VundoFix does not report any files found.
My Internet Explorer window has a line of red text at the top saying "too many errors WERE found on your system. Possibly IT WAS THE RESULT of a virus attack. YOU MUST SCAN YOUR SYSTEM."
After about 2 minutes of idle time Internet Explorer jumps to a site address hxxp://real-av.org/?code=3
Microsoft Outlook is unable to download email.
I have a new icon on the taskbar. It is a white cross in a red circle, it has a tooltip attached which says "Your computer is infected! it is recommended to start spyware cleaner tool"
Thankyou for your help.
DDS (Ver_09-01-07.01) - FAT32x86
Run by Administrator at 15:44:21.32 on Tue 13/01/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.314 [GMT 11:00]
============== Running Processes ===============
C:\WIN2000\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WIN2000\system32\acs.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WIN2000\system32\hidserv.exe
C:\WIN2000\System32\nvsvc32.exe
C:\WIN2000\system32\regsvc.exe
C:\WIN2000\system32\MSTask.exe
C:\WIN2000\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WIN2000\System32\WBEM\WinMgmt.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WIN2000\Explorer.EXE
C:\WIN2000\SOUNDMAN.EXE
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WIN2000\system32\frmwrk32.exe
C:\WIN2000\system32\internat.exe
C:\WIN2000\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firetrust\Benign\B9.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Ontrack\PowerDesk\PDDLGHLP.EXE
C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WIN2000\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
C:\Documents and Settings\Administrator.HOME\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
BHO: {49350ec7-847d-7ec9-7424-7f8fb8d44885}: {58844d8b-f8f7-4247-9ce7-d7487ce05394} - c:\win2000\system32\mgfbkz.dll
BHO: {5b64d212-f925-4df4-bcc0-b1b0d1a1f299} - c:\win2000\system32\byXOeFuT.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\win2000\system32\ddcCVNFV.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
uRun: [internat.exe] internat.exe
uRun: [NvMediaCenter] RUNDLL32.EXE c:\win2000\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [b9] c:\program files\firetrust\benign\B9.exe /minimize
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\win2000\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\win2000\system32\NeroCheck.exe
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [eTrustPPAP] "c:\program files\ca\etrust pestpatrol\PPActiveDetection.exe"
mRun: [CaAvTray] "c:\program files\ca\etrust vet antivirus\CAVTray.exe"
mRun: [CAVRID] "c:\program files\ca\etrust vet antivirus\CAVRID.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [Framework Windows] frmwrk32.exe
mRun: [0f2e7b06] rundll32.exe "c:\win2000\system32\qbqdjwlg.dll",b
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRun: [internat.exe] internat.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\admini~2.hom\startm~1\programs\startup\dialog~1.lnk - c:\program files\ontrack\powerdesk\PDDLGHLP.EXE
StartupFolder: c:\docume~1\admini~2.hom\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn311\wlancfg5.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\win2000\system32\msjava.dll
LSP: c:\docume~1\chriss~1.hom\locals~1\temp\ntdll64.dll
LSP: c:\win2000\system32\VetRedir.dll
TCP: {2D30D527-E85D-4236-9116-C8E4304CB9E5} = 61.9.133.193,61.9.134.49
TCP: {96A8EF37-387B-42C5-ACD6-13135EEBC6D8} = 144.140.70.30,144.140.71.16
Notify: ddcCVNFV - ddcCVNFV.dll
AppInit_DLLs: mgfbkz.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\win2000\system32\ddcCVNFV.dll
LSA: Authentication Packages = msv1_0 c:\win2000\system32\byXOeFuT
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~2.hom\applic~1\mozilla\firefox\profiles\default.qm5\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\mozilla firefox\components\qfaservices.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\xpinstall.js - pref("xpinstall.manual_confirm", true);
c:\program files\mozilla firefox\greprefs\xpinstall.js - pref("xpinstall.notifications.enabled", true);
c:\program files\mozilla firefox\greprefs\xpinstall.js - pref("xpinstall.notifications.interval", 1);
c:\program files\mozilla firefox\greprefs\xpinstall.js - pref("xpinstall.notifications.lastDate", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.block.target_new_window", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.popup_allowed_events", "change click dblclick reset submit");
c:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.negotiate-auth.trusted-uris", "https://");
c:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.clipboardtextmode", 3);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version", "0.9");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.app.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.app.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.app.updatesAvailable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.app.updateVersion", "");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.app.updateDescription", "");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.app.updateURL", "");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.extensions.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.extensions.autoUpdate", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 604800000); // every 7 days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.lastUpdateDate", 0); // UTC offset when last update was performed.
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.extensions.count", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.disable_open_during_load", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("javascript.options.showInConsole", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("network.protocols.useSystemDefaults", false); // set to true if user links should use system default handlers
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("network.protocol-handler.external.news" , true); // for news
============= SERVICES / DRIVERS ===============
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632]
R1 VET-FILT;VET File System Filter;c:\win2000\system32\drivers\Vet-Filt.sys [2004-9-5 21031]
R1 VET-REC;VET File System Recognizer;c:\win2000\system32\drivers\Vet-Rec.sys [2004-9-5 15478]
R1 VETEFILE;VET File Scan Engine;c:\win2000\system32\drivers\VetEFile.sys [2006-9-10 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\win2000\system32\drivers\VetFDDNT.sys [2004-9-5 15735]
R1 VETMONNT;VET File Monitor;c:\win2000\system32\drivers\vetmonnt.sys [2006-9-10 26787]
R3 usbhub20;USB 2.0 Root Hub Support;c:\win2000\system32\drivers\usbhub20.sys [2004-8-21 49776]
R3 VETEBOOT;VET Boot Scan Engine;c:\win2000\system32\drivers\VetEBoot.sys [2006-9-10 108360]
R3 yukonw2k;NDIS5 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\win2000\system32\drivers\yukonw2k.sys [2003-12-23 174464]
R4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R4 ETDrv;ETDrv;c:\win2000\system32\drivers\ETDrv.sys [2004-8-21 170128]
S3 Addhid;Addhid; [x]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\win2000\system32\drivers\k600bus.sys [2005-9-4 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\win2000\system32\drivers\k600mdfl.sys [2005-9-4 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\win2000\system32\drivers\k600mdm.sys [2005-9-4 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\win2000\system32\drivers\k600mgmt.sys [2005-9-4 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\win2000\system32\drivers\k600obex.sys [2005-9-4 77072]
S3 LCcfltr;Logitech USB Filter Driver;c:\win2000\system32\drivers\LCcfltr.sys [2004-2-20 14095]
S3 mapmem_dv;mapmem_dv;\??\c:\mapmem.tmp --> c:\mapmem.tmp [?]
S4 CAISafe;CAISafe;c:\program files\ca\etrust vet antivirus\iSafe.exe [2006-9-10 259624]
S4 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2004-2-11 200771]
S4 VETMSGNT;VET Message Service;c:\program files\ca\etrust vet antivirus\VetMsg.exe [2006-9-10 202280]
=============== Created Last 30 ================
2009-01-13 14:58 16,384 a------- c:\win2000\system32\Perflib_Perfdata_620.dat
2009-01-13 14:58 410,984 a------- c:\win2000\system32\deploytk.dll
2009-01-13 14:58 73,728 a------- c:\win2000\system32\javacpl.cpl
2009-01-13 12:11 1,271,136 ---sh--- c:\win2000\system32\glwjdqbq.ini
2009-01-13 12:11 72,704 a------- c:\win2000\system32\qbqdjwlg.dll
2009-01-13 12:09 129,024 a------- c:\win2000\system32\mgfbkz.dll
2009-01-13 12:09 129,024 a------- c:\win2000\system32\qnqftdpn.dll
2009-01-13 12:08 444,917 a--sh--- c:\win2000\system32\TuFeOXyb.ini2
2009-01-13 12:08 444,917 a--sh--- c:\win2000\system32\TuFeOXyb.ini
2009-01-13 12:08 302,592 a------- c:\win2000\system32\byXOeFuT.dll
2009-01-10 20:10 <DIR> --d----- C:\VundoFix Backups
2009-01-10 19:39 <DIR> --d----- c:\program files\Enigma Software Group
2009-01-10 18:11 1,347 a------- c:\win2000\system32\ahtn.htm
2009-01-10 18:11 4,785 a------- c:\win2000\system32\warning.gif
2009-01-10 18:11 111,616 a------- c:\win2000\system32\ntdll64.exe
==================== Find3M ====================
2008-12-10 08:52 34,816 a------- c:\win2000\system32\ddcCVNFV.dll
2008-12-07 14:11 23,552 a------- c:\win2000\system32\frmwrk32.exe
2008-10-16 14:13 1,809,944 a------- c:\win2000\system32\dllcache\wuaueng.dll
2008-10-16 14:09 92,696 a------- c:\win2000\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\win2000\system32\dllcache\wuauclt.exe
2007-03-21 17:53 300,680 -------- c:\docume~1\alluse~2.win\applic~1\arclib.dll
2005-03-29 14:37 456,384 a------- c:\win2000\inf\wpn311\WPN311.sys
2005-01-27 10:59 35,232 a------- c:\win2000\inf\wpn311\ME_INST.EXE
2005-01-27 10:59 26,112 a------- c:\win2000\inf\wpn311\install.exe
2004-08-21 17:33 21,952 ----h--- c:\program files\folder.htt
2004-08-21 17:33 271 ----h--- c:\program files\desktop.ini
1999-12-07 12:00 32,528 a------- c:\win2000\inf\wbfirdma.sys
============= FINISH: 15:44:34.34 ===============
Attached Files
Edited by miekiemoes, 13 January 2009 - 06:00 AM.
malicious link disabled