PDA

View Full Version : virtumonde.dll etc problems



ellisond
2010-02-20, 07:02
I am having problems with virtumonde.dll etc on my Dell XP desktop, so I ran Avira AntiVir but it keeps locking up. I also tried spybot S&D but it doesn't seem to get rid of it.
I downloaded that dds.scr script and ran it. Where do I put the resulting files?
Thx

Also, MS IE keeps "failing" even though we never use it.
A window pops up that says "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience."
We never use IE. We always use Firefox.
DDS.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Dell Ellisond at 22:38:15.87 on Fri 02/19/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.38 [GMT -6:00]

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820235E4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E116DC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EADDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F233FC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F7C324-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8206AB84-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81ED2A34-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FC3304-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EDA49C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81C74054-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E6CD8C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81D72DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F99DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81F597F4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FA3754-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FBB484-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81FDD40C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82057D24-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8202A524-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E565E4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8201182C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F31BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5A754-FFA4-0100-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E807E4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E4C4B4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82080DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDC47C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FEA8EC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FA3DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FF6A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DA2B64-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82044374-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82035C64-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8227BB9C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81FF248C-FFA4-00EF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8201FA84-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81C72054-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200BA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F528C4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8201933C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F58DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FC44F4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F19B64-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820F8C9C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8203B7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82070DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204F964-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E8956C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82091894-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F373D4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EE4DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81CD9874-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209729C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204FC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820D257C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820DDD4C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FAA514-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {815C1054-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207690C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DE5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FB65EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EFE3D4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F7653C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F92594-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F3BCD4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821633F4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81D1789C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81FF3B2C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207337C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EDE48C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F8845C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820043FC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822B4C24-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F10874-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F9CC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81F0B3FC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820EA4C4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820392EC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EF77A4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820CDC24-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FD5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DE8A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F85C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F57A34-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E7D77C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82005DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8203D424-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FD3A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E2D7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E9E914-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FBA49C-FFA4-00DE-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Dell Ellisond\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Page_URL = hxxp://www.dell.com
mSearch Page = about:blank
mStart Page = hxxp://www.comcast.net/
mSearch Bar = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: {B73CFB38-A540-4D60-A6A5-4426115AA950} - No File
BHO: {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - No File
BHO: {CC378B83-9577-44D0-B4F8-0DD965E176FC} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - No File
TB: {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dell ellisond\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [Windows Services Hosts] svhosts.exe
uRunServices: [Windows Services Hosts] svhosts.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [LVComs] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [hpppta] c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hpppta.exe /ICON
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AP Sharing Switch] c:\program files\iogear auto printer sharing switch\AutoPrt.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [huroserev] Rundll32.exe "c:\windows\system32\vofiposa.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: &Search
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxp://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.18.18/ttinst.cab
DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} - hxxps://carelink.minimed.com/plugin/jinstall-1_4_1_04-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://xlonhcld.xlontech.net/100348/qmpbeta/qsp2ie05111501.cab
DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\jabohatu.dll pufidihu.dll c:\windows\system32\tadezuzu.dll c:\windows\system32\vofiposa.dll c:\windows\system32\mebokero.dll c:\windows\system32\mitihuho.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: jifodevoz - {b544396f-3783-4676-a584-eeef8ac788b5} - c:\windows\system32\vofiposa.dll
STS: gahurihor: {b544396f-3783-4676-a584-eeef8ac788b5} - c:\windows\system32\vofiposa.dll
LSA: Notification Packages = scecli kozotifa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dellel~1\applic~1\mozilla\firefox\profiles\nw1r8yyd.slt\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://secure.lds.org/units/login/0,8029,779-1,00.html
FF - plugin: c:\documents and settings\dell ellisond\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\dell ellisond\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dell ellisond\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcdt.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2005-7-17 16855]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-1 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-1 56816]
R2 IOPort;IOPort;c:\windows\system32\IOPORT.SYS [2007-8-28 6144]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-8-11 30208]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2005-7-17 21808]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2008-4-14 472644]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [2005-9-13 17408]
S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-8-11 224768]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050518.008\NAVENG.sys [2005-5-20 73760]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050518.008\NAVEX15.sys [2005-5-20 632000]
S3 ndsdatamax;ndsdatamax;c:\windows\system32\drivers\ndsdatamax.sys [2008-5-9 29184]

=============== Created Last 30 ================

2010-01-29 22:25:55 0 d-----w- c:\program files\common files\DFX
2010-01-24 00:44:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-01-24 00:44:37 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-01-23 21:44:21 0 d-----w- c:\windows\system32\Adobe

==================== Find3M ====================

2010-02-18 10:42:00 50948 ----a-w- c:\docume~1\dellel~1\applic~1\wklnhst.dat
2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
1601-01-01 00:03:28 96256 --sha-w- c:\windows\system32\gavedewu.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\gemewoda.dll
1601-01-01 00:03:52 56832 --sha-w- c:\windows\system32\kozotifa.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\lejorude.dll
1601-01-01 00:03:28 56832 --sha-w- c:\windows\system32\lutirada.dll
1601-01-01 00:03:28 100864 --sha-w- c:\windows\system32\mebokero.dll
1601-01-01 00:03:28 43520 --sha-w- c:\windows\system32\meyeyihi.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\mutupapo.dll
1601-01-01 00:03:28 43520 --sha-w- c:\windows\system32\nunupofa.dll
2005-05-20 17:45:38 475 --sh--w- c:\windows\system32\pbfwgmer.dll
1601-01-01 00:03:52 56832 --sha-w- c:\windows\system32\pufidihu.dll
1601-01-01 00:03:28 43008 --sha-w- c:\windows\system32\ruvoziyi.dll
1601-01-01 00:03:28 53760 --sha-w- c:\windows\system32\segipusa.dll
1601-01-01 00:03:52 56832 --sha-w- c:\windows\system32\sinuvili.dll
1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\somorali.dll
1601-01-01 00:03:28 47616 --sha-w- c:\windows\system32\suzezufu.dll
1601-01-01 00:03:28 93696 --sha-w- c:\windows\system32\valahedo.dll
1601-01-01 00:03:28 96256 --sha-w- c:\windows\system32\vofiposa.dll
1601-01-01 00:03:28 93696 --sha-w- c:\windows\system32\wawupobe.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\welojehi.dll
1601-01-01 00:03:28 47616 --sha-w- c:\windows\system32\wiyirive.dll
2008-09-23 18:10:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat
2009-10-12 02:41:54 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-10-12 02:41:54 65536 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 22:52:20.68 ===============

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

ken545
2010-02-26, 02:58
Hello

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Please reply to this thread only and do not start any new topics.


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

ken545
2010-03-02, 03:10
Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.