Free Malware Removal Forum

[sunovAgeek]

Peace N Paradise!, My pc is currently infected with TrojanVundo.h, Virtumonde, & another Ad-Aware 2007 keeps finding called Unclassified.Unknown origin. I have used the following so-called utilities 2 eliminate the problem - Glary reg repair, Malwarebytes Anti Malware, Registry Mechanic Spybot Search & Destroy, SUPERAntiSpyware, Sysinpector, Trojan Killer, Windows Defender, & VundoFix in normal & safemode to no avail. When i reboot, Guess what? Yeah! its still active & present. I use ESET Nod32 Antivirus. Does anyone have a solution to my infection? Here is a DDS log. Thanks 4 ur time N energy...



DDS (Ver_09-01-19.01) - NTFSx86
Run by User at 10:28:38.23 on Sat 01/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1470 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Snaptune Inc\Snaptune One\SnapRec.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Snaptune Inc\Snaptune One\SnapTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XM4P7OL8\dds[1].scr

============== Pseudo HJT Report ===============

mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
BHO: {6fdf0673-47a4-4336-810e-3629ce5f3b57}: {75b3f5ec-9263-e018-6334-4a743760fdf6}
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A35DB5FD-82EF-460F-B0B0-BDB4722B6F7F} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [nwiz] nwiz.exe /install
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware 2007\Ad-Watch2007.exe
mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BarbieGirlsTray] c:\program files\mattel\barbie girls\Mattel.BarbieGirls.Tray.exe
mRun: [<NO NAME>]
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\user\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\program files\wireless device\wireless keyboard\Magickey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~2.lnk - c:\program files\wireless device\wireless mouse\MouseAp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snaptu~1.lnk - c:\program files\snaptune inc\snaptune one\SnapTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: wbsys.dll zczbtl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\lwocxonx.default\
FF - prefs.js: browser.startup.homepage - hxxp://hamptonroads.cox.net/cci/home
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: XUL Cache: {5987FF76-946F-41BF-ADE1-9D87A3B9B448} - c:\windows\system32\config\systemprofile\local settings\application data\{5987ff76-946f-41bf-ade1-9d87a3b9b448}\

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-12-7 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-12-7 52736]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-11 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-11 394952]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2008-2-19 472644]
R4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R4 Snaptune Recording Service;Snaptune Recording Service;c:\program files\snaptune inc\snaptune one\SnapRec.exe [2007-10-12 573440]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-8-7 9344]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-01-19 11:37 24,576 a------- c:\windows\system32\VundoFixSVC.exe
2009-01-19 11:25 <DIR> --d----- C:\VundoFix Backups
2009-01-13 17:55 <DIR> --d----- c:\program files\CyberPower PowerPanel Personal Edition
2009-01-13 17:54 <DIR> --d----- c:\program files\common files\Zero G Software
2009-01-13 17:52 10,240 ac------ c:\windows\system32\dllcache\compbatt.sys
2009-01-13 17:52 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-01-13 17:52 20,352 ac------ c:\windows\system32\dllcache\hidbatt.sys
2009-01-13 17:52 20,352 a------- c:\windows\system32\drivers\hidbatt.sys
2009-01-13 17:52 14,208 ac------ c:\windows\system32\dllcache\battc.sys
2009-01-13 17:52 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-01-11 08:02 0 a------- c:\windows\system32\drivers\senekawbmqdngc.sys
2009-01-10 23:53 <DIR> --d----- c:\program files\Trojan Killer
2009-01-10 21:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-10 21:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-10 21:42 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-01-07 11:27 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-12-25 14:07 <DIR> --d----- c:\docume~1\user\applic~1\Mattel
2008-12-25 14:06 <DIR> --d----- c:\program files\Mattel

==================== Find3M ====================

2009-01-24 10:28 230,545,440 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-24 05:40 2,704,484 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-08-23 06:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 10:29:40.48 ===============

[chryssi2001]

Hello sunovAgeek,

I apologise for the delay, the forum is busy.

I will be assisting you with your malware issues.

• Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
• Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
• Please bookmark or favourite this page. In case you need it as reference or etc.
• If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.

----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

• Doubleclick HJTInstall.exe to install it.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[NonSuch]

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.