Thread: Virtumonde, etc. - pls help
View Single Post
Old 12-04-2008, 07:52 PM   #1 (permalink)
borik7
Registered User
 
Join Date: Sep 2007
Posts: 8
OS: xp


Virtumonde, etc. - pls help
Ran SpyBot and McAfee. SpyBot still finds:
Microsoft.WindowsSecurityCenter.FirewallBypass
Virtumonde
Virtumonde.prx

Symptoms:
Msconfig - startup: can't terminate a 'supilime' service - access denied.
Taskmgr does not work - if clicked on taskmgr.exe - message 'not found'.
The machine is a bit slow.
Appreciate the help.

DDS.txt:

DDS (Version 1.0) - NTFSx86
Run by Owner at 20:37:46.85 on Thu 12/04/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.882 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = https://wmusremote.ubs.com/Citrix/Me...uth/login.aspx
BHO: {37211d51-b7fb-4c33-9570-0f32563b5947} - c:\windows\system32\falukovo.dll
BHO: {421B0608-9183-8757-D91D-77F3D214EEED} - c:\windows\system32\iobhmxdatlther.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {ECD3EFDF-7EC0-46C3-850C-D9E9A03ED4C4} - c:\windows\system32\fccdefgf.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [davijawozu] Rundll32.exe "c:\windows\system32\supilime.dll",s
mRun: [CPMb759a5ea] Rundll32.exe "c:\windows\system32\feyimupa.dll",a
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-system: DisableTaskMgr = 0 (0x0)
IE: E&xport to Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {85F9F13A-8885-4FEC-B2F6-05358A6058E8} = 207.69.188.172,207.69.188.171
Notify: igfxcui - igfxdev.dll
Notify: nnnmnlKd - nnnmnlKd.dll
AppInit_DLLs: c:\windows\system32\jelukahu.dll c:\windows\system32\feyimupa.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\feyimupa.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\feyimupa.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccdefgf
LSA: Notification Packages = scecli c:\windows\system32\pejolido.dll c:\windows\system32\jelukahu.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-13 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-13 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-13 144704]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-13 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-13 40488]
R3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\drivers\Capt931a.sys [2008-10-30 530432]
S1 8adc79fa;8adc79fa;c:\windows\system32\drivers\8adc79fa.sys []
S1 atinpdxxx;atinpdxxx;c:\windows\system32\drivers\atinpdxxx.sys []
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-13 33832]

=============== Created Last 30 ================

2008-12-04 17:57 1,995 ---sh--- c:\windows\system32\zeriweno.exe
2008-12-01 17:58 250 a------- c:\windows\gmer.ini
2008-12-01 08:27 134,144 a------- c:\windows\system32\REGEDIT.EXE
2008-12-01 01:12 <DIR> --d----- c:\windows\pss
2008-12-01 01:02 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-01 01:02 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-01 01:02 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2008-12-01 01:02 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2008-12-01 01:02 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2008-12-01 01:01 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2008-12-01 01:01 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2008-12-01 01:01 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2008-12-01 01:01 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2008-12-01 01:01 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2008-12-01 01:01 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2008-12-01 01:01 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2008-12-01 01:01 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2008-12-01 01:01 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2008-12-01 00:59 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2008-12-01 00:58 7,040 ac------ c:\windows\system32\dllcache\tandqic.sys
2008-12-01 00:57 28,160 ac------ c:\windows\system32\dllcache\sm91w.dll
2008-12-01 00:56 65,664 ac------ c:\windows\system32\dllcache\s3legacy.sys
2008-12-01 00:55 17,792 ac------ c:\windows\system32\dllcache\ppa.sys
2008-12-01 00:54 61,696 ac------ c:\windows\system32\dllcache\ohci1394.sys
2008-12-01 00:53 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2008-12-01 00:52 58,880 ac------ c:\windows\system32\dllcache\m3092dc.dll
2008-12-01 00:51 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2008-12-01 00:50 106,496 ac------ c:\windows\system32\dllcache\OLD3A5.tmp
2008-12-01 00:49 73,279 ac------ c:\windows\system32\dllcache\hsf_spkp.sys
2008-12-01 00:48 441,728 ac------ c:\windows\system32\dllcache\fpcmbase.sys
2008-12-01 00:47 634,134 ac------ c:\windows\system32\dllcache\el656ct5.sys
2008-12-01 00:46 20,928 ac------ c:\windows\system32\dllcache\defpa.sys
2008-12-01 00:45 56,320 ac------ c:\windows\system32\dllcache\OLD185.tmp
2008-12-01 00:44 66,082 ac------ c:\windows\system32\dllcache\c_1144.nls
2008-12-01 00:43 23,552 ac------ c:\windows\system32\dllcache\atixbar.sys
2008-12-01 00:42 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2008-12-01 00:41 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2008-12-01 00:41 2,145,280 ac------ c:\windows\system32\dllcache\OLD1B.tmp
2008-12-01 00:30 33,832 a------- c:\windows\system32\azcruaso.exe
2008-12-01 00:30 33,832 a------- c:\windows\system32\hyzebryr.exe
2008-12-01 00:27 121 ---sh--- c:\windows\system32\wpknomud.ini
2008-12-01 00:22 <DIR> --d----- c:\program files\NCH Swift Sound
2008-11-30 18:52 <DIR> --d----- c:\program files\Sierra Online
2008-11-30 18:39 <DIR> --d----- c:\docume~1\owner\applic~1\DeepBurner Pro
2008-11-30 18:37 <DIR> --d----- c:\program files\Astonsoft
2008-11-30 16:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-30 16:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-30 15:59 143 a------- c:\windows\system32\mcrh.tmp
2008-11-30 15:59 32,768 a------- c:\windows\system32\mlJCtusq.dll
2008-11-30 15:59 32,768 a------- c:\windows\system32\ddcATlJC.dll
2008-11-30 15:52 32,768 a------- c:\windows\system32\urqPfGAr.dll
2008-11-30 15:52 32,768 a------- c:\windows\system32\iifecaYq.dll
2008-11-30 15:51 47,598 a------- c:\windows\system32\iitkjhnousmet.exe
2008-11-30 15:50 32,768 a------- c:\windows\system32\vtUkhfec.dll
2008-11-30 15:50 32,768 a------- c:\windows\system32\awtsSmjK.dll
2008-11-30 15:50 32,768 a------- c:\windows\system32\hgGaxyYQ.dll
2008-11-30 15:49 <DIR> --d----- c:\windows\system32\vi
2008-11-30 15:49 <DIR> --d----- c:\windows\system32\op8
2008-11-30 15:49 <DIR> --d----- c:\windows\system32\giv
2008-11-30 15:49 <DIR> --d----- c:\temp\DIV55
2008-11-30 15:49 <DIR> --d----- c:\windows\system32\IN
2008-11-30 15:49 <DIR> --d----- c:\windows\system32\gi3
2008-11-30 15:49 <DIR> --d----- c:\windows\system32\TEC
2008-11-30 15:49 32,768 a------- c:\windows\system32\hgGabYSj.dll
2008-11-30 15:49 905,354 a------- c:\temp\uVN23L.exe
2008-11-30 15:38 403 a------- c:\windows\iexplore.htm
2008-11-30 15:30 <DIR> --d----- c:\program files\Sierra On-Line
2008-11-30 15:18 151 a------- c:\windows\wininit.ini
2008-11-30 12:08 <DIR> --d----- C:\SIERRA
2008-11-30 12:07 418 a------- c:\windows\SIERRA.INI
2008-11-30 12:07 231 a------- c:\windows\system.bak
2008-11-30 12:07 314,880 a------- c:\windows\IsUninst.exe
2008-11-30 12:07 <DIR> --d----- c:\documents and settings\owner\WINDOWS
2008-11-30 11:26 176,324,608 a------- C:\Image.iso
2008-11-30 11:00 <DIR> --d----- c:\docume~1\owner\applic~1\InfraRecorder
2008-11-30 10:21 31,049 a------- c:\windows\system32\LSHPRN.EXE
2008-11-30 10:21 255 a------- c:\windows\system32\44upd.dll
2008-11-30 10:21 255 a------- c:\windows\system32\43upd.dll
2008-11-30 10:21 256 a------- c:\windows\system32\46upd.dll
2008-11-30 10:21 255 a------- c:\windows\system32\45upd.dll
2008-11-30 10:21 25 a------- c:\windows\sc32.dll
2008-11-30 00:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-29 12:58 <DIR> --d----- C:\Old
2008-11-29 12:55 <DIR> --d----- c:\program files\DOSBox-0.72
2008-11-21 08:29 <DIR> --d----- C:\iEntertainment Network
2008-11-20 19:41 160,640 a------- c:\windows\system32\drivers\a347bus.sys
2008-11-20 19:41 5,248 a------- c:\windows\system32\drivers\a347scsi.sys
2008-11-20 19:41 <DIR> --d----- c:\program files\Alcohol Soft
2008-11-18 19:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2008-11-18 19:11 <DIR> --d----- c:\docume~1\owner\applic~1\Babylon
2008-11-17 23:22 <DIR> --d----- c:\program files\FreeGamePick.com

==================== Find3M ====================

2008-12-03 20:20 85,557 a--sh--- c:\windows\system32\wonupago.dll
2008-12-03 20:20 64,565 a--sh--- c:\windows\system32\wewefove.dll
2008-12-01 20:23 86,580 a--sh--- c:\windows\system32\godobovo.dll
2008-12-01 20:23 65,076 a--sh--- c:\windows\system32\lapagoyi.dll
2008-12-01 00:43 33,832 a------- c:\windows\system32\upcrnhqy.exe
2008-11-30 12:17 <DIR> --d----- c:\program files\eMule
2008-11-29 14:57 <DIR> --d----- c:\docume~1\owner\applic~1\Vso
2008-11-29 14:37 <DIR> --d----- c:\docume~1\owner\applic~1\SolSuite
2008-11-08 01:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Swift Sound
2008-11-04 20:05 <DIR> --d----- c:\program files\DivX
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-16 17:40 <DIR> --d----- c:\program files\Quicken
2008-10-16 17:37 <DIR> --d----- c:\docume~1\owner\applic~1\Intuit
2008-10-16 17:37 <DIR> --d----- c:\program files\common files\Palo Alto Software
2008-10-16 17:37 <DIR> --d----- c:\program files\common files\Intuit
2008-10-16 17:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2008-10-14 07:04 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-10-13 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2008-10-13 17:35 <DIR> --d----- c:\program files\ffdshow
2008-10-13 17:35 <DIR> --d----- c:\program files\AC3Filter
2008-10-13 17:33 <DIR> --d----- c:\program files\Xvid
2008-10-13 17:23 <DIR> --d----- c:\docume~1\owner\applic~1\ICAClient
2008-10-13 17:22 <DIR> --d----- c:\program files\Citrix
2008-10-13 17:14 <DIR> --d----- c:\program files\Messenger
2008-10-13 17:12 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-13 17:09 <DIR> --d----- c:\program files\VSO
2008-10-13 17:07 <DIR> --d----- c:\program files\WinZip Self-Extractor
2008-10-13 17:06 <DIR> --d----- c:\program files\Windows NT
2008-10-13 17:01 <DIR> --d----- c:\program files\SolSuite
2008-10-13 06:38 <DIR> --d----- c:\program files\McAfee
2008-10-13 06:24 <DIR> --d----- c:\program files\Online Services
2008-10-13 06:02 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-10-13 04:31 <DIR> --d----- c:\program files\common files\McAfee
2008-10-13 04:31 <DIR> --d----- c:\program files\McAfee.com
2008-10-13 04:23 <DIR> --d----- c:\program files\Analog Devices
2008-10-13 02:02 <DIR> --d----- c:\program files\common files\MSSoap
2008-10-13 02:01 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-13 02:01 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-10-12 20:16 <DIR> --d----- c:\program files\common files\ODBC
2008-10-12 20:16 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-09-25 03:03 524,288 a------- c:\windows\system32\DivXsm.exe
2008-09-25 03:03 196,608 a------- c:\windows\system32\dtu100.dll
2008-09-25 03:03 81,920 a------- c:\windows\system32\dpl100.dll
2008-09-25 03:03 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-09-25 03:03 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-09-25 03:03 344,064 a------- c:\windows\system32\dpus11.dll
2008-09-25 03:03 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-25 03:03 294,912 a------- c:\windows\system32\dpu11.dll
2008-09-25 03:03 294,912 a------- c:\windows\system32\dpu10.dll
2008-09-25 03:03 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 16:57 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-09-19 16:55 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-19 16:55 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-19 16:54 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-01 20:23 93,696 a--sh--- c:\windows\system32\biyedepu.dll
2008-09-03 20:20 64,565 a--sh--- c:\windows\system32\falukovo.dll
2008-09-03 20:20 64,565 a--sh--- c:\windows\system32\jelukahu.dll

============= FINISH: 20:38:30.25 ===============
Attached Files
File Type: txt Gmer.txt (54.5 KB, 1 views)
File Type: txt Attach.txt (3.2 KB, 0 views)
borik7 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here