Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!!! I believe I'm infected with Virtumonde


  • This topic is locked This topic is locked
2 replies to this topic

#1 lperk

lperk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 16 February 2010 - 12:33 PM

I recently ran a scan from spybot and received information that I have Virtumonde and in various forms. I do not believe that it is gone because a background screen attached itself to my computer stating in big letter You have a virus. Then it asked me to click on a site to run their virus scanner. I did not do it as I have heard that the virus scanner and that message runs together. There for I used the methods from "Bleepingcomputer" and I have this DDS.TXT. Hopefully their is someone that can assist me further! thumbup.gif


DDS (Ver_09-12-01.01) - NTFSx86
Run by lperkinson at 12:01:54.61 on Tue 02/16/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.198 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe
C:\WINDOWS\system32\basfipm.exe
C:\hostondemand\bin\AutoServ.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lperkinson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit=userinit.exe,
BHO: {49848d4b-56f3-4d90-b5d5-1e3efc99e507} - c:\windows\system32\mizuyoha.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: c:\windows\system32\had732ufn8.dll: {a6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\had732ufn8.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\lperki~1\locals~1\temp\tempor~1\content.ie5\i4wvxivh.sh! c:\docume~1\lperki~1\locals~1\temp\tempor~1\content.ie5\7kjbag36.sh! c:\docume~1\lperki~1\locals~1\temp\tempor~1\content.ie5\7gx8hqmd.sh! c:\docume~1\lperki~1\locals~1\temp\tempor~1\content.ie5\29g1hgie.sh! c:\docume~1\lperki~1\locals~1\temp\tempor~1\content.sh! c:\docume~1\lperki~1\locals~1\temp\tempor~1.sh! c:\docume~1\lperki~1\locals~1\temp\tempor~1.sh!\content.sh!\7kjbag36.sh! c:\docume~1\lperki~1\locals~1\temp\tempor~1.sh!\content.sh! c:\docume~1\lperki~1\locals~1\temp\WERD2A~1.SH!
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [smss32.exe] c:\windows\system32\smss32.exe
uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [tudulinoji] Rundll32.exe "c:\windows\system32\suwidusu.dll",s
mRun: [remojikig] Rundll32.exe "c:\windows\system32\gulitewe.dll",a
dRun: [A00FE24AA.exe] c:\windows\temp\_A00FE24AA.exe
StartupFolder: c:\docume~1\lperki~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\helper32.dll
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205348246166
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\sefoseyo.dll c:\windows\system32\suwidusu.dll c:\windows\system32\razadupe.dll c:\windows\system32\gulitewe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: pijesipam - {eb8606ce-3c60-43a7-b81c-7133dcb6e636} - c:\windows\system32\melezibu.dll
SSODL: gepowesif - {4b5bd4b0-314f-41b9-839e-835e33af6658} - c:\windows\system32\melezibu.dll
SSODL: yozamodim - {457666c0-b3bc-4a6c-9a08-8ff23cf5fe82} - c:\windows\system32\melezibu.dll
SSODL: woketozow - {98d41f87-f0e1-436b-9f30-6ac5fc70fd8f} - c:\windows\system32\razadupe.dll
SSODL: pusabukew - {c9279b29-e6c5-4dcd-88ab-351bafbfb24b} - c:\windows\system32\gulitewe.dll
STS: c:\windows\system32\had732ufn8.dll: {a6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\had732ufn8.dll
STS: gahurihor: {eb8606ce-3c60-43a7-b81c-7133dcb6e636} - c:\windows\system32\melezibu.dll
STS: mujuzedij: {4b5bd4b0-314f-41b9-839e-835e33af6658} - c:\windows\system32\melezibu.dll
STS: jugezatag: {457666c0-b3bc-4a6c-9a08-8ff23cf5fe82} - c:\windows\system32\melezibu.dll
STS: jugezatag: {98d41f87-f0e1-436b-9f30-6ac5fc70fd8f} - c:\windows\system32\razadupe.dll
STS: kupuhivus: {c9279b29-e6c5-4dcd-88ab-351bafbfb24b} - c:\windows\system32\gulitewe.dll
LSA: Notification Packages = scecli c:\windows\system32\suwidusu.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-19 214664]
R2 IBMServiceManager;Host On-Demand Service Manager;c:\hostondemand\bin\AutoServ.exe [2005-10-27 39424]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-19 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-19 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-19 144704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2005-10-27 1076368]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-10-4 80384]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-19 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-19 40552]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2005-12-15 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2005-12-15 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2005-12-15 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2005-12-15 10368]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-19 34248]
S4 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]

=============== Created Last 30 ================

2010-02-16 16:53:57 0 ---ha-w- c:\windows\system32\BIT5C.tmp
2010-02-16 16:53:55 0 ---ha-w- c:\windows\system32\BIT5B.tmp
2010-02-16 16:50:08 0 ----a-w- c:\documents and settings\lperkinson\defogger_reenable
2010-02-14 13:20:59 2713 --sh--w- c:\windows\system32\yavamilu.exe
2010-02-13 19:18:45 2713 --sh--w- c:\windows\system32\zekolitu.exe
2010-02-13 01:16:33 2713 --sh--w- c:\windows\system32\lulivapa.exe
2010-02-12 07:14:39 2713 --sh--w- c:\windows\system32\wipekoka.exe
2010-02-11 13:13:15 2713 --sh--w- c:\windows\system32\gagajovu.exe
2010-02-11 02:12:25 0 ----a-w- c:\windows\system32\18467.exe
2010-02-11 01:52:23 0 ----a-w- c:\windows\system32\41.exe
2010-02-11 01:51:55 26112 ----a-w- c:\windows\system32\helper32.dll
2010-02-11 01:51:28 3310 ----a-w- c:\windows\system32\warning.html
2010-02-11 01:50:54 38400 ----a-w- c:\windows\system32\winlogon32.exe
2010-02-10 19:12:32 2713 --sh--w- c:\windows\system32\vozoyimi.dll
2010-02-10 19:12:22 2713 --sh--w- c:\windows\system32\nodedeje.dll
2010-02-09 23:18:25 0 d-----w- c:\program files\PerformanceTest
2010-02-06 00:21:31 0 d-----w- c:\docume~1\lperki~1\applic~1\MSNInstaller

==================== Find3M ====================

2010-02-10 04:01:46 90624 --sha-w- c:\windows\system32\gulitewe.dll
2010-02-09 23:15:27 51720 --sha-w- c:\windows\system32\nasikaje.exe
2010-02-05 19:34:52 51720 --sha-w- c:\windows\system32\zahuzihi.exe
2010-02-01 19:00:23 51720 --sha-w- c:\windows\system32\sidetiba.exe
2009-05-21 07:13:03 2713 --sh--w- c:\windows\system32\fimijole.exe
2009-09-01 18:57:16 3 --sha-w- c:\windows\system32\pagifali.dll
2009-09-01 18:57:16 3 --sha-w- c:\windows\system32\tayufazu.dll
2009-05-19 09:54:16 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051120090518\index.dat
2009-06-03 20:37:27 65536 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090525\index.dat
2009-06-03 20:37:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060320090604\index.dat
2009-06-03 20:22:19 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-06-03 20:22:19 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-06-03 20:22:19 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 12:03:14.17 ===============

Also I have another text titled ATTACH and it reads


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/19/2005 1:38:07 PM
System Uptime: 2/16/2010 10:51:41 AM (2 hours ago)

Motherboard: Dell Inc. | | 0D4571
Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1728/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 17.666 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP333: 3/11/2009 1:24:35 PM - System Checkpoint
RP334: 3/12/2009 9:27:36 AM - Software Distribution Service 3.0
RP335: 3/13/2009 10:45:46 AM - System Checkpoint
RP336: 3/14/2009 11:33:32 AM - System Checkpoint
RP337: 3/15/2009 1:12:03 PM - System Checkpoint
RP338: 3/16/2009 8:30:12 PM - System Checkpoint
RP339: 3/16/2009 11:17:04 PM - Installed Windows Media Player 11
RP340: 3/16/2009 11:19:18 PM - Installed Windows XP MSCompPackV1.
RP341: 3/16/2009 11:20:42 PM - Installed Windows XP KB926239.
RP342: 3/18/2009 11:23:45 PM - System Checkpoint
RP343: 3/19/2009 4:22:08 AM - Software Distribution Service 3.0
RP344: 3/21/2009 12:47:46 PM - Software Distribution Service 3.0
RP345: 3/22/2009 1:42:07 PM - System Checkpoint
RP346: 3/23/2009 2:47:03 PM - System Checkpoint
RP347: 3/24/2009 12:08:05 PM - Installed 3sixty Freight Match Prerequisites
RP348: 3/25/2009 3:46:39 PM - System Checkpoint
RP349: 3/26/2009 4:20:42 PM - System Checkpoint
RP350: 3/27/2009 6:43:21 PM - System Checkpoint
RP351: 3/28/2009 7:21:26 PM - System Checkpoint
RP352: 3/29/2009 8:48:58 PM - System Checkpoint
RP353: 3/30/2009 10:01:53 PM - System Checkpoint
RP354: 3/31/2009 11:10:51 PM - System Checkpoint
RP355: 4/2/2009 8:19:46 AM - System Checkpoint
RP356: 4/3/2009 9:38:21 AM - System Checkpoint
RP357: 4/4/2009 2:14:41 PM - System Checkpoint
RP358: 4/5/2009 6:51:18 PM - System Checkpoint
RP359: 4/6/2009 9:54:05 PM - System Checkpoint
RP360: 4/7/2009 10:08:27 PM - System Checkpoint
RP361: 4/8/2009 10:22:37 PM - System Checkpoint
RP362: 4/9/2009 11:35:57 PM - System Checkpoint
RP363: 4/12/2009 12:21:26 PM - System Checkpoint
RP364: 4/13/2009 1:57:16 PM - System Checkpoint
RP365: 4/15/2009 4:47:47 PM - System Checkpoint
RP366: 4/16/2009 6:35:37 PM - System Checkpoint
RP367: 4/17/2009 3:00:46 AM - Software Distribution Service 3.0
RP368: 4/18/2009 3:04:06 PM - System Checkpoint
RP369: 4/19/2009 3:02:24 PM - Installed Windows Installer KB893803v2.
RP370: 4/19/2009 3:03:12 PM - Installed MSXML 4.0 SP2 Parser and SDK
RP371: 4/19/2009 3:41:38 PM - Unsigned driver install
RP372: 4/20/2009 3:59:33 PM - System Checkpoint
RP373: 4/22/2009 12:01:07 AM - System Checkpoint
RP374: 4/22/2009 3:00:26 AM - Software Distribution Service 3.0
RP375: 4/23/2009 4:25:25 AM - System Checkpoint
RP376: 4/24/2009 5:24:04 AM - System Checkpoint
RP377: 4/25/2009 7:24:08 AM - System Checkpoint
RP378: 4/26/2009 8:50:10 AM - System Checkpoint
RP379: 4/27/2009 10:51:16 AM - System Checkpoint
RP380: 4/28/2009 12:55:44 PM - System Checkpoint
RP381: 4/29/2009 2:11:08 PM - System Checkpoint
RP382: 4/30/2009 2:54:27 PM - System Checkpoint
RP383: 5/1/2009 5:41:13 PM - Installed Windows XP WgaNotify.
RP384: 5/2/2009 6:04:08 PM - System Checkpoint
RP385: 5/6/2009 12:49:53 AM - System Checkpoint
RP386: 5/7/2009 1:53:18 AM - System Checkpoint
RP387: 5/7/2009 3:00:25 AM - Software Distribution Service 3.0
RP388: 5/9/2009 6:29:47 PM - System Checkpoint
RP389: 5/10/2009 6:46:30 PM - System Checkpoint
RP390: 5/12/2009 1:33:34 AM - System Checkpoint
RP391: 5/13/2009 10:35:01 AM - System Checkpoint
RP392: 5/14/2009 1:37:34 PM - Software Distribution Service 3.0
RP393: 5/15/2009 3:24:13 PM - System Checkpoint
RP394: 5/18/2009 9:05:25 PM - System Checkpoint

==== Installed Programs ======================

ACT!
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
ALPS Touch Pad Driver
AT&T Global Network Client
BlackBerry Desktop Software 4.2.2
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Check Point SecuRemote 4.1 SP-5
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo Printer 720
Dell Wireless WLAN Card
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
IBM Host On-Demand 7.0 Client
Intel® Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java™ 6 Update 2
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Math Trek - Algebra 1
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Outlook 2003
Microsoft Office XP Small Business
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NetWaiting
Norton PC Checkup
Octoshape add-in for Adobe Flash Player
PerformanceTest v4.0
PowerDVD 5.1
RealPlayer
Roxio Media Manager
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Spybot - Search & Destroy
TomTom HOME 2.6.2.1586
TomTom HOME Visual Studio Merge Modules
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
US History 1.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

2/9/2010 9:55:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/9/2010 8:25:01 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A42F495C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2/9/2010 6:15:21 PM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/9/2010 6:15:21 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2010 6:14:12 PM, error: FW1 [1] - FW1: Wrapper handle initialized to 82135d10
2/9/2010 4:48:03 PM, error: FW1 [1] - FW1: Wrapper handle initialized to 82158730
2/9/2010 11:05:14 PM, error: FW1 [1] - FW1: Wrapper handle initialized to 82109950
2/9/2010 10:20:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
2/9/2010 10:20:49 PM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/9/2010 10:18:53 PM, error: System Error [1003] - Error code 100000d1, parameter1 e2229000, parameter2 00000002, parameter3 00000000, parameter4 aa4eecf1.
2/9/2010 10:17:48 PM, error: FW1 [1] - FW1: Wrapper handle initialized to 82105978
2/9/2010 10:11:59 PM, error: System Error [1003] - Error code 100000d1, parameter1 e2220000, parameter2 00000002, parameter3 00000000, parameter4 aa4c6cf1.
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: Wrapper handle initialized to 821c7780
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: FwMiniportInitialize: (WAN Miniport (IP) - SecuR-->
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: FwMiniportInitialize: (Dell Wireless 1370 WLAN M-->
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: FwMiniportInitialize: (Broadcom NetXtreme 57xx G-->
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: FW1: Running on Build 2600 is not supported!
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: FW1: Build 2195 is required!
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: -->ini-PCI Card - SecuRemote Miniport)
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: -->igabit Controller - SecuRemote Miniport)
2/9/2010 10:08:04 PM, error: FW1 [1] - FW1: -->emote Miniport)
2/9/2010 10:04:24 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ALVANMOTOR due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
2/9/2010 10:04:16 PM, error: FW1 [1] - FW1: Wrapper handle initialized to 8219ecf8
2/16/2010 10:51:41 AM, error: FW1 [1] - FW1: Wrapper handle initialized to 82119a40
2/12/2010 10:23:22 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
2/10/2010 9:24:31 PM, error: FW1 [1] - FW1: Wrapper handle initialized to 82125428
2/10/2010 10:43:54 AM, error: FW1 [1] - FW1: Wrapper handle initialized to 82127d10

==== End Of File ===========================




BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:06 AM

Posted 17 February 2010 - 07:50 AM

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In case Malwarebytes won't install/run, then Please try this version of malwarebytes: Click the link here
Save it on your desktop. You'll see it will have a random name, and will look similar like this:
Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.
In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.
In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).
After reboot, post the malwarebytes log together with a new HijackThislog.

In case you're having problems with above instructions, let me know.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:06 AM

Posted 10 March 2010 - 11:30 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users