Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 bethaboo

bethaboo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 20 February 2009 - 01:04 PM

Hi,

I'm having a serious Virtumonde infection. I have tried various programs to remove it, including Spybot Search and Destroy, Ad Aware, Vundofix, VirtumondeBeGone, and FixVundo. None of these have managed to get rid of it from my computer. I am experiencing all the symptoms of a typical Virtumonde infection, including (but not confined to): internet connection issues, slow internet, continual pop-ups, inability to navigate to certain sites, and occcasionally after a restart, my icons and/or menu bar do not appear.

I have reason to believe the trojan has been in my computer now for several months and I am desperate to get it out. Please help! Thanks!


DDS (Ver_09-02-01.01) - NTFSx86
Run by Bethany Boulden at 9:55:35.00 on Fri 02/20/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.919 [GMT -8:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Documents and Settings\Bethany Boulden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bethany Boulden\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Bethany Boulden\Desktop\VundoFix.exe
C:\Program Files\Microsoft LifeCam\LifeTray.exe
C:\Documents and Settings\Bethany Boulden\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.bearflix.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {15083bb9-8aa2-431b-af75-fe1a815780d9} - c:\windows\system32\jkkHBTNH.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {26BB8CFD-FBA4-441C-A509-1D673CFC50F0} - No File
BHO: {2F4D88D6-9B47-4801-B093-B12AFBFC8C27} - No File
BHO: {513A1509-BB60-45B6-A9D4-5F26F32878C9} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google plugin: {5cc2f638-99ff-45d2-97c7-e30e83cf04d2} - ipv6sp.dll
BHO: {73425374-078a-4bfb-88ba-9d0e5454801e} - c:\windows\system32\zebipubo.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9A525253-C1DB-4BFD-8782-79C3E56D7FEF} - No File
BHO: {9ED423FE-9E16-4707-811B-5966CDAF8D8A} - No File
BHO: {ADE17664-8B8E-4150-81D1-BCF67B60F665} - No File
BHO: {9e4ab04c-3a74-7dea-fed4-5985fe7dbe3c}: {c3ebd7ef-5895-4def-aed7-47a3c40ba4e9} - c:\windows\system32\chdhcn.dll
BHO: CIEObjectObj Object: {ca13d72f-2dac-4d99-b08d-c5ea1c920e89} - c:\windows\IECodecPlg.dll
BHO: {F9F4A166-2BD1-4763-9E88-24138CCC32B5} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Google Update] "c:\documents and settings\bethany boulden\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB2075] command.com /c del "c:\windows\system32\toyekafo.dll_old"
uRunOnce: [SpybotDeletingD8178] cmd.exe /c del "c:\windows\system32\toyekafo.dll_old"
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [bisifiporu] Rundll32.exe "c:\windows\system32\laraguji.dll",s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CPM15774efe] Rundll32.exe "c:\windows\system32\fozamulo.dll",a
mRunOnce: [SpybotDeletingA9111] command.com /c del "c:\windows\system32\toyekafo.dll_old"
mRunOnce: [SpybotDeletingC6904] cmd.exe /c del "c:\windows\system32\toyekafo.dll_old"
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRun: [bisifiporu] Rundll32.exe "c:\windows\system32\zizureho.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154396351687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: qoMgddCs - qoMgddCs.dll
AppInit_DLLs: ijgneu.dll bgfhov.dll eihpbv.dll noxaid.dll kgyiil.dll qnilhg.dll oxxhmm.dll jxclaf.dll ksntwt.dll xvibhv.dll jqhtvi.dll gaeljk.dll hxupjm.dll genswo.dll c:\windows\system32\dimuboja.dll chdhcn.dll c:\windows\system32\toyekafo.dll c:\windows\system32\jatohatu.dll c:\windows\system32\fozamulo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fozamulo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\fozamulo.dll
SEH: {0db0263f-a555-4853-aef3-4d78331512b3} - c:\windows\system32\qoMgddCs.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\jkkHBTNH
LSA: Notification Packages = scecli c:\windows\system32\dimuboja.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bethan~1\applic~1\mozilla\firefox\profiles\gue4rbhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\bethany boulden\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\bethany boulden\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-7-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-7-23 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-7-23 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-7-23 10760]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-10 124832]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-7-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-7-23 49664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 gupdate1c8c3522276e632;Google Update Service (gupdate1c8c3522276e632);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104]

=============== Created Last 30 ================

2009-02-19 22:51 <DIR> --d----- c:\program files\Trend Micro
2009-02-19 22:47 1 a------- c:\windows\system32\rc.dat
2009-02-19 22:47 1 a------- c:\windows\system32\ps1.dat
2009-02-19 22:47 1 a------- c:\windows\system32\cs.dat
2009-02-19 22:47 1 a------- c:\windows\system32\cookie1.dat
2009-02-19 22:47 1 a------- c:\windows\system32\bb1.dat
2009-02-19 22:17 121 ---sh--- c:\windows\system32\elajofum.ini
2009-02-19 22:17 143,070 a--sh--- c:\windows\system32\slxwav.dll
2009-02-19 18:06 <DIR> --d----- C:\VundoFix Backups
2009-02-19 17:41 <DIR> --d----- c:\program files\XoftSpySE
2009-02-19 10:16 143,017 a--sh--- c:\windows\system32\oskkee.dll
2009-02-18 22:16 142,966 a--sh--- c:\windows\system32\gwoyly.dll
2009-02-18 10:16 144,132 a--sh--- c:\windows\system32\chdhcn.dll
2009-02-17 22:16 144,154 a--sh--- c:\windows\system32\byupvp.dll
2009-02-17 10:15 143,943 a--sh--- c:\windows\system32\yvfbln.dll
2009-02-16 22:15 142,945 a--sh--- c:\windows\system32\vvdmzh.dll
2009-02-16 10:15 144,202 a--sh--- c:\windows\system32\bjvsme.dll
2009-02-15 22:15 144,183 a--sh--- c:\windows\system32\cbmvug.dll
2009-02-15 10:14 143,073 a--sh--- c:\windows\system32\zxniar.dll
2009-02-14 22:14 143,157 a--sh--- c:\windows\system32\sfmugd.dll
2009-02-14 10:14 143,112 a--sh--- c:\windows\system32\comagu.dll
2009-02-13 20:38 143,028 a--sh--- c:\windows\system32\igmmag.dll
2009-02-13 08:38 144,111 a--sh--- c:\windows\system32\xenzuz.dll
2009-02-12 20:37 144,172 a--sh--- c:\windows\system32\nxcvas.dll
2009-02-12 08:37 143,016 a--sh--- c:\windows\system32\mszisl.dll
2009-02-11 22:41 142,957 a--sh--- c:\windows\system32\omtwax.dll
2009-02-11 10:41 2,713 ---sh--- c:\windows\system32\powenewe.dll
2009-02-11 10:40 144,125 a--sh--- c:\windows\system32\xewqzh.dll
2009-02-10 22:40 142,913 a--sh--- c:\windows\system32\ccwuex.dll
2009-02-10 10:30 36,352 a------- c:\windows\system32\xxyvutSK.dll
2009-02-10 10:30 36,352 a------- c:\windows\system32\tuvTljkK.dll
2009-02-10 09:39 143,131 a--sh--- c:\windows\system32\gzkjki.dll
2009-02-09 20:35 140,553 a--sh--- c:\windows\system32\qbsuqq.dll
2009-02-09 12:33 36,352 a------- c:\windows\system32\jkkJcAtR.dll
2009-02-09 12:33 36,352 a------- c:\windows\system32\hgGATlMc.dll
2009-02-09 08:35 142,109 a--sh--- c:\windows\system32\jqtifs.dll
2009-02-08 20:18 140,447 a--sh--- c:\windows\system32\duxgfo.dll
2009-02-04 20:15 142,528 a--sh--- c:\windows\system32\megdnr.dll
2009-02-04 10:59 36,352 a------- c:\windows\system32\opnnomKB.dll
2009-02-04 08:16 2,713 ---sh--- c:\windows\system32\fikeniji.dll
2009-02-04 08:15 142,470 a--sh--- c:\windows\system32\nwwbkm.dll
2009-02-03 22:58 36,352 a------- c:\windows\system32\qoMcbbaA.dll
2009-02-03 22:58 36,352 a------- c:\windows\system32\efcDtrOg.dll
2009-02-03 21:45 36,352 a------- c:\windows\system32\wvUljHaA.dll
2009-02-03 21:44 36,352 a------- c:\windows\system32\khfDsqpP.dll
2009-02-03 19:47 133,817 a--sh--- c:\windows\system32\bhlyyd.dll
2009-02-03 07:47 133,923 a--sh--- c:\windows\system32\zfvajg.dll
2009-02-02 14:01 36,352 a------- c:\windows\system32\ssqQhiGA.dll
2009-02-02 14:01 36,352 a------- c:\windows\system32\khfCuUKC.dll
2009-02-02 11:22 2,713 ---sh--- c:\windows\system32\yokumavu.dll
2009-02-02 11:22 134,273 a--sh--- c:\windows\system32\zsvmrq.dll
2009-02-02 00:33 36,352 a------- c:\windows\system32\efcbCUND.dll
2009-02-02 00:33 36,352 a------- c:\windows\system32\jkkIBQGY.dll
2009-02-01 23:21 135,322 a--sh--- c:\windows\system32\ovyoym.dll
2009-02-01 11:21 135,345 a--sh--- c:\windows\system32\kgspqm.dll
2009-01-31 23:26 1 a------- c:\windows\system32\tb.dr
2009-01-31 23:20 133,436 a--sh--- c:\windows\system32\spokyz.dll
2009-01-31 11:20 135,488 a--sh--- c:\windows\system32\jccreb.dll
2009-01-31 09:56 40,960 a------- c:\windows\system32\ipv6sp.dll
2009-01-31 09:56 1 a------- c:\windows\system32\ak
2009-01-30 23:20 133,317 a--sh--- c:\windows\system32\fpsjva.dll
2009-01-30 21:35 36,352 a------- c:\windows\system32\vtUoMGvw.dll
2009-01-30 21:35 36,352 a------- c:\windows\system32\cbXNHArO.dll
2009-01-30 11:20 135,254 a--sh--- c:\windows\system32\pruvcl.dll
2009-01-29 23:20 133,219 a--sh--- c:\windows\system32\fujehf.dll
2009-01-29 11:19 135,336 a--sh--- c:\windows\system32\jydxjv.dll
2009-01-28 23:19 133,387 a--sh--- c:\windows\system32\sdxepd.dll
2009-01-28 21:51 36,352 a------- c:\windows\system32\khfEWPgD.dll
2009-01-28 21:51 36,352 a------- c:\windows\system32\byXPifdd.dll
2009-01-28 11:19 133,318 a--sh--- c:\windows\system32\fhuqes.dll
2009-01-27 23:19 135,497 a--sh--- c:\windows\system32\zejmum.dll
2009-01-27 21:42 36,352 a------- c:\windows\system32\opnoPFyA.dll
2009-01-27 21:42 36,352 a------- c:\windows\system32\khfDtUMg.dll
2009-01-27 13:26 27,784 a------- c:\windows\system32\drivers\point32.sys
2009-01-27 13:26 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2009-01-27 11:18 2,713 ---sh--- c:\windows\system32\lozupuvo.dll
2009-01-27 11:18 135,337 a--sh--- c:\windows\system32\lsqokg.dll
2009-01-26 23:18 140,919 a--sh--- c:\windows\system32\ageyzr.dll
2009-01-26 11:18 2,713 ---sh--- c:\windows\system32\hiduhadi.dll
2009-01-26 11:17 141,085 a--sh--- c:\windows\system32\ucpoem.dll
2009-01-25 23:17 133,259 a--sh--- c:\windows\system32\yycppe.dll
2009-01-25 12:28 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-01-25 12:24 <DIR> --d----- c:\program files\Skype
2009-01-25 11:16 134,395 a--sh--- c:\windows\system32\lcfkoc.dll
2009-01-25 00:19 36,864 a------- c:\windows\system32\tuvTjHXN.dll
2009-01-25 00:19 36,864 a------- c:\windows\system32\yayyWpOh.dll
2009-01-24 23:16 133,418 a--sh--- c:\windows\system32\hcvmlk.dll
2009-01-24 22:17 185,704 a------- c:\windows\system32\cVX3000.dll
2009-01-24 22:17 111,976 a------- c:\windows\VX3000.dll
2009-01-24 22:17 15,498 a------- c:\windows\VX3000.ini
2009-01-24 22:17 13,023 a------- c:\windows\VX3000.src
2009-01-24 22:17 1,966,696 a------- c:\windows\system32\drivers\VX3000.sys
2009-01-24 22:17 709,992 a------- c:\windows\vVX3000.exe
2009-01-24 22:17 476,520 a------- c:\windows\vVX3000.dll
2009-01-24 22:17 202,088 a------- c:\windows\system32\LCCoin14.dll
2009-01-24 22:14 <DIR> --d----- c:\program files\Microsoft LifeCam
2009-01-24 11:16 133,436 a--sh--- c:\windows\system32\oucqhj.dll
2009-01-24 10:16 134,454 a--sh--- c:\windows\system32\szscut.dll
2009-01-23 22:16 2,713 ---sh--- c:\windows\system32\laweviri.dll
2009-01-23 22:15 133,436 a--sh--- c:\windows\system32\bsuocl.dll
2009-01-23 10:15 2,713 ---sh--- c:\windows\system32\sibifoza.dll
2009-01-23 10:15 133,437 a--sh--- c:\windows\system32\genswo.dll
2009-01-22 22:15 2,713 ---sh--- c:\windows\system32\keturige.dll
2009-01-22 22:15 133,202 a--sh--- c:\windows\system32\hxupjm.dll
2009-01-22 10:15 133,295 a--sh--- c:\windows\system32\gaeljk.dll
2009-01-22 10:15 2,713 ---sh--- c:\windows\system32\vopegoze.dll
2009-01-21 22:14 133,291 a--sh--- c:\windows\system32\lgtqib.dll
2009-01-21 10:14 133,335 a--sh--- c:\windows\system32\kbkxaz.dll

==================== Find3M ====================

2009-02-19 22:17 108,322 a--sh--- c:\windows\system32\fozamulo.dll
2009-02-19 22:17 143,070 a--sh--- c:\windows\system32\gikuyaju.dll
2009-02-19 22:17 95,402 a--sh--- c:\windows\system32\mufojale.dll
2009-02-19 10:16 143,017 a--sh--- c:\windows\system32\rihinopu.dll
2009-02-18 22:16 95,553 -------- c:\windows\system32\rudukiha.dll
2009-02-18 22:16 142,966 a--sh--- c:\windows\system32\nipiduja.dll
2009-02-18 22:16 109,641 a--sh--- c:\windows\system32\koligize.dll
2009-02-18 10:16 107,576 a--sh--- c:\windows\system32\zabotepi.dll
2009-02-18 10:16 144,132 a--sh--- c:\windows\system32\dabukido.dll
2009-02-18 10:16 95,425 a--sh--- c:\windows\system32\voterufi.dll
2009-02-17 22:16 144,154 a--sh--- c:\windows\system32\radaludi.dll
2009-02-17 22:16 110,361 a--sh--- c:\windows\system32\boparuni.dll
2009-02-17 10:15 95,348 -------- c:\windows\system32\ramujino.dll
2009-02-17 10:15 143,943 a--sh--- c:\windows\system32\hiliteru.dll
2009-02-17 10:15 107,788 a--sh--- c:\windows\system32\vevafova.dll
2009-02-16 22:15 142,945 a--sh--- c:\windows\system32\fabokulo.dll
2009-02-16 22:15 95,484 -------- c:\windows\system32\tisivowi.dll
2009-02-16 10:15 110,281 a--sh--- c:\windows\system32\buzewayo.dll
2009-02-16 10:15 144,202 a--sh--- c:\windows\system32\misuruye.dll
2009-02-16 10:15 95,461 -------- c:\windows\system32\logowaha.dll
2009-02-15 22:15 109,356 a--sh--- c:\windows\system32\zohudomi.dll
2009-02-15 22:15 144,183 a--sh--- c:\windows\system32\kuvunuro.dll
2009-02-15 22:15 95,342 -------- c:\windows\system32\rosipeti.dll
2009-02-15 10:14 110,272 a--sh--- c:\windows\system32\hulageto.dll
2009-02-15 10:14 143,073 a--sh--- c:\windows\system32\polumati.dll
2009-02-15 10:14 95,424 -------- c:\windows\system32\yiluhifi.dll
2009-02-14 22:14 95,336 -------- c:\windows\system32\vobahela.dll
2009-02-14 22:14 143,157 a--sh--- c:\windows\system32\hivitefe.dll
2009-02-14 22:14 109,864 a--sh--- c:\windows\system32\zulavive.dll
2009-02-14 10:14 143,112 a--sh--- c:\windows\system32\kohuguvi.dll
2009-02-14 10:14 107,633 a--sh--- c:\windows\system32\ziwupume.dll
2009-02-14 10:14 95,519 -------- c:\windows\system32\lamaparu.dll
2009-02-13 20:38 108,169 a--sh--- c:\windows\system32\relesadu.dll
2009-02-13 20:38 143,028 a--sh--- c:\windows\system32\yetimasa.dll
2009-02-13 20:38 95,467 -------- c:\windows\system32\tuwoyovu.dll
2009-02-13 08:38 109,793 a--sh--- c:\windows\system32\suyiwuyi.dll
2009-02-13 08:38 144,111 a--sh--- c:\windows\system32\sawayuju.dll
2009-02-13 08:38 95,348 -------- c:\windows\system32\mafabalu.dll
2009-02-12 20:37 110,215 a--sh--- c:\windows\system32\saneneje.dll
2009-02-12 20:37 144,172 a--sh--- c:\windows\system32\tukeriri.dll
2009-02-12 20:37 95,410 -------- c:\windows\system32\sanoyeyi.dll
2009-02-12 08:37 143,016 a--sh--- c:\windows\system32\diveredi.dll
2009-02-12 08:37 95,396 -------- c:\windows\system32\budaluyo.dll
2009-02-11 22:41 73,552 a--sh--- c:\windows\system32\fowoluye.dll
2009-02-11 22:41 142,957 a--sh--- c:\windows\system32\vitetija.dll
2009-02-11 22:41 102,039 -------- c:\windows\system32\yaponema.dll
2009-02-11 10:40 102,119 -------- c:\windows\system32\tazeyubo.dll
2009-02-11 10:40 144,125 a--sh--- c:\windows\system32\fofikeye.dll
2009-02-11 10:40 109,864 a--sh--- c:\windows\system32\jujukeyo.dll
2009-02-10 22:40 142,913 a--sh--- c:\windows\system32\fifiteko.dll
2009-02-10 22:40 108,737 a--sh--- c:\windows\system32\dukotova.dll
2009-02-10 22:40 102,139 -------- c:\windows\system32\bosurezo.dll
2009-02-10 09:39 108,307 a--sh--- c:\windows\system32\gikatuma.dll
2009-02-10 09:39 143,131 a--sh--- c:\windows\system32\nosadepu.dll
2009-02-09 20:35 109,183 a--sh--- c:\windows\system32\vurinigu.dll
2009-02-09 20:35 140,553 a--sh--- c:\windows\system32\zeyeloja.dll
2009-02-09 20:35 101,979 -------- c:\windows\system32\fogokili.dll
2009-02-09 08:35 142,109 a--sh--- c:\windows\system32\govepezi.dll
2009-02-09 08:35 72,820 a--sh--- c:\windows\system32\dagihama.dll
2009-02-09 08:35 108,688 a--sh--- c:\windows\system32\hirodula.dll
2009-02-09 08:35 102,180 -------- c:\windows\system32\yubutige.dll
2009-02-08 20:18 140,447 a--sh--- c:\windows\system32\jifetahi.dll
2009-02-08 20:18 107,755 a--sh--- c:\windows\system32\pewodaju.dll
2009-02-08 20:18 103,140 -------- c:\windows\system32\tahidazu.dll
2009-02-04 20:15 142,528 a--sh--- c:\windows\system32\bepadeha.dll
2009-02-04 20:15 107,644 a--sh--- c:\windows\system32\romakiwi.dll
2009-02-04 20:15 101,686 a--sh--- c:\windows\system32\gorikava.dll
2009-02-04 08:15 142,470 a--sh--- c:\windows\system32\javiyatu.dll
2009-02-04 08:15 109,314 a--sh--- c:\windows\system32\buhojazi.dll
2009-02-03 19:47 133,817 a--sh--- c:\windows\system32\dalepeme.dll
2009-02-03 19:47 100,633 a--sh--- c:\windows\system32\nasuheno.dll
2009-02-03 19:47 91,802 -------- c:\windows\system32\luyudade.dll
2009-02-03 07:47 93,402 -------- c:\windows\system32\lezimazo.dll
2009-02-03 07:47 133,923 a--sh--- c:\windows\system32\polumubi.dll
2009-02-03 07:47 100,637 a--sh--- c:\windows\system32\bekeyike.dll
2009-02-02 11:22 93,483 -------- c:\windows\system32\korutoti.dll
2009-02-02 11:22 134,273 a--sh--- c:\windows\system32\mekodaze.dll
2009-02-02 11:22 101,037 a--sh--- c:\windows\system32\rusipaju.dll
2009-02-01 23:21 135,322 a--sh--- c:\windows\system32\wowafusi.dll
2009-02-01 23:21 86,789 -------- c:\windows\system32\kigufape.dll
2009-02-01 23:21 100,628 a--sh--- c:\windows\system32\mawayene.dll
2009-02-01 11:21 135,345 a--sh--- c:\windows\system32\devewebu.dll
2009-02-01 11:21 98,924 a--sh--- c:\windows\system32\pitepivo.dll
2009-02-01 11:21 86,091 -------- c:\windows\system32\zuhotuzo.dll
2009-01-31 23:21 100,616 a--sh--- c:\windows\system32\waminuga.dll
2009-01-31 23:20 133,436 a--sh--- c:\windows\system32\kozavogo.dll
2009-01-31 23:20 86,185 -------- c:\windows\system32\duyutivu.dll
2009-01-31 11:20 86,171 -------- c:\windows\system32\zoweleko.dll
2009-01-31 11:20 135,488 a--sh--- c:\windows\system32\fehitiya.dll
2009-01-31 11:20 100,637 a--sh--- c:\windows\system32\tomegoda.dll
2009-01-30 23:20 133,317 a--sh--- c:\windows\system32\pisufese.dll
2009-01-30 23:20 100,517 a--sh--- c:\windows\system32\vuberija.dll
2009-01-30 23:20 86,122 -------- c:\windows\system32\fadizala.dll
2009-01-30 11:20 86,303 -------- c:\windows\system32\wozogeru.dll
2009-01-30 11:20 135,254 a--sh--- c:\windows\system32\noguwume.dll
2009-01-30 11:20 100,051 a--sh--- c:\windows\system32\ribivome.dll
2009-01-29 23:20 133,219 a--sh--- c:\windows\system32\fidapude.dll
2009-01-29 23:20 100,505 a--sh--- c:\windows\system32\kovosuzu.dll
2009-01-29 23:20 86,830 -------- c:\windows\system32\hininoke.dll
2009-01-29 11:19:58 A--SH--- 135,336 c:\windows\system32\jozaname.dll
2006-07-31 20:28 22 a--sh--- c:\windows\sminst\HPCD.sys
0000-00-00 00:00 73,552 a--sh--- c:\windows\system32\dimuboja.dll
0000-00-00 00:00 53,248 a--sh--- c:\windows\system32\gajapuda.dll
0000-00-00 00:00 84,992 a--sh--- c:\windows\system32\juyimuri.dll
0000-00-00 00:00 73,552 a--sh--- c:\windows\system32\laraguji.dll
0000-00-00 00:00 60,416 a--sh--- c:\windows\system32\nokihuve.dll
0000-00-00 00:00 77,312 a--sh--- c:\windows\system32\watitatu.dll
0000-00-00 00:00 114,688 a--sh--- c:\windows\system32\yiyenufo.dll
0000-00-00 00:00 73,552 a--sh--- c:\windows\system32\zebipubo.dll
2008-10-06 06:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100620081007\index.dat

============= FINISH: 9:58:59.48 ===============

Attached Files


Edited by bethaboo, 20 February 2009 - 01:05 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:26 AM

Posted 20 February 2009 - 01:51 PM

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

First of all, uninstall the outdated version of AVG and install the latest version AVG8.
Let it update and then perform a full scan and quarantine everything it is finding.
Reboot afterwards.

After reboot, rescan with DDS and post a new DDS log in your next reply. Then we'll start from there.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:26 AM

Posted 01 March 2009 - 12:39 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users