Techmonkeys.co.uk - Free Tech Support Forum :: View topic - removed antivirus 2009 and now IE7 browser does not work

	Advanced Search

Welcome to Omgili,
Omgili (Oh My God I Love It ;) is a search engine for discussions. With Omgili you can find answers and solutions, debates, discussions, personal experiences, opinions and more... To learn more about Omgili click here.

This is a complete preview of the discussion as it was indexed by Omgili crawlers. Use this preview if the original discussion is unavailable.
Click here to view the original discussion.


	Techmonkeys.co.uk - Free Tech Support Forum :: View topic - removed antivirus 2009 and now IE7 browser does not work I would like to start by saying that I probably am not posting my problem correctly, so please bear with me. Yesterday my son got a virus on his computer. I believe it was the Antivirus 2009 rogue anti-spyware program. I had the same virus on my computer and my daughters computer last month, which I removed with no problem. I thought I removed it from my son's computer, but now I cannot get into any web pages on Internet Explorer. A friend recommended deleting Norton System Works so I did and that and it didn't seem to help. I also installed Firefox so that I was able to have access to the internet. But I want Internet Explorer back. Also my son cannot log into his Star Wars Galaxies game now. And I cannot install windows updates or Windows Defender cannot check for updates either. Outlook Express seems to be working fine so I do have an internet connection. I have attached the log and the startuplist that I saved from Trend Micro Hijack. I hope someone can tell me what to do next. Thank you! OK.. I thought I attached the log, but I couldn't find it so I don't think it is allowed. Why not? I thought that was the whole point of Hijack. I don't know what to do next.


	Hi lc33, You should have no issues in attaching a HiJack this log on this website. The simplest way would be to just copy and paste the log in your post. It is always best to follow these steps http://www.techmonkeys.co.uk/forums/viewtopic.php?t=2011


	While we are waiting for your logs you can download this program to help clean your system. Please download Malwarebytes' Anti-Malware from Here . Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware , then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select " Perform Quick Scan ", then click Scan . The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked , and click Remove Selected . When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


	Thank you for your replies. I have downloaded and cleaned my system with the following programs. Windows Defender SUPERantispyware Uniblue Registry Booster RegCure There was one more, but I'm not at home, so I don't remember the name. It was more of a malware remover. I also downloaded Windows SP3 to see if that would fix any problems, and it did not. Ok here are my logs. I have a startuplist report and a regular log. Thanks Again! Startuplist StartupList report, 5/10/2009, 9:21:54 PM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16827) * Using default options Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime Symantec PIF AlertEng = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit NSRKey = C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide mozezujija = Rundll32.exe "C:\WINDOWS\system32\kegojofa.dll",s CPM972ed517 = Rundll32.exe "C:\WINDOWS\system32\ponasono.dll",a 941de68b = rundll32.exe "C:\WINDOWS\system32\goziduti.dll",b Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe Uniblue RegistryBooster 2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Registry value not found SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry value not found HKLM\..\Policies: Shell=Registry value not found Enumerating Browser Helper Objects: (no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - c:\windows\system32\xzvclyn.dll - {B0FAA47D-8C00-47C7-A6AD-0C55D1E3A9AB} (no name) - (no file) - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} (no name) - (no file) - {dac6907e-263a-40a0-b8bd-4267aea48c02} Enumerating Task Scheduler jobs: At1.job MP Scheduled Scan.job Enumerating Download Program Files: [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab [MySpace Uploader Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx CODEBASE = http://lads.myspace.com/upload/MySpaceUploader1006.cab [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Photo Upload Plugin Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Photochannel.dll CODEBASE = http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab? Enumerating Winsock LSP files: NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll End of report, 6,852 bytes Report generated in 0.031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:20:13 PM, on 5/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafinder.com/addsearch.asp?err=ADD&url= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> F2 - REG:system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O1 - Hosts: ::1 localhost O1 - Hosts: m antivirsystem.com O1 - Hosts: m www.antivirsystem.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {B0FAA47D-8C00-47C7-A6AD-0C55D1E3A9AB} - c:\windows\system32\xzvclyn.dll O2 - BHO: (no name) - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - (no file) O2 - BHO: (no name) - {dac6907e-263a-40a0-b8bd-4267aea48c02} - (no file) O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [mozezujija] Rundll32.exe "C:\WINDOWS\system32\kegojofa.dll",s O4 - HKLM\..\Run: [CPM972ed517] Rundll32.exe "C:\WINDOWS\system32\ponasono.dll",a O4 - HKLM\..\Run: [941de68b] rundll32.exe "C:\WINDOWS\system32\goziduti.dll",b O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [mozezujija] Rundll32.exe "C:\WINDOWS\system32\hosozaze.dll",s (User 'LOCAL SERVICE') O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab? O20 - Winlogon Notify: fdfggtlx - fdfggtlx.dll (file missing) O20 - Winlogon Notify: gejzsvya - C:\WINDOWS\SYSTEM32\xzvclyn.dll O20 - Winlogon Notify: yayaAsSK - yayaAsSK.dll (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7341 bytes


	Well you do have these on your machine. Parasite redirecting to fake security sites, member of the FakeAlert aka SmitFraud malware family - produces IEDefender, FilesSecure, MalwareBell, IE Antivirus or similar popups Post the log from MBAM when you get a chance and we will see what is left to take care of


	What is MBAM and how do I find the log?


	Never mind. I just now remembered the program you told me to download. I will do that in the next couple of hours when I get home from work. Thanks!


	Ok this is the log from MBAM Malwarebytes' Anti-Malware 1.36 Database version: 1945 Windows 5.1.2600 Service Pack 3 5/11/2009 9:15:07 PM mbam-log-2009-05-11 (21-15-07).txt Scan type: Quick Scan Objects scanned: 67606 Time elapsed: 4 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 17 Registry Values Infected: 5 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 20 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0faa47d-8c00-47c7-a6ad-0c55d1e3a9ab} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gejzsvya (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b0faa47d-8c00-47c7-a6ad-0c55d1e3a9ab} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fpyfwdlr (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fpyfwdlr (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fpyfwdlr (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\fpyfwdlr (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fpyfwdlr (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0faa47d-8c00-47c7-a6ad-0c55d1e3a9ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntload (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\xflock (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PostInstallC (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mozezujija (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm972ed517 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\941de68b (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\PerfInfo (Rogue.WinPerformance) -> Quarantined and deleted successfully. C:\WINDOWS\FLEOK (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\xzvclyn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\csazdqkx.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fdfggtlx.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vecgknkc.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xhmjpfby.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ywwqgupv.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cutpefb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\PerfInfo\r0JYHHcDb5wp.exe.bak (Rogue.WinPerformance) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sefosunu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM972ed517.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM972ed517.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.


	Oh and I could not check for updates because the program could not access the internet.

Discussion Title: removed antivirus 2009 and now IE7 browser does not work
Title Keywords: Techmonkeys.co.uk Free Tech Support Forum View topic removed antivirus 2009 browser does work

Omgili Home

About

FAQ

Plugins

Usenet