clickfile.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\czevbs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ddcCVmjj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\dforfc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\dlobnm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\dmcojz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\duswcc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\efcBQKcA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\efcyXqqR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fcccBsrO.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fccDtQjH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\fiwbnkdk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\gcmvts.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\goyejihm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\hjwvew.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\hpgblz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\hsnwrl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\hvhqaq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\iifeeCVP.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\iiffFxVn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\iifgHbxw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\japlbu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jfgacc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jkkJcAPf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\jkkLCSJC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\kemumi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\khfFYOEt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\kvsswy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\kzbqpf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ljJCvvTM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ljJYQHbb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\lkskqh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\lqrskdjs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\lwxwyf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\madqap.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mlJayYRj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\nhlkopwy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\nicavvlg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\nnnNdeEW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\oaexigpl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\obooty.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\oecvjs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ofhblj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\oixgzm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\omwtudse.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\opnonkLe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pgjidn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pjodhrru.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pkhyvh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ptyxtk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qcbgzx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qmlyau.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qoMcbxWP.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qoMfghHa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qoMgeCRk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rcnhdb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\regvvk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rhuavz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rQhefEUM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRJDVLb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\rqRLfcBU.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ryoakp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\sclygpnl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\stnjadda.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\syppod.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\tjilhr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\unvjer.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\urqPhgHA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\urqqNddA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\urqRIaXo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\urzzxu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\vbuegh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\vtUkhHwX.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wdlbhw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wzedsf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\xihlkt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\xtsqhy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\xxywULcB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\xxyyyVLd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yATmLcyV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yaywurSk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yayyXRKb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ynsrnc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\yqfhql.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ziwnux.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\tp2\EN2tC23.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\SYSTEM32\ntdll64.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\998.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\dbsppqou.dll (Trojan.vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\frmwrk32.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\xxxxxx\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\xxxxxx\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\xxxxxxx\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\xxxxxxx\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\xxxxxxx\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\xxxxxxx\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\xxxxxxx\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> No action taken.
LVL 47

Expert Comment

ID: 23730632
Glad to know that the problem seems to be resolved.
If the problem persists just post back here with a Combofix log.

When all's well, you can turn off System Restore and flush those restore points, then turn it back on and immediately create a new restore point.
And also clean your temp folders using ATF Cleaner or CCleaner, or just manually empty them.

Thanks for the points!

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question