Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan vundo and zlob trojan, antivirus pro 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 kelly977

kelly977

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 01 March 2009 - 07:21 PM

I've been experiencing numerous pop ups for fake antivirus programs and other ads. My anti virus program says my computer is infected with trojans, such as zlob and vundo. Also, I think the fake AntiVirus Pro 2009 is installed on my computer. My computer is running extremely slow.


DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 19:01:22.30 on Sun 03/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.168 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Google plugin: {5cc2f638-99ff-45d2-97c7-e30e83cf04d2} - ipv6sp.dll
BHO: {62d2bef7-5a4e-4628-bd22-56898ffe123f} - c:\windows\system32\yejudili.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\iifDWOGv.dll
BHO: {7019dd45-f36e-43ab-bc27-39398f2c4f7a} - c:\windows\system32\rqRjheDW.dll
BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No File
BHO: {11c9ab66-6e84-65db-ff04-292a83ec812c}: {c218ce38-a292-40ff-bd56-48e666ba9c11} - c:\windows\system32\bzyqdl.dll
BHO: {d735c4e0-b054-4704-8c67-5534a89d2070} - c:\windows\system32\cbXNeeBR.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SpyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter3.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [nusuyofaro] Rundll32.exe "c:\windows\system32\davapefu.dll",s
mRun: [CPM2ea7fa30] Rundll32.exe "c:\windows\system32\kagohuwu.dll",a
mRun: [2d94c9ac] rundll32.exe "c:\windows\system32\likebowa.dll",b
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: whataboutadog.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187723302875
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191514714046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: iifDWOGv - iifDWOGv.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: nnkxcf.dll c:\windows\system32\lojulizi.dll c:\windows\system32\kabujupe.dll c:\windows\system32\nodededa.dll cvriqv.dll c:\windows\system32\kagohuwu.dll c:\windows\system32\hiboyihe.dll c:\windows\system32\zuvararo.dll c:\windows\system32\sidubage.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kagohuwu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\kagohuwu.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\iifDWOGv.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll, mcenspc.dll
LSA: Notification Packages = scecli c:\windows\system32\lojulizi.dll c:\windows\system32\nodededa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\27298qvm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-15 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-23 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090222.003\naveng.sys [2009-2-22 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090222.003\navex15.sys [2009-2-22 876144]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]

=============== Created Last 30 ================

2009-03-01 17:30 1,665,518 ---sh--- c:\windows\system32\awobekil.ini
2009-03-01 17:29 144,384 a--sh--- c:\windows\system32\bzyqdl.dll
2009-02-27 08:49 1,665,518 ---sh--- c:\windows\system32\unezituw.ini
2009-02-27 08:49 143,360 a--sh--- c:\windows\system32\cvriqv.dll
2009-02-26 20:49 1,665,505 ---sh--- c:\windows\system32\asojovej.ini
2009-02-26 20:49 144,384 a--sh--- c:\windows\system32\zuqpsr.dll
2009-02-26 08:49 1,763,485 ---sh--- c:\windows\system32\utigesuv.ini
2009-02-26 08:49 142,848 a--sh--- c:\windows\system32\mynjpg.dll
2009-02-25 20:48 143,360 a--sh--- c:\windows\system32\dtfkeh.dll
2009-02-25 08:48 144,384 a--sh--- c:\windows\system32\itfagk.dll
2009-02-24 21:36 3,510 a------- c:\documents and settings\hp_administrator\akcmd.dat
2009-02-24 20:48 1,763,472 ---sh--- c:\windows\system32\owomewih.ini
2009-02-24 20:47 145,408 a--sh--- c:\windows\system32\xxksmq.dll
2009-02-24 08:48 1,608,251 ---sh--- c:\windows\system32\adijilob.ini
2009-02-24 08:48 142,848 a--sh--- c:\windows\system32\bcrwkm.dll
2009-02-23 13:58 144,384 a--sh--- c:\windows\system32\esfzpl.dll
2009-02-23 01:58 143,872 a--sh--- c:\windows\system32\rqgmhb.dll
2009-02-21 09:08 129,024 a------- c:\windows\system32\ttbjbm.dll
2009-02-21 09:08 129,024 a------- c:\windows\system32\wnbiupsm.dll
2009-02-21 09:05 1,619,916 ---sh--- c:\windows\system32\pdpefplv.ini
2009-02-21 09:05 72,704 a------- c:\windows\system32\vlpfepdp.dll
2009-02-20 21:05 1,619,907 ---sh--- c:\windows\system32\pjlghurt.ini
2009-02-20 13:51 47,616 a------- c:\windows\system32\~.exe
2009-02-20 09:08 1,601,403 ---sh--- c:\windows\system32\thadqlxu.ini
2009-02-19 23:04 61,952 a------- c:\windows\system32\file.exe
2009-02-19 21:07 1,598,898 ---sh--- c:\windows\system32\iowdstnq.ini
2009-02-19 09:07 1,595,387 ---sh--- c:\windows\system32\nsdrlhfx.ini
2009-02-19 09:07 72,704 -------- c:\windows\system32\xfhlrdsn.dll
2009-02-18 21:07 1,593,734 ---sh--- c:\windows\system32\paomtfci.ini
2009-02-18 21:07 72,704 -------- c:\windows\system32\icftmoap.dll
2009-02-18 09:06 1,591,465 ---sh--- c:\windows\system32\lybxulhj.ini
2009-02-17 21:03 1,585,541 ---sh--- c:\windows\system32\qdwfnrfw.ini
2009-02-17 09:02 1,580,240 ---sh--- c:\windows\system32\moxrihdk.ini
2009-02-16 20:41 1,600,544 ---sh--- c:\windows\system32\iubncdkg.ini
2009-02-16 08:41 1,599,668 ---sh--- c:\windows\system32\gymbjhnl.ini
2009-02-15 20:41 1,594,042 ---sh--- c:\windows\system32\gaxtelpx.ini
2009-02-15 08:40 1,594,051 ---sh--- c:\windows\system32\qbwtjnre.ini
2009-02-14 20:43 1,594,042 ---sh--- c:\windows\system32\konwqgdu.ini
2009-02-14 08:43 1,594,051 ---sh--- c:\windows\system32\ybdroryq.ini
2009-02-13 08:40 1,594,042 ---sh--- c:\windows\system32\oqhsgjyf.ini
2009-02-12 08:39 1,545,068 ---sh--- c:\windows\system32\lwxbtudb.ini
2009-02-11 08:38 1,533,394 ---sh--- c:\windows\system32\icypeyeo.ini
2009-02-11 01:25 <DIR> --d----- c:\windows\ERUNT
2009-02-11 01:25 <DIR> --d----- C:\!FixIEDef
2009-02-10 20:47 <DIR> --d----- C:\VundoFix Backups
2009-02-10 08:36 1,533,394 ---sh--- c:\windows\system32\foccwcii.ini
2009-02-10 08:33 63,965 a------- c:\windows\system32\bijgkgpe.dll
2009-02-10 08:33 4,842 a--sh--- c:\windows\system32\RBeeNXbc.ini2
2009-02-10 08:33 4,842 a--sh--- c:\windows\system32\RBeeNXbc.ini
2009-02-10 08:33 302,592 a------- c:\windows\system32\cbXNeeBR.dll
2009-02-10 08:28 36,352 a------- c:\windows\system32\ljJBrPfd.dll
2009-02-10 08:27 36,352 a------- c:\windows\system32\iifDWOGv.dll
2009-02-09 15:42 72,725 a------- c:\windows\system32\efkmvxiw.dll
2009-02-09 15:33 36,352 a------- c:\windows\system32\nnnKdeCr.dll
2009-02-09 15:33 36,352 a------- c:\windows\system32\wvUkIYsR.dll
2009-02-08 19:18 72,725 a------- c:\windows\system32\wisjytvo.dll
2009-02-08 19:14 1,569,650 ---sh--- c:\windows\system32\dhnmylio.ini
2009-02-06 11:23 74,185 a------- c:\windows\system32\ejwftwhg.dll
2009-02-06 11:18 1,563,027 ---sh--- c:\windows\system32\ujqfqrgo.ini
2009-02-06 11:18 72,704 a------- c:\windows\system32\ogrqfqju.dll
2009-02-06 11:12 44,994 a------- c:\windows\system32\wvUliiIb.dll
2009-02-06 10:57 36,352 a------- c:\windows\system32\pmnKCSiI.dll
2009-02-06 10:57 36,352 a------- c:\windows\system32\wvUkKEXN.dll
2009-02-05 19:33 74,185 a------- c:\windows\system32\rttchlul.dll
2009-02-05 19:30 1,563,018 ---sh--- c:\windows\system32\oophiauf.ini
2009-02-05 19:27 40,355 a--sh--- c:\windows\system32\WDehjRqr.ini2
2009-02-05 19:27 40,525 a--sh--- c:\windows\system32\WDehjRqr.ini
2009-02-05 19:27 302,592 a------- c:\windows\system32\rqRjheDW.dll.vir
2009-02-05 19:22 28,934 a------- c:\windows\system32\ljJBSlLc.dll
2009-02-05 19:21 36,352 a------- c:\windows\system32\qoMdEtqQ.dll
2009-02-05 18:36 1 a------- c:\windows\system32\tb.dr
2009-02-05 18:30 1 a------- c:\windows\system32\rc.dat
2009-02-05 18:30 1 a------- c:\windows\system32\ps1.dat
2009-02-05 18:30 1 a------- c:\windows\system32\cs.dat
2009-02-05 18:30 1 a------- c:\windows\system32\bb1.dat
2009-02-05 18:30 1 a------- c:\windows\system32\cookie1.dat
2009-02-05 18:25 1 a------- c:\windows\system32\ak
2009-02-05 08:05 1,622,634 ---sh--- c:\windows\system32\ovagukam.ini
2009-02-05 08:05 142,547 a--sh--- c:\windows\system32\hbddrz.dll
2009-02-04 20:05 1,600,007 a--sh--- c:\windows\system32\agajowut.ini
2009-02-03 01:08 36,352 a------- c:\windows\system32\hgGvurom.dll
2009-02-03 01:08 36,352 a------- c:\windows\system32\iifgDwUO.dll
2009-02-02 15:43 1,550,279 ---sh--- c:\windows\system32\cyjakatu.ini
2009-02-01 15:39 1,550,279 ---sh--- c:\windows\system32\gvqwmior.ini
2009-01-31 15:48 <DIR> --d----- c:\program files\VnrPack
2009-01-31 15:48 <DIR> --d----- c:\program files\iCheck
2009-01-31 15:41 1,550,279 ---sh--- c:\windows\system32\kcsyaxfi.ini
2009-01-31 15:38 <DIR> --d----- c:\program files\WebShow
2009-01-31 15:38 303,773 a--sh--- c:\windows\system32\hjPsrBeg.ini2
2009-01-31 15:37 303,773 a--sh--- c:\windows\system32\hjPsrBeg.ini
2009-01-31 15:32 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\cogad

==================== Find3M ====================

2009-03-01 17:29 144,384 a--sh--- c:\windows\system32\lojaloke.dll
2009-03-01 17:29 107,520 a--sh--- c:\windows\system32\zuvararo.dll
2009-03-01 17:29 103,424 a--sh--- c:\windows\system32\likebowa.dll
2009-02-27 08:49 143,360 a--sh--- c:\windows\system32\dovetobu.dll
2009-02-27 08:49 110,080 a--sh--- c:\windows\system32\kagohuwu.dll
2009-02-27 08:49 102,912 a--sh--- c:\windows\system32\wutizenu.dll
2009-02-26 20:49 110,592 a--sh--- c:\windows\system32\hiboyihe.dll
2009-02-26 20:49 144,384 a--sh--- c:\windows\system32\huvidubo.dll
2009-02-26 08:49 109,568 a--sh--- c:\windows\system32\sidubage.dll
2009-02-26 08:49 142,848 a--sh--- c:\windows\system32\borugizo.dll
2009-02-26 08:49 102,912 -------- c:\windows\system32\vusegitu.dll
2009-02-25 20:48 143,360 a--sh--- c:\windows\system32\pitelupo.dll
2009-02-25 20:48 103,424 a--sh--- c:\windows\system32\fanimeza.dll
2009-02-25 20:48 110,592 a--sh--- c:\windows\system32\tajukoke.dll
2009-02-25 08:48 102,912 a--sh--- c:\windows\system32\yukikono.dll
2009-02-25 08:48 144,384 a--sh--- c:\windows\system32\weyuneve.dll
2009-02-25 08:48 107,520 a--sh--- c:\windows\system32\kohuhego.dll
2009-02-24 20:47 110,080 a--sh--- c:\windows\system32\balukulu.dll
2009-02-24 20:47 102,912 -------- c:\windows\system32\hiwemowo.dll
2009-02-24 20:47 145,408 a--sh--- c:\windows\system32\sibifoza.dll
2009-02-24 08:48 109,568 a--sh--- c:\windows\system32\pehipohu.dll
2009-02-24 08:48 142,848 a--sh--- c:\windows\system32\veketaha.dll
2009-02-23 13:58 109,568 a--sh--- c:\windows\system32\fadekiha.dll
2009-02-23 13:58 103,936 a--sh--- c:\windows\system32\jebifoye.dll
2009-02-23 13:58 144,384 a--sh--- c:\windows\system32\jipewozu.dll
2009-02-23 01:58 108,544 a--sh--- c:\windows\system32\penivupo.dll
2009-02-23 01:58 103,936 a--sh--- c:\windows\system32\ponovisi.dll
2009-02-23 01:58 143,872 a--sh--- c:\windows\system32\yipiwopa.dll
2009-02-05 08:05 142,547 a--sh--- c:\windows\system32\marewugo.dll
2009-02-05 08:05 101,589 a--sh--- c:\windows\system32\makugavo.dll
2009-01-20 19:28 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-09 02:41 19,493 a------- c:\docume~1\hp_adm~1\applic~1\inygynab.reg
2008-11-09 02:41 18,793 a------- c:\docume~1\hp_adm~1\applic~1\qipic.sys
2008-11-09 02:41 18,043 a------- c:\program files\common files\apap.dat
2008-11-09 02:41 10,664 a------- c:\program files\common files\cyviladive.ban
2008-11-09 02:41 15,292 a------- c:\docume~1\alluse~1\applic~1\suxebysuwu.reg
2007-10-23 09:57 30,550,676 a------- c:\program files\Symantec ver10_1 XP_2000.exe
2007-04-23 13:21 269,824 a------- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-04-23 13:11 224,896 a------- c:\windows\inf\wg111v3\wg111v3.sys
2006-12-15 10:30 315,392 a------- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 10:30 212,992 a------- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 10:30 98,304 a------- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 10:30 66,048 a------- c:\windows\inf\wg111v3\EAPPkt.sys
2006-12-15 10:30 28,672 a------- c:\windows\inf\wg111v3\SetDrv.exe
2006-12-15 10:30 20,480 a------- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 10:30 19,968 a------- c:\windows\inf\wg111v3\RTWREFU.EXE
0000-00-00 00:00 71,680 a--sh--- c:\windows\system32\davapefu.dll
0000-00-00 00:00 71,680 a--sh--- c:\windows\system32\nodededa.dll
0000-00-00 00:00 71,680 a--sh--- c:\windows\system32\yejudili.dll
2008-08-27 09:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 19:11:33.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:33 AM

Posted 06 March 2009 - 11:02 PM

Hello kelly977,

Sorry for the delay. We have many logs backed up.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DDS log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 06 March 2009 - 11:03 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:33 AM

Posted 17 March 2009 - 10:21 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users