Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A solution pleezzzzzzzzzzzzzzz!


  • Please log in to reply
1 reply to this topic

#1 futuradrama

futuradrama

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 24 January 2009 - 01:20 PM

Peace N Paradise!, My pc is currently infected with TrojanVundo.h, Virtumonde, & another Ad-Aware 2007 keeps finding called Unclassified.Unknown origin. I have used the following so-called utilities 2 eliminate the problem - Glary reg repair, Malwarebytes Anti Malware, Registry Mechanic Spybot Search & Destroy, SUPERAntiSpyware, Sysinpector, Trojan Killer, Windows Defender, & VundoFix in normal & safemode to no avail. When i reboot, Guess what? Yeah! its still active & present. I use ESET Nod32 Antivirus. Does anyone have a solution to my infection? Here the requested log. Thanks 4 ur time N energy...





DDS (Ver_09-01-19.01) - NTFSx86
Run by User at 10:28:38.23 on Sat 01/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1470 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Snaptune Inc\Snaptune One\SnapRec.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Snaptune Inc\Snaptune One\SnapTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XM4P7OL8\dds[1].scr

============== Pseudo HJT Report ===============

mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
BHO: {6fdf0673-47a4-4336-810e-3629ce5f3b57}: {75b3f5ec-9263-e018-6334-4a743760fdf6}
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A35DB5FD-82EF-460F-B0B0-BDB4722B6F7F} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [nwiz] nwiz.exe /install
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware 2007\Ad-Watch2007.exe
mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BarbieGirlsTray] c:\program files\mattel\barbie girls\Mattel.BarbieGirls.Tray.exe
mRun: [<NO NAME>]
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\user\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\program files\wireless device\wireless keyboard\Magickey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~2.lnk - c:\program files\wireless device\wireless mouse\MouseAp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snaptu~1.lnk - c:\program files\snaptune inc\snaptune one\SnapTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: wbsys.dll zczbtl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\lwocxonx.default\
FF - prefs.js: browser.startup.homepage - hxxp://hamptonroads.cox.net/cci/home
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: XUL Cache: {5987FF76-946F-41BF-ADE1-9D87A3B9B448} - c:\windows\system32\config\systemprofile\local settings\application data\{5987ff76-946f-41bf-ade1-9d87a3b9b448}\

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-12-7 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-12-7 52736]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-11 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-11 394952]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2008-2-19 472644]
R4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R4 Snaptune Recording Service;Snaptune Recording Service;c:\program files\snaptune inc\snaptune one\SnapRec.exe [2007-10-12 573440]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-8-7 9344]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-01-19 11:37 24,576 a------- c:\windows\system32\VundoFixSVC.exe
2009-01-19 11:25 <DIR> --d----- C:\VundoFix Backups
2009-01-13 17:55 <DIR> --d----- c:\program files\CyberPower PowerPanel Personal Edition
2009-01-13 17:54 <DIR> --d----- c:\program files\common files\Zero G Software
2009-01-13 17:52 10,240 ac------ c:\windows\system32\dllcache\compbatt.sys
2009-01-13 17:52 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-01-13 17:52 20,352 ac------ c:\windows\system32\dllcache\hidbatt.sys
2009-01-13 17:52 20,352 a------- c:\windows\system32\drivers\hidbatt.sys
2009-01-13 17:52 14,208 ac------ c:\windows\system32\dllcache\battc.sys
2009-01-13 17:52 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-01-11 08:02 0 a------- c:\windows\system32\drivers\senekawbmqdngc.sys
2009-01-10 23:53 <DIR> --d----- c:\program files\Trojan Killer
2009-01-10 21:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-10 21:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-10 21:42 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-01-07 11:27 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-12-25 14:07 <DIR> --d----- c:\docume~1\user\applic~1\Mattel
2008-12-25 14:06 <DIR> --d----- c:\program files\Mattel

==================== Find3M ====================

2009-01-24 10:28 230,545,440 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-24 05:40 2,704,484 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-08-23 06:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 10:29:40.48 ===============
Untill Our Mindz Meet Again!!!

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:57 PM

Posted 26 January 2009 - 09:56 AM

Hello Futuradrama and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users