Virtumonde help

[calvinws]

Here is the log file from Hijack this.

Any help will be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:12 PM, on 10/29/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Google\GOOGLE~2\121128~1.546\GOOGLE~1.EXE
C:\PROGRA~1\INPROC~1\IPN2120\wlan_ui.exe
C:\PROGRA~1\Google\GOOGLE~2\121128~1.546\GOOGLE~1 .EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HIJACK~1.EXE

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\System32\ddcyw.exe
O2 - BHO: (no name) - {4113B70C-4895-406C-8216-5A67DB53EA66} - C:\WINDOWS\System32\ddcyw.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\iifcaby.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {C4FD1584-830D-40B1-A38C-FBDE1C8A8B51} - C:\WINDOWS\System32\browse.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F2F1F7F5FCF5FDF] CDCCD2D0D7D0D.exe
O4 - HKLM\..\Run: [edkrqpgf] rundll32.exe "C:\DOCUME~1\Tatum\LOCALS~1\Temp\qhcnedsbedc.drv" WLEntryPoint
O4 - HKLM\..\Run: [jgmbhqg] rundll32.exe "C:\DOCUME~1\Tatum\LOCALS~1\Temp\qhcnedsbedc.drv" WLEntryPoint
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\PROGRA~1\SPYBOT~1\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2651] command /c del "C:\WINDOWS\system32\ddcyw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4331] cmd /c del "C:\WINDOWS\system32\ddcyw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6119] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1291] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YA7812~1 .EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7709] command /c del "C:\WINDOWS\system32\ddcyw.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7150] cmd /c del "C:\WINDOWS\system32\ddcyw.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5098] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5866] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\Policies\Explorer\Run: [kbmhcnip] rundll32.exe "C:\WINDOWS\System32\pcbqdofid.nls" WLEntryPoint
O4 - Global Startup: IPN2120 WLAN Configuration Utility.lnk = C:\Program Files\InProComm\IPN2120\wlan_ui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\atkrmdgj.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\atkrmdgj.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1201297945756
O20 - AppInit_DLLs: C:\WINDOWS\System32\cru629.dat
O20 - Winlogon Notify: iifcaby - C:\WINDOWS\SYSTEM32\iifcaby.dll
O20 - Winlogon Notify: knapcfal - C:\WINDOWS\SYSTEM32\knapcfal.dll
O21 - SSODL: YWqaBGeRKA - {ECEFF1A0-4645-5B0A-7077-7540C00DFBA2} - C:\WINDOWS\system32\qvp.dll
O21 - SSODL: zip - {14fbce91-767c-4584-919f-a0f95fc8fa61} - C:\WINDOWS\Installer\{14fbce91-767c-4584-919f-a0f95fc8fa61}\zip.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\prohdywuewuev.html

--
End of file - 6602 bytes

[Blade81]

Hi

Please read here how to install service pack 1a. Post a fresh hjt log after sp1a is installed.

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.