Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Vundo Trojan infection; iexplore.exe pop-up ads, various other symptoms

  • This topic is locked This topic is locked
2 replies to this topic

#1 Pinkerton492


  • Members
  • 6 posts
  • Local time:06:05 AM

Posted 22 October 2009 - 09:52 PM

Yet another victim of Vundo, I simply cannot purge my system of it by any ordinary or conventional means. the pop-ups, which occured with Iexplore.exe (internet explorer) still occur regardless that i've uninstalled IE8 from my computer ( though now instead of 2 iexplore.exe's that appear, only one does now). i've installed Mbam.exe (having to change the name since it deleted Malware bytes previously) again, ran that several times, and recieved minimal success. As with AVG8.5, which Vundo had also disabled. Vundo has also affected Windows Update so that it cannot and will not scan for updates, ever.
Other symptoms are, what i believe is called "service in denial" with Facebook (it refuses to let javascript thinger's run properly, if at all). occasionally a clicked link on Google will lead to a fake-antispyware site thing, as opposed to whatever i wanted to search. I've experienced severe Slow-downs with Mozilla Firefox (latest version) as well as Google Chrome, and twice have I received Blue Screens. Scold me for not speaking of what it says, but i do believe they are merely from pushing my Computer to the limit with Page-file - filling Browser games. (503 RAM, :/) regardless, I felt it was worth mentioning.
I have ran CCleaner.exe on my computer, and that has deleted small instances of Vundo very briefly. shortly after (a couple of hours later) a new .exe(s) and a bunch of other junk make up for it. most of the .exe's are all numbers (examples being 89925841.exe and 40797178.exe) as well as some scrambled letter messes that occur on start-ups, but don't seem to return until another startup, changing if I deleted the previous.
I have attached an image file of some of the .exe's on my processes in Task Manager, including two more examples of the numerical .exe's, as well as two other programs (Reg.exe and rundll32.exe) that I question their motives. the rest of the programs i am familiar with and serve no problems to me (MpfTray.exe, Mcafee security, has been a bit... faulty for ever since I recall. however, half working is better than not at all). Thank you for bearing with my life story about my Vundo Problems, I'll attach the stuff and let you work your magic with these symptoms in mind.

SOME PROCESSES USED FOR THESE SCANS HAVE HAD THEIR NAMES SLIGHTLY ALTERED TO AVOID VIRAL INSERTION/SUPERSTITION, much like how you'd install Malwarebytes again with a different name. (Hijokethis, BRootBrepeal, dBds) sorry!

DDS stuff:

DDS (Ver_09-10-13.01) - NTFSx86
Run by Nick at 21:47:27.32 on Thu 10/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.132 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nick\Desktop\HijokeThis.exe
C:\Documents and Settings\Nick\Desktop\dBds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {0F8C5DCE-408D-4D6E-804D-EE75F10A9C63} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4299F9CB-4039-4892-B8C3-37FCBEC21BD5} - No File
BHO: {AA1A4F83-B4AC-4859-8C91-21DBE6C5625B} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\nick\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [podalatog] Rundll32.exe "c:\windows\system32\famatoge.dll",a
mRunServices: [System Kernal Support] system.exe
mRunServices: [yrbsbeu] c:\windows\system32\yrbsbeu.exe
mRunServices: [uouhtoemlygx] c:\windows\system32\uouhtoemlygx.exe
mRunServices: [i] c:\windows\system32\i.exe
mRunServices: [iyeginkwe] c:\windows\system32\iyeginkwe.exe
mRunServices: [gm] c:\windows\system32\gm.exe
mRunServices: [rakvb] c:\windows\system32\rakvb.exe
mRunServices: [tiluiponwx] c:\windows\system32\tiluiponwx.exe
mRunServices: [extp] c:\windows\system32\extp.exe
mRunServices: [kcplgni] c:\windows\system32\kcplgni.exe
mRunServices: [dtrnupk] c:\windows\system32\dtrnupk.exe
mRunServices: [tt] c:\windows\system32\tt.exe
mRunServices: [vdqagkx] c:\windows\system32\vdqagkx.exe
mRunServices: [ezziwnv] c:\windows\system32\ezziwnv.exe
mRunServices: [ymd] c:\windows\system32\ymd.exe
mRunServices: [saz] c:\windows\system32\saz.exe
mRunServices: [thf] c:\windows\system32\thf.exe
mRunServices: [dxwvdcdiqcv] c:\windows\system32\dxwvdcdiqcv.exe
mRunServices: [alzyxqck] c:\windows\system32\alzyxqck.exe
mRunServices: [orzpnn] c:\windows\system32\orzpnn.exe
mRunServices: [ggdabhe] c:\windows\system32\ggdabhe.exe
mRunServices: [r] c:\windows\system32\r.exe
mRunServices: [ksjnumhzkgxd] c:\windows\system32\ksjnumhzkgxd.exe
mRunServices: [nwcnlaeogr] c:\windows\system32\nwcnlaeogr.exe
mRunServices: [zibynwf] c:\windows\system32\zibynwf.exe
mRunServices: [cwl] c:\windows\system32\cwl.exe
mRunServices: [hsxaefdvuw] c:\windows\system32\hsxaefdvuw.exe
mRunServices: [gkefyoambbjr] c:\windows\system32\gkefyoambbjr.exe
mRunServices: [jdzesci] c:\windows\system32\jdzesci.exe
mRunServices: [tvkn] c:\windows\system32\tvkn.exe
mRunServices: [kgrvy] c:\windows\system32\kgrvy.exe
mRunServices: [tppgapl] c:\windows\system32\tppgapl.exe
mRunServices: [xqhtkxw] c:\windows\system32\xqhtkxw.exe
mRunServices: [owklbhbtkxj] c:\windows\system32\owklbhbtkxj.exe
mRunServices: [hex] c:\windows\system32\hex.exe
mRunServices: [uhjuxd] c:\windows\system32\uhjuxd.exe
mRunServices: [rmaal] c:\windows\system32\rmaal.exe
mRunServices: [uopkg] c:\windows\system32\uopkg.exe
mRunServices: [trwqlhhz] c:\windows\system32\trwqlhhz.exe
mRunServices: [jeb] c:\windows\system32\jeb.exe
mRunServices: [bbvtz] c:\windows\system32\bbvtz.exe
mRunServices: [sx] c:\windows\system32\sx.exe
mRunServices: [afhhejk] c:\windows\system32\afhhejk.exe
mRunServices: [rezftzbix] c:\windows\system32\rezftzbix.exe
mRunServices: [h] c:\windows\system32\h.exe
mRunServices: [pliq] c:\windows\system32\pliq.exe
mRunServices: [qtom] c:\windows\system32\qtom.exe
mRunServices: [sg] c:\windows\system32\sg.exe
mRunServices: [qwipahoiymq] c:\windows\system32\qwipahoiymq.exe
mRunServices: [dvy] c:\windows\system32\dvy.exe
mRunServices: [ynrkwndaavt] c:\windows\system32\ynrkwndaavt.exe
mRunServices: [ihcabpr] c:\windows\system32\ihcabpr.exe
mRunServices: [pfvvlcwr] c:\windows\system32\pfvvlcwr.exe
mRunServices: [kbcdnhgkgjyk] c:\windows\system32\kbcdnhgkgjyk.exe
mRunServices: [gyfnfb] c:\windows\system32\gyfnfb.exe
mRunServices: [yyvjyozh] c:\windows\system32\yyvjyozh.exe
StartupFolder: c:\docume~1\nick\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
IE: &Search
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: aol.com\my.screenname
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} - hxxp://www.terp17.com/ax/axo.cab
DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - hxxp://cabs.elitemediagroup.net/cabs/eliteview.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235265835197
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235266019025
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: bmbxadob - bmbxadob.dll
Notify: bvolg - c:\windows\apppatch\bvolg.dll
Notify: efcaBsrs - efcaBsrs.dll
Notify: igfxcui - igfxdev.dll
Notify: jkhfc - jkhfc.dll
Notify: oviehduw - oviehduw.dll
AppInit_DLLs: minepc.dll c:\windows\system32\hosirobi.dll c:\windows\system32\dayapepa.dll c:\windows\system32\yirumuno.dll yiralujo.dll c:\windows\system32\nowowise.dll c:\windows\system32\famatoge.dll
SSODL: bolanuvur - {5b99e56b-006d-48f4-8d47-37695ded013a} - No File
SSODL: rabefiyos - {6ba117f2-95e7-4f5f-865e-818fb4bd9b6c} - No File
SSODL: keyinonok - {1d50a45d-19ab-42ce-8930-49ade1085185} - No File
SSODL: fibifakuk - {6cb30bbc-324f-4306-b19d-687f9d305789} - c:\windows\system32\famatoge.dll
STS: {5b99e56b-006d-48f4-8d47-37695ded013a} - No File
STS: {6ba117f2-95e7-4f5f-865e-818fb4bd9b6c} - No File
STS: {1d50a45d-19ab-42ce-8930-49ade1085185} - No File
STS: gahurihor: {6cb30bbc-324f-4306-b19d-687f9d305789} - c:\windows\system32\famatoge.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: {493F974E-FEAE-459E-B770-D9262474EB97} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRJYqoN
LSA: Notification Packages = scecli tadepabe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\mkztoo1n.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\nick\local settings\application data\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-20 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-20 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 297752]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-12 14336]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2006-3-11 36224]
S2 AOLSVCHst;AOL Service Host;"c:\windows\debug\aolhost.exe" --> c:\windows\debug\aolhost.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-18 24652]
S2 WMPNSVC;Windows Media Performance;"c:\windows\repair\wmpsvc.exe" --> c:\windows\repair\wmpsvc.exe [?]
S2 yxoeop7yeo;Print Spooler Service;c:\windows\system32\yyvjyozh.exe /service --> c:\windows\system32\yyvjyozh.exe [?]
S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10621.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10621.sys [?]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [2009-5-28 324096]
S3 MmedFilter;MmedFilter;\??\c:\windows\system32\drivers\mmedfilter.sys --> c:\windows\system32\drivers\MmedFilter.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\xdva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\xdva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\xdva186.sys --> c:\windows\system32\XDva186.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva195;XDva195;\??\c:\windows\system32\xdva195.sys --> c:\windows\system32\XDva195.sys [?]

=============== Created Last 30 ================

2009-10-22 17:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\06867431
2009-10-22 04:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\02581218
2009-10-21 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\28331219
2009-10-21 04:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\20487526
2009-10-20 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\98081329
2009-10-20 04:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\30362620
2009-10-19 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\91548734
2009-10-18 22:35 <DIR> --d----- c:\program files\CCleaner
2009-10-12 17:46 <DIR> --dsh--- c:\documents and settings\nick\PrivacIE
2009-10-12 17:40 <DIR> --dsh--- c:\documents and settings\nick\IETldCache
2009-10-12 17:33 78,336 a------- c:\windows\system32\ieencode.dll
2009-10-12 17:33 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-10-10 16:39 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-10 16:13 <DIR> --d----- c:\docume~1\nick\applic~1\AVG8
2009-10-08 16:09 <DIR> --d----- C:\VundoFix Backups
2009-10-05 17:52 12,496 a------- c:\windows\MSPuzzle.dat
2009-10-05 17:44 <DIR> --d----- c:\program files\Microsoft Games
2009-09-28 18:09 <DIR> --d----- c:\docume~1\nick\applic~1\Unity
2009-09-28 18:04 <DIR> --d----- c:\program files\Unity

==================== Find3M ====================

2009-10-10 16:20 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-10 16:20 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-10 16:20 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-13 20:18 37 a------- c:\documents and settings\nick\jagex_runescape_preferences.dat
2009-09-13 20:14 45 a------- c:\documents and settings\nick\jagex_runescape_preferences2.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-09 16:05 103,535 a------- c:\windows\hpoins04.dat
2009-08-19 03:08 4,878 a------- c:\windows\system32\PerfStringBackup.TMP
2006-11-12 22:04 1,487,941 ac-sh--- c:\windows\apppatch\glovb.bak1
2006-12-20 22:18 1,516,195 ac-sh--- c:\windows\apppatch\glovb.bak2
2006-12-21 21:26 1,501,350 ac-sh--- c:\windows\apppatch\glovb.ini2
2009-07-18 16:58 1,114,994 a--sh--- c:\windows\system32\biwoguto.exe
2009-07-15 04:16 38,912 a--sh--- c:\windows\system32\borageho.dll
2009-07-09 16:13 1,011,718 a--sh--- c:\windows\system32\buyetuza.exe
2009-07-08 16:13 1,011,424 a--sh--- c:\windows\system32\dinibafi.exe
2009-07-15 04:16 1,114,600 a--sh--- c:\windows\system32\dogesuza.exe
2009-07-22 16:59 37,888 a--sh--- c:\windows\system32\dowileyi.dll
2009-07-16 04:56 88,576 a--sh--- c:\windows\system32\fafagage.dll
2009-07-22 16:59 89,088 a--sh--- c:\windows\system32\famatoge.dll
2009-07-13 04:16 1,011,513 a--sh--- c:\windows\system32\fodevuna.exe
2009-07-19 16:58 39,424 a--sh--- c:\windows\system32\fuzoyalu.dll
2009-07-21 04:59 90,112 a--sh--- c:\windows\system32\gapedalu.dll
2009-07-21 17:00 51,712 a--sh--- c:\windows\system32\gayorayu.dll
2009-07-17 04:56 89,088 a--sh--- c:\windows\system32\hafasego.dll
2009-07-17 04:56 38,400 a--sh--- c:\windows\system32\hazobumi.dll
2009-07-11 16:14 1,011,296 a--sh--- c:\windows\system32\hekuyilo.exe
2009-07-17 16:57 1,113,590 a--sh--- c:\windows\system32\hobavana.exe
2009-07-21 16:59 1,011,374 a--sh--- c:\windows\system32\huyewipu.exe
2009-07-16 16:56 38,400 a--sh--- c:\windows\system32\jadikure.dll
2009-07-12 16:15 1,011,386 a--sh--- c:\windows\system32\jeleguja.exe
2009-07-18 04:57 38,400 a--sh--- c:\windows\system32\jiwonuti.dll
2007-08-09 08:56 1,743,372 ---sh--- c:\windows\system32\jjkkj.bak1
2007-08-10 18:06 1,695,180 ---sh--- c:\windows\system32\jjkkj.bak2
2007-08-10 18:08 1,686,670 ---sh--- c:\windows\system32\jjkkj.ini2
2009-07-14 04:16 1,011,572 a--sh--- c:\windows\system32\jofagowo.exe
2009-07-15 16:56 1,112,656 a--sh--- c:\windows\system32\kanolalo.exe
2009-07-17 16:57 89,088 a--sh--- c:\windows\system32\kavewuga.dll
2009-07-12 04:15 1,011,268 a--sh--- c:\windows\system32\kediranu.exe
2009-07-19 16:58 89,600 a--sh--- c:\windows\system32\kegikube.dll
2005-09-12 06:12 848 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-07-16 04:56 1,111,915 a--sh--- c:\windows\system32\kipaguho.exe
2009-07-14 16:16 1,112,864 a--sh--- c:\windows\system32\kovuzuwa.exe
2009-07-20 16:58 1,011,676 a--sh--- c:\windows\system32\labefala.exe
2009-07-10 04:14 1,011,343 a--sh--- c:\windows\system32\logiyiwe.exe
2009-07-19 04:58 38,400 a--sh--- c:\windows\system32\loyuvejo.dll
2009-07-20 04:58 39,424 a--sh--- c:\windows\system32\masoyumu.dll
2009-07-16 16:56 1,111,915 a--sh--- c:\windows\system32\milokira.exe
2009-07-22 04:59 1,011,141 a--sh--- c:\windows\system32\mohuboza.exe
2009-07-21 04:59 1,011,240 a--sh--- c:\windows\system32\monifave.exe
2009-07-17 16:57 38,400 a--sh--- c:\windows\system32\nonebaku.dll
2008-08-01 22:16 876,710 a--sh--- c:\windows\system32\NoqYJRqr.ini2
2009-07-18 04:57 1,112,684 a--sh--- c:\windows\system32\nosifeya.exe
2009-07-22 04:59 90,112 a--sh--- c:\windows\system32\nowowise.dll
2009-07-21 16:59 51,712 a--sh--- c:\windows\system32\nuteyozo.dll
2009-07-18 16:58 38,400 a--sh--- c:\windows\system32\perofile.dll
2009-07-20 16:58 38,400 a--sh--- c:\windows\system32\rewuvura.dll
2009-07-15 16:56 38,912 a--sh--- c:\windows\system32\ropofotu.dll
2009-07-10 16:14 1,011,609 a--sh--- c:\windows\system32\rumapabo.exe
2009-07-17 04:56 1,114,430 a--sh--- c:\windows\system32\ruyikewu.exe
2009-07-21 16:59 38,912 a--sh--- c:\windows\system32\sawazoti.dll
2009-07-22 16:59 1,011,707 a--sh--- c:\windows\system32\sinehotu.exe
2009-07-21 17:00 51,712 a--sh--- c:\windows\system32\tadepabe.dll
2009-07-16 04:56 38,912 a--sh--- c:\windows\system32\toloyozu.dll
2009-07-11 04:14 1,011,121 a--sh--- c:\windows\system32\tozifodo.exe
2009-07-14 16:16 52,224 a--sh--- c:\windows\system32\vabehabu.dll
2009-07-13 16:16 1,011,606 a--sh--- c:\windows\system32\vafazatu.exe
2009-07-16 16:56 89,088 a--sh--- c:\windows\system32\vorosuka.dll
2009-07-19 16:58 1,011,607 a--sh--- c:\windows\system32\vuvimama.exe
2009-07-20 04:58 1,011,210 a--sh--- c:\windows\system32\wilelazi.exe
2009-07-21 17:00 51,712 a--sh--- c:\windows\system32\yiralujo.dll
2009-07-21 04:59 38,400 a--sh--- c:\windows\system32\yuhodose.dll
2009-07-20 16:58 90,112 a--sh--- c:\windows\system32\yujolisa.dll
2009-07-20 04:58 89,600 a--sh--- c:\windows\system32\yurolevi.dll
2009-07-09 04:13 1,011,003 a--sh--- c:\windows\system32\ziratuvi.exe
2009-07-19 04:58 1,011,315 a--sh--- c:\windows\system32\zomiduvi.exe
2009-07-22 04:59 38,400 a--sh--- c:\windows\system32\zusudupe.dll

============= FINISH: 21:51:15.20 ===============

Attached Files

BC AdBot (Login to Remove)


#2 schrauber



  • Malware Response Team
  • 24,794 posts
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:05 PM

Posted 31 October 2009 - 11:20 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber



  • Malware Response Team
  • 24,794 posts
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:05 PM

Posted 05 November 2009 - 12:23 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users