Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Vundo, possibly other malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 slykitten

slykitten

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 30 March 2009 - 07:51 PM

My computer was infected with malware, leading to all kinds of different problems. For example, internet explorer pop-up ads will open (lots) even when I am not running Internet explorer. I have mostly avoided this problem by using a fresh download of Flock, but other various problems still crop up, and my computer runs oddly/slowly. I also keep getting an error message about a .dll file that can't be found (will write down exact message next time it occurs).

I have removed some files through these programs: Symantec Antivirus, Spybot Search and Destroy, and Malwarebytes' Anti Malware. However, problems persist, and I would like to find the root cause and remove it once and for all. I have also installed and run RegCure.

I appreciate any help you can offer! Thank you.

Here is my DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Lucifernomi at 19:31:44.04 on Mon 03/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.430 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\Tudou\·ÉĖŁTudou\TudouVa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Flock\flock.exe
C:\Documents and Settings\Lucifernomi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aimhome.netscape.com/aimhome.adp
uSearch Bar = hxxp://channels.aimtoday.com/search/aimtoolbar.jsp
mDefault_Page_URL = hxxp://www.alienware.com/mothership.aspx
uInternet Settings,ProxyOverride = local
{048652c9-f5b0-405b-9c20-578d89aca55c}
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7db094b1-c3aa-487c-b75e-cb9654e1a6b4} - c:\windows\system32\geBuUkll.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\ViewBarBHO.dll
BHO: {2d3c7872-4ba5-81c8-2e64-d7484484d0ea}: {ae0d4844-847d-46e2-8c18-5ab42787c3d2} - c:\windows\system32\udjuvp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {eff7206e-c8f4-494d-aea9-0c0cc5eb2c83} - c:\windows\system32\cbXRKedD.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
uRun: [Weather] c:\progra~1\aws\weathe~1\Weather.EXE 1
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [<NO NAME>]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [system tool] c:\windows\sysguard.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AGEIA PhysX SysTray] c:\program files\ageia technologies\TrayIcon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [e43d0b9c] rundll32.exe "c:\windows\system32\syrbnpuk.dll",b
uExplorerRun: [svcho] c:\windows\svcho.exe
StartupFolder: c:\docume~1\lucife~1\startm~1\programs\startup\deskto~1.lnk -

c:\docume~1\lucife~1\applic~1\microsoft\installer\{dba5e973-660d-4cbe-a469-f5c37fbf0ce4}\_C1A9BF9D98647632ED5172.exe
StartupFolder: c:\docume~1\lucife~1\startm~1\programs\startup\be30~1.lnk - c:\program files\tudou\·éėłtudou\TudouVa.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{3e5562ed-69ab-4cec-91e2-64e18ec5acc6}\Icon3E5562ED7.ico
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234674374187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: geBuUkll - geBuUkll.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: wbsys.dll c:\progra~1\google\google~1\GOEC62~1.DLL dyzhxr.dll cmfmpk.dll wqquvu.dll udjuvp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {7db094b1-c3aa-487c-b75e-cb9654e1a6b4} - c:\windows\system32\geBuUkll.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXRKedD

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lucife~1\applic~1\mozilla\firefox\profiles\17jaw2p2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\lucifernomi\application

data\mozilla\firefox\profiles\17jaw2p2.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R1 PStrip;PStrip;c:\windows\system32\drivers\PStrip.sys [2001-7-23 21616]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R1 TeksKernel;TeksKernel;c:\windows\system32\drivers\TeksKernel.sys [2004-7-8 9060]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-2-28 668936]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2004-12-9 15840]
R2 ProductivITService;ProductivIT Service;c:\program files\alienautopsy\TEKS_Service.exe [2004-7-8 77824]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090327.005\naveng.sys [2009-3-27 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090327.005\navex15.sys [2009-3-27 876144]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-2-29 894216]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]

=============== Created Last 30 ================

2009-03-30 14:10 125,440 a------- c:\windows\system32\udjuvp.dll
2009-03-30 14:10 125,440 a------- c:\windows\system32\ikkdudwa.dll
2009-03-30 14:10 81,920 a------- c:\windows\system32\syrbnpuk.dll
2009-03-30 14:10 3,336,257 ---sh--- c:\windows\system32\kupnbrys.ini
2009-03-30 02:13 3,332,453 ---sh--- c:\windows\system32\vgbilqda.ini
2009-03-30 02:10 125,440 a------- c:\windows\system32\tdpedapm.dll
2009-03-30 02:10 125,440 a------- c:\windows\system32\kpjjpg.dll
2009-03-29 14:13 125,440 a------- c:\windows\system32\nlptyqcp.dll
2009-03-29 14:13 125,440 a------- c:\windows\system32\cfclns.dll
2009-03-29 14:10 3,332,462 ---sh--- c:\windows\system32\oekiqwaw.ini
2009-03-29 02:13 3,332,453 ---sh--- c:\windows\system32\woldxbud.ini
2009-03-29 02:10 125,440 a------- c:\windows\system32\qpigfp.dll
2009-03-29 02:10 125,440 a------- c:\windows\system32\dxxeqhko.dll
2009-03-28 14:13 125,440 a------- c:\windows\system32\omvuer.dll
2009-03-28 14:13 125,440 a------- c:\windows\system32\mobrucrj.dll
2009-03-28 14:10 3,332,472 ---sh--- c:\windows\system32\dkmdaejg.ini
2009-03-28 02:13 3,332,453 ---sh--- c:\windows\system32\nmcqsyho.ini
2009-03-28 02:10 125,440 a------- c:\windows\system32\uzmdzk.dll
2009-03-28 02:10 125,440 a------- c:\windows\system32\pviyrtdx.dll
2009-03-27 14:10 3,332,453 ---sh--- c:\windows\system32\fgbamxla.ini
2009-03-27 14:10 125,440 a------- c:\windows\system32\qrugdz.dll
2009-03-27 14:10 125,440 a------- c:\windows\system32\jqgpeyyv.dll
2009-03-27 02:10 3,331,491 ---sh--- c:\windows\system32\eurjblho.ini
2009-03-27 02:10 125,440 a------- c:\windows\system32\oloswdsh.dll
2009-03-27 02:10 125,440 a------- c:\windows\system32\dqnpft.dll
2009-03-26 14:10 125,440 a------- c:\windows\system32\mkyxcg.dll
2009-03-26 14:10 125,440 a------- c:\windows\system32\dusngalh.dll
2009-03-26 14:10 3,331,491 ---sh--- c:\windows\system32\vebsgiya.ini
2009-03-26 13:59 10,752 -------- c:\windows\system32\IEHelper.dll_tobedeleted
2009-03-26 02:15 61,440 a------- c:\windows\system32\thulvlia.exe
2009-03-26 02:12 3,331,446 ---sh--- c:\windows\system32\vwbxytge.ini
2009-03-26 02:09 124,928 a------- c:\windows\system32\ohujmz.dll
2009-03-26 02:09 124,928 a------- c:\windows\system32\gjfwwpmk.dll
2009-03-26 00:53 53,248 a------- c:\windows\system32\mcenspc.dll
2009-03-25 14:12 3,331,445 ---sh--- c:\windows\system32\opgninss.ini
2009-03-25 14:09 61,440 a------- c:\windows\system32\fuugoygu.exe
2009-03-25 14:09 124,928 a------- c:\windows\system32\wjtebjak.dll
2009-03-25 14:09 124,928 a------- c:\windows\system32\pdzwls.dll
2009-03-25 02:09 3,336,256 ---sh--- c:\windows\system32\eqsgrkyf.ini
2009-03-25 02:09 124,928 a------- c:\windows\system32\uvkrblgo.dll
2009-03-25 02:09 124,928 a------- c:\windows\system32\obvkdz.dll
2009-03-24 14:12 124,928 a------- c:\windows\system32\ebsupibk.dll
2009-03-24 14:12 124,928 a------- c:\windows\system32\cdqtgo.dll
2009-03-24 14:09 3,336,256 ---sh--- c:\windows\system32\vudqeshh.ini
2009-03-24 02:12 1,419,344 ---sh--- c:\windows\system32\utjgnqnl.ini
2009-03-24 02:09 124,928 a------- c:\windows\system32\swccmvah.dll
2009-03-24 02:09 124,928 a------- c:\windows\system32\novevi.dll
2009-03-23 17:32 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-23 14:10 1,419,344 ---sh--- c:\windows\system32\gbgphvgk.ini
2009-03-23 14:07 124,928 a------- c:\windows\system32\vmdtnjts.dll
2009-03-23 14:07 124,928 a------- c:\windows\system32\ulhdgf.dll
2009-03-23 02:10 124,928 a------- c:\windows\system32\uegmqggj.dll
2009-03-23 02:10 124,928 a------- c:\windows\system32\owcoxf.dll
2009-03-23 02:07 1,800,129 ---sh--- c:\windows\system32\unyujgaa.ini
2009-03-22 14:10 124,928 a------- c:\windows\system32\sdfsvr.dll
2009-03-22 14:10 124,928 a------- c:\windows\system32\bvggcprj.dll
2009-03-22 14:07 1,800,138 ---sh--- c:\windows\system32\pkxowxxs.ini
2009-03-22 02:10 124,928 a------- c:\windows\system32\njkjxo.dll
2009-03-22 02:10 124,928 a------- c:\windows\system32\adxtqcdb.dll
2009-03-22 02:07 1,800,129 ---sh--- c:\windows\system32\jinpjmii.ini
2009-03-21 14:10 124,928 a------- c:\windows\system32\sypduruf.dll
2009-03-21 14:10 124,928 a------- c:\windows\system32\ciuzfw.dll
2009-03-21 14:07 1,800,138 ---sh--- c:\windows\system32\ugrtixbg.ini
2009-03-21 02:10 1,800,129 ---sh--- c:\windows\system32\vdinrlvo.ini
2009-03-21 02:08 124,928 a------- c:\windows\system32\kfoakg.dll
2009-03-21 02:07 124,928 a------- c:\windows\system32\mtvecunv.dll
2009-03-20 14:10 1,800,138 ---sh--- c:\windows\system32\jhtpdewn.ini
2009-03-20 14:07 124,928 a------- c:\windows\system32\ljiqvn.dll
2009-03-20 14:07 124,928 a------- c:\windows\system32\kpcimtec.dll
2009-03-20 02:10 124,928 a------- c:\windows\system32\rwnhtmnp.dll
2009-03-20 02:10 124,928 a------- c:\windows\system32\ebydgb.dll
2009-03-20 02:07 1,797,427 ---sh--- c:\windows\system32\vfynuoci.ini
2009-03-19 14:10 1,797,414 ---sh--- c:\windows\system32\mvmgjidp.ini
2009-03-19 14:07 124,928 a------- c:\windows\system32\owuhqmfa.dll
2009-03-19 14:07 124,928 a------- c:\windows\system32\mjiiib.dll
2009-03-19 02:07 2,032,615 ---sh--- c:\windows\system32\asgukkxx.ini
2009-03-19 02:07 124,928 a------- c:\windows\system32\nracho.dll
2009-03-19 02:07 124,928 a------- c:\windows\system32\ftbfhcni.dll
2009-03-18 14:07 2,032,615 ---sh--- c:\windows\system32\pdxfabsy.ini
2009-03-18 14:07 124,928 a------- c:\windows\system32\ntfmxqws.dll
2009-03-18 14:07 124,928 a------- c:\windows\system32\eoyina.dll
2009-03-18 02:07 124,928 a------- c:\windows\system32\vldaxlqn.dll
2009-03-18 02:07 124,928 a------- c:\windows\system32\kxuljy.dll
2009-03-18 02:07 1,977,920 ---sh--- c:\windows\system32\ghejudyi.ini
2009-03-17 14:07 124,928 a------- c:\windows\system32\oankvi.dll
2009-03-17 14:07 124,928 a------- c:\windows\system32\vcqnuhau.dll
2009-03-17 14:07 1,977,920 ---sh--- c:\windows\system32\cygguoye.ini
2009-03-17 02:07 124,928 a------- c:\windows\system32\helkbg.dll
2009-03-17 02:07 124,928 a------- c:\windows\system32\yjhrmoku.dll
2009-03-17 02:07 1,953,601 ---sh--- c:\windows\system32\vxfgdwdc.ini
2009-03-16 14:07 1,953,601 ---sh--- c:\windows\system32\lteubhmo.ini
2009-03-16 14:07 124,928 a------- c:\windows\system32\qtctwx.dll
2009-03-16 14:07 124,928 a------- c:\windows\system32\qnpakcuf.dll
2009-03-16 02:07 1,933,389 ---sh--- c:\windows\system32\iplrhjcl.ini
2009-03-16 02:07 124,928 a------- c:\windows\system32\xnrbjjfw.dll
2009-03-16 02:07 124,928 a------- c:\windows\system32\bbwxiq.dll
2009-03-15 14:07 124,928 a------- c:\windows\system32\rbgvdh.dll
2009-03-15 14:07 124,928 a------- c:\windows\system32\hmwqefqg.dll
2009-03-15 14:07 1,933,389 ---sh--- c:\windows\system32\vwhljorv.ini
2009-03-15 02:07 1,933,389 ---sh--- c:\windows\system32\efcpiqie.ini
2009-03-15 02:07 124,928 a------- c:\windows\system32\vrnamnoq.dll
2009-03-15 02:07 124,928 a------- c:\windows\system32\qsdgzl.dll
2009-03-14 14:10 124,928 a------- c:\windows\system32\jcyfsj.dll
2009-03-14 14:10 124,928 a------- c:\windows\system32\doathnvn.dll
2009-03-14 14:07 1,933,389 ---sh--- c:\windows\system32\efhrakby.ini
2009-03-14 02:10 124,928 a------- c:\windows\system32\qrliss.dll
2009-03-14 02:10 124,928 a------- c:\windows\system32\vcqckrxw.dll
2009-03-14 02:07 1,933,389 ---sh--- c:\windows\system32\yornucke.ini
2009-03-13 14:11 1,933,389 ---sh--- c:\windows\system32\bcvjgcjt.ini
2009-03-13 14:08 125,440 a------- c:\windows\system32\xudtra.dll
2009-03-13 14:08 125,440 a------- c:\windows\system32\qcdtetux.dll
2009-03-13 02:11 125,440 a------- c:\windows\system32\qeertikt.dll
2009-03-13 02:11 125,440 a------- c:\windows\system32\ofqafw.dll
2009-03-13 02:08 1,831,115 ---sh--- c:\windows\system32\ijorjnys.ini
2009-03-12 14:11 125,440 a------- c:\windows\system32\rjiqaw.dll
2009-03-12 14:11 125,440 a------- c:\windows\system32\erwrleqv.dll
2009-03-12 14:08 1,831,115 ---sh--- c:\windows\system32\uulyrfmx.ini
2009-03-12 02:05 125,440 a------- c:\windows\system32\uyvkxrge.dll
2009-03-12 02:05 125,440 a------- c:\windows\system32\kuldki.dll
2009-03-12 02:03 1,831,115 ---sh--- c:\windows\system32\xjkuddae.ini
2009-03-11 12:54 1,831,115 ---sh--- c:\windows\system32\omuwsixi.ini
2009-03-11 12:51 125,440 a------- c:\windows\system32\rjugrayn.dll
2009-03-11 12:51 125,440 a------- c:\windows\system32\kyitmg.dll
2009-03-11 00:42 125,440 a------- c:\windows\system32\uknejt.dll
2009-03-11 00:42 125,440 a------- c:\windows\system32\vcvjtmop.dll
2009-03-11 00:42 1,831,115 ---sh--- c:\windows\system32\bfeenshg.ini
2009-03-10 12:42 125,440 a------- c:\windows\system32\yxfmhk.dll
2009-03-10 12:42 125,440 a------- c:\windows\system32\gnwigdjs.dll
2009-03-10 12:42 1,831,115 ---sh--- c:\windows\system32\dedaqgoc.ini
2009-03-10 00:42 1,831,115 ---sh--- c:\windows\system32\ympcpjnf.ini
2009-03-10 00:42 125,440 a------- c:\windows\system32\mhapso.dll
2009-03-10 00:42 125,440 a------- c:\windows\system32\dfdnqmdc.dll
2009-03-09 12:42 125,440 a------- c:\windows\system32\vxcvel.dll
2009-03-09 12:42 125,440 a------- c:\windows\system32\abpkjlll.dll
2009-03-09 12:39 1,831,115 ---sh--- c:\windows\system32\ggfgeewi.ini
2009-03-09 12:38 125,440 a------- c:\windows\system32\ufvpen.dll
2009-03-09 12:38 125,440 a------- c:\windows\system32\tusyoxka.dll
2009-03-07 14:15 1,831,115 ---sh--- c:\windows\system32\cdmcfsmp.ini
2009-03-07 14:15 125,440 a------- c:\windows\system32\qcdkimur.dll
2009-03-07 14:15 125,440 a------- c:\windows\system32\npdbow.dll
2009-03-07 02:15 125,440 a------- c:\windows\system32\qubaat.dll
2009-03-07 02:15 125,440 a------- c:\windows\system32\xhgwugjx.dll
2009-03-07 02:15 1,831,115 ---sh--- c:\windows\system32\kqgsdpuv.ini
2009-03-06 14:15 1,831,115 ---sh--- c:\windows\system32\kleweuhc.ini
2009-03-06 14:15 125,440 a------- c:\windows\system32\ngllkcdv.dll
2009-03-06 14:15 125,440 a------- c:\windows\system32\csodsc.dll
2009-03-06 02:15 1,831,115 ---sh--- c:\windows\system32\cvpnwswb.ini
2009-03-06 02:15 125,440 a------- c:\windows\system32\tlbwwd.dll
2009-03-06 02:15 125,440 a------- c:\windows\system32\fbpdcwbp.dll
2009-03-05 14:15 1,831,115 ---sh--- c:\windows\system32\mcxkdanq.ini
2009-03-05 14:15 125,440 a------- c:\windows\system32\ewcaaaca.dll
2009-03-05 14:15 125,440 a------- c:\windows\system32\bpcpsb.dll
2009-03-05 02:15 1,819,279 ---sh--- c:\windows\system32\chsvwjyq.ini
2009-03-05 02:15 125,440 a------- c:\windows\system32\vmqiuc.dll
2009-03-05 02:15 125,440 a------- c:\windows\system32\tyecmooy.dll
2009-03-04 14:15 125,440 a------- c:\windows\system32\gixtsj.dll
2009-03-04 14:15 125,440 a------- c:\windows\system32\ahndjirs.dll
2009-03-04 14:15 1,819,279 ---sh--- c:\windows\system32\uncbsvqn.ini
2009-03-04 02:15 1,666,092 ---sh--- c:\windows\system32\gwqmxfue.ini
2009-03-04 02:15 125,440 a------- c:\windows\system32\hivzme.dll
2009-03-04 02:15 125,440 a------- c:\windows\system32\bylnajju.dll
2009-03-03 14:15 125,440 a------- c:\windows\system32\qmnsvp.dll
2009-03-03 14:15 125,440 a------- c:\windows\system32\mknxmgmx.dll
2009-03-03 14:15 1,666,092 ---sh--- c:\windows\system32\rauqgdmh.ini
2009-03-03 02:15 125,440 a------- c:\windows\system32\rklkko.dll
2009-03-03 02:15 125,440 a------- c:\windows\system32\cdncnngx.dll
2009-03-03 02:15 1,666,072 ---sh--- c:\windows\system32\gtxbyupu.ini
2009-03-02 14:15 125,440 a------- c:\windows\system32\zzxijr.dll
2009-03-02 14:15 125,440 a------- c:\windows\system32\bqagiihp.dll
2009-03-02 14:15 1,666,072 ---sh--- c:\windows\system32\onjdotuj.ini
2009-03-02 02:18 125,440 a------- c:\windows\system32\tfyfngds.dll
2009-03-02 02:18 125,440 a------- c:\windows\system32\myfjvb.dll
2009-03-02 02:15 1,665,484 ---sh--- c:\windows\system32\jlmhoejd.ini
2009-03-01 14:15 125,440 a------- c:\windows\system32\rplhka.dll
2009-03-01 14:15 125,440 a------- c:\windows\system32\rubseoic.dll
2009-02-28 20:10 1,665,484 ---sh--- c:\windows\system32\cnccmmqk.ini
2009-02-28 20:08 125,440 a------- c:\windows\system32\ozdprf.dll
2009-02-28 20:08 125,440 a------- c:\windows\system32\tyhdcfyt.dll

==================== Find3M ====================

2009-03-30 19:31 4,477 a--sh--- c:\windows\system32\DdeKRXbc.ini2
2009-02-28 06:59 125,440 a------- c:\windows\system32\vtwfuo.dll
2009-02-28 06:59 125,440 a------- c:\windows\system32\mrlnbanw.dll
2009-02-27 18:57 73,728 a------- c:\windows\system32\qcessgef.dll
2009-02-27 18:57 125,440 a------- c:\windows\system32\vhlbdqgd.dll
2009-02-27 18:57 125,440 a------- c:\windows\system32\cslhaj.dll
2009-02-27 06:57 125,440 a------- c:\windows\system32\julfnjvk.dll
2009-02-27 06:57 125,440 a------- c:\windows\system32\gkzssf.dll
2009-02-26 19:00 125,440 a------- c:\windows\system32\ornessqw.dll
2009-02-26 19:00 125,440 a------- c:\windows\system32\mxkmix.dll
2009-02-26 06:57 125,440 a------- c:\windows\system32\svfuyi.dll
2009-02-26 06:57 125,440 a------- c:\windows\system32\brysmdnj.dll
2009-02-25 18:57 125,440 a------- c:\windows\system32\ttdenh.dll
2009-02-25 18:57 125,440 a------- c:\windows\system32\eqvmktvt.dll
2009-02-25 06:57 125,440 a------- c:\windows\system32\cocrarkf.dll
2009-02-25 06:57 125,440 a------- c:\windows\system32\blwbas.dll
2009-02-24 18:57 125,440 a------- c:\windows\system32\knpeuh.dll
2009-02-24 18:57 125,440 a------- c:\windows\system32\hwyakjfg.dll
2009-02-24 06:57 125,440 a------- c:\windows\system32\vharrfba.dll
2009-02-24 06:57 125,440 a------- c:\windows\system32\geclow.dll
2009-02-23 18:57 125,440 a------- c:\windows\system32\zdvopt.dll
2009-02-23 18:57 125,440 a------- c:\windows\system32\jlbnagxo.dll
2009-02-22 19:40 125,440 a------- c:\windows\system32\szcmfb.dll
2009-02-22 19:40 125,440 a------- c:\windows\system32\bxyhguga.dll
2009-02-22 19:36 125,440 a------- c:\windows\system32\wesxbwgw.dll
2009-02-22 19:36 125,440 a------- c:\windows\system32\nxxbvl.dll
2009-02-21 03:36 125,440 a------- c:\windows\system32\guynvx.dll
2009-02-21 03:36 125,440 a------- c:\windows\system32\fxgputdc.dll
2009-02-21 03:36 73,728 a------- c:\windows\system32\gvqshxgr.dll
2009-02-20 15:36 124,416 a------- c:\windows\system32\mrofpylq.dll
2009-02-20 15:36 124,416 a------- c:\windows\system32\kbsnie.dll
2009-02-20 03:36 124,416 a------- c:\windows\system32\tywgzu.dll
2009-02-20 03:36 124,416 a------- c:\windows\system32\bfstbjev.dll
2009-02-19 15:36 124,416 a------- c:\windows\system32\vdyshtrj.dll
2009-02-19 15:36 124,416 a------- c:\windows\system32\pqoqqv.dll
2009-02-19 03:36 124,416 a------- c:\windows\system32\iwewoxwk.dll
2009-02-19 03:36 124,416 a------- c:\windows\system32\dsighh.dll
2009-02-18 15:36 124,416 a------- c:\windows\system32\tefxyc.dll
2009-02-18 15:36 124,416 a------- c:\windows\system32\mjvuhiay.dll
2009-02-18 03:36 124,416 a------- c:\windows\system32\hdmcbc.dll
2009-02-18 03:36 124,416 a------- c:\windows\system32\fkoshtpk.dll
2009-02-18 02:36 124,416 a------- c:\windows\system32\uuhkgkif.dll
2009-02-18 02:36 124,416 a------- c:\windows\system32\cyjilu.dll
2009-02-17 22:50 126,464 a------- c:\windows\system32\rkpmqixn.dll
2009-02-17 22:50 126,464 a------- c:\windows\system32\juzsbj.dll
2009-02-17 02:34 124,416 a------- c:\windows\system32\lrgebv.dll
2009-02-17 02:34 124,416 a------- c:\windows\system32\dxxspqav.dll
2009-02-16 22:50 126,464 a------- c:\windows\system32\gfptmuql.dll
2009-02-16 22:50 126,464 a------- c:\windows\system32\cgcygk.dll
2009-02-16 12:17 123,904 a------- c:\windows\system32\wrxzkq.dll
2009-02-16 12:17 123,904 a------- c:\windows\system32\ohegfufu.dll
2009-02-16 00:16 123,904 a------- c:\windows\system32\pmoufqvo.dll
2009-02-16 00:16 123,904 a------- c:\windows\system32\lgbxba.dll
2009-02-15 22:50 126,464 a------- c:\windows\system32\fwujvq.dll
2009-02-15 22:50 126,464 a------- c:\windows\system32\cncfdrdj.dll
2009-02-15 12:16 123,904 a------- c:\windows\system32\mskfecaw.dll
2009-02-15 12:16 123,904 a------- c:\windows\system32\jpxvfr.dll
2009-02-15 00:24 126,464 a------- c:\windows\system32\feunjtmk.dll
2009-02-15 00:24 126,464 a------- c:\windows\system32\alwabo.dll
2009-02-15 00:15 123,904 a------- c:\windows\system32\yrsbkj.dll
2009-02-15 00:15 123,904 a------- c:\windows\system32\rlxldrom.dll
2009-02-15 00:02 126,464 a------- c:\windows\system32\pojyro.dll
2009-02-15 00:02 126,464 a------- c:\windows\system32\lhdtmdcs.dll
2009-02-14 22:43 126,464 a------- c:\windows\system32\uwbcnk.dll
2009-02-14 22:43 126,464 a------- c:\windows\system32\mpejytcl.dll
2009-02-14 12:15 123,904 a------- c:\windows\system32\pilivk.dll
2009-02-14 12:15 123,904 a------- c:\windows\system32\jijomary.dll
2009-02-13 23:53 126,464 a------- c:\windows\system32\mmendc.dll
2009-02-13 23:53 126,464 a------- c:\windows\system32\jrufdbca.dll
2009-02-13 15:24 123,904 a------- c:\windows\system32\mwrkei.dll
2009-02-13 15:24 123,904 a------- c:\windows\system32\kmgpxssy.dll
2009-02-12 23:51 126,464 a------- c:\windows\system32\vjzobf.dll
2009-02-12 23:51 126,464 a------- c:\windows\system32\nsgayqam.dll
2009-02-12 15:24 123,904 a------- c:\windows\system32\gaxfoxfe.dll
2009-02-12 15:24 123,904 a------- c:\windows\system32\bswawh.dll
2009-02-11 23:51 126,464 a------- c:\windows\system32\qfmowqlt.dll
2009-02-11 23:51 126,464 a------- c:\windows\system32\ihbscc.dll
2009-02-11 15:24 123,904 a------- c:\windows\system32\yixclj.dll
2009-02-11 15:24 123,904 a------- c:\windows\system32\sfkdcgjv.dll
2009-02-10 23:51 126,464 a------- c:\windows\system32\xkpheytg.dll
2009-02-10 23:51 126,464 a------- c:\windows\system32\sifrda.dll
2009-02-10 15:24 123,904 a------- c:\windows\system32\ubigench.dll
2009-02-10 15:24 123,904 a------- c:\windows\system32\nkvhvp.dll
2009-02-09 23:48 126,464 a------- c:\windows\system32\jgdutmkr.dll
2009-02-09 23:48 126,464 a------- c:\windows\system32\ddicuj.dll
2009-02-09 15:24 123,904 a------- c:\windows\system32\zhbqmj.dll
2009-02-09 15:24 123,904 a------- c:\windows\system32\slftfsfn.dll
2009-02-09 15:21 303,616 a------- c:\windows\system32\cbXRKedD.dll
2009-02-08 23:48 126,464 a------- c:\windows\system32\koleuvxm.dll
2009-02-08 23:48 126,464 a------- c:\windows\system32\ainlkj.dll
2009-02-07 23:51 126,464 a------- c:\windows\system32\yhmakg.dll
2009-02-07 23:51 126,464 a------- c:\windows\system32\tismfken.dll
2009-02-07 23:36 126,464 a------- c:\windows\system32\yhjpvsij.dll
2009-02-07 23:36 126,464 a------- c:\windows\system32\gagbeo.dll
2009-02-06 23:33 126,464 a------- c:\windows\system32\pvvyon.dll
2009-02-06 23:33 126,464 a------- c:\windows\system32\dxpklcmt.dll
2009-02-06 20:03 126,464 a------- c:\windows\system32\geqwom.dll
2009-02-06 20:03 126,464 a------- c:\windows\system32\drnpvifn.dll
2009-02-06 15:30 126,464 a------- c:\windows\system32\zmjnjg.dll
2009-02-06 15:30:24 A------- 126,464 c:\windows\system32\jsmolrly.dll

============= FINISH: 19:33:58.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:19 PM

Posted 01 April 2009 - 10:51 PM

Hi slykitten,

The following is referring to RegCure.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
[*]Registry tools can cause irreparable damage to your Operating System
[*]Registry tools can, as a result of the above, render your pc to be inoperable.


I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now, if you did not install it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you uninstalled, please navigate to and delete the following folders
C:\Program Files\Viewpoint



Please update and run Malwarebytes' Anti-Malware
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DDS log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 01 April 2009 - 11:01 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:19 PM

Posted 11 April 2009 - 04:10 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users