HELP Vundo.GB &

softsuzzable · 04-12-2009, 01:39 AM

C:\WINDOWS\system32\diforusa.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault.
C:\WINDOWS\system32\mojekeva.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault.
C:\WINDOWS\system32\silahije.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault.
C:\WINDOWS\system32\tesenati.dll Trojan horse Vundo.GB Object was moved to Virus Vault.

"Object name";"C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP55\A0008477.dll"
"Detection name";"Trojan horse Generic13.WDS"
"Object type";"File"
"SDK Type";"Core"
"Result";"Moved to Virus Vault"

"Object name";"C:\WINDOWS\system32\yuhoraki.dll"
"Detection name";"Trojan horse Generic13.WEA"
"Object type";"File"
"SDK Type";"Core"
"Result";"Moved to Virus Vault"

"Object name";"C:\WINDOWS\system32\zakupuju.dll"
"Detection name";"Trojan horse Generic13.WDT"
"Object type";"File"
"SDK Type";"Core"
"Result";"Moved to Virus Vault"

I have WinXP Home edition Compaq

Someone help me I tried Malwarebyte's, only made a dent in cleaning it up and I had 26 of these buggers in the hard drive, and now I'm down to what's above and Vundofix won't even pick up anything and I also have AVG 8.0.522 anything higher will not work with the computer. I have tried McAfee, Norton 360 just races my hard drive too much and slows everything down, I have tried AVG Anti-Virus PLUS, that crashed my computer. I have done all the microsoft updates so far, I have Cleanup, CCleaner. Please help someone?

softsuzzable · 04-12-2009, 02:18 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Owner at 4

58.08 on Sun 04/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.52 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Common Files\AOL\1237642865\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {864cb4b2-15ff-476b-bfac-02a5f657e022} - c:\program files\dogpile search and rescue\Helper.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Freecause Toolbar BHO: {ed53f43d-b309-4f2c-a4a3-8d4f81177fd4} - c:\program files\dogpile search and rescue\Toolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Dogpile Search and Rescue: {dab35d68-1cdc-4375-8333-d7bbcee3c0a0} - c:\program files\dogpile search and rescue\Toolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Pando] "c:\program files\pando networks\pando\pando.exe" /Minimized
uRun: [<NO NAME>]
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1237642865\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxdpmon.exe] "c:\program files\lexmark z2300 series\lxdpmon.exe"
mRun: [lxdpamon] "c:\program files\lexmark z2300 series\lxdpamon.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-8 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-8 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-8 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-8 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-9 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-30 55152]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [2009-3-29 98984]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 PCD5SRVC;PCD5SRVC - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2005-5-10 20224]

=============== Created Last 30 ================

2009-04-10 13:19 <DIR> --d----- C:\VundoFix Backups
2009-04-09 21:54 84,538 a------- C:\2009-04-09_215407.gif
2009-04-09 21:52 132,828 a------- C:\2009-04-09_215201.png
2009-04-09 19:17 1,404,928 a------- c:\windows\system32\efukufev.tmp
2009-04-09 11:50 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-09 11:50 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 11:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 11:20 <DIR> --d----- C:\ComboFix
2009-04-09 11:20 388,608 a------- c:\windows\system32\CF14248.exe
2009-04-09 10:40 388,608 a------- c:\windows\system32\cmd.execf
2009-04-08 17:42 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-08 10:35 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-08 10:35 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-08 10:35 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-08 10:34 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-08 10:33 <DIR> --d----- c:\program files\AVG
2009-04-08 10:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-08 09:56 <DIR> --d----- c:\program files\AddRemove
2009-04-08 07:33 <DIR> --d----- c:\program files\Panicware
2009-04-07 12:09 <DIR> --d----- c:\program files\CCleaner
2009-04-05 02:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-04-04 22:54 <DIR> --d----- c:\program files\Dogpile Search and Rescue
2009-04-04 18:08 129,024 a------- c:\windows\UNWISE.EXE
2009-04-04 18:00 <DIR> --d----- c:\program files\GPL MPEG Decoder
2009-04-03 19:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-03 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-04-03 19:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-03 14:14 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-04-03 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-03 07:50 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-03 07:50 <DIR> --d----- c:\program files\Norton Security Scan
2009-04-01 04:55 <DIR> --d----- c:\program files\GameHouse
2009-04-01 03:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-31 22:56 <DIR> --d----- c:\docume~1\compaq~1\applic~1\BitDefender Deployment Tool
2009-03-31 22:31 <DIR> --d----- c:\docume~1\compaq~1\applic~1\QuickScan
2009-03-31 11:01 208,744 a------- c:\windows\system32\muweb.dll
2009-03-31 11:01 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-31 11:01 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-30 21:10 69 a------- c:\windows\NeroDigital.ini
2009-03-30 20:47 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-30 20:44 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-03-30 20:43 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-03-30 20:40 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-30 20:25 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-29 19:41 <DIR> --d----- c:\documents and settings\all users\Lx_cats
2009-03-29 19:40 <DIR> --d----- C:\logs
2009-03-29 19:39 40,960 a------- c:\windows\system32\lxdpvs.dll
2009-03-29 19:39 348,160 a------- c:\windows\system32\lxdpcoin.dll
2009-03-29 19:37 77,304 a------- c:\windows\system32\lxdpprpr.chm
2009-03-29 19:34 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-03-29 19:25 17,064 a------- c:\windows\system32\lxdpwupd.exe
2009-03-29 19:25 102,400 a------- c:\windows\system32\lxdpwupd.dll
2009-03-29 19:25 44 a------- c:\windows\system32\lxdprwrd.ini
2009-03-29 19:25 438,272 a------- c:\windows\system32\LXDPhcp.dll
2009-03-29 19:25 348,160 a------- c:\windows\system32\LXDPinst.dll
2009-03-29 19:25 364,544 a------- c:\windows\system32\lxdpinpa.dll
2009-03-29 19:24 <DIR> --d----- c:\program files\Lexmark Z2300 Series
2009-03-27 18:03 <DIR> --d--r-- c:\program files\Skype
2009-03-25 23:06 <DIR> --d----- c:\program files\common files\Scanner
2009-03-25 22:30 <DIR> --d----- c:\docume~1\compaq~1\applic~1\HPQ
2009-03-25 22:26 <DIR> --d----- c:\program files\Microsoft
2009-03-25 22:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-25 22:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-25 18:27 <DIR> --d----- c:\program files\PLUS!
2009-03-25 02:19 49,857 -------- c:\windows\UNNMP.cfg
2009-03-25 02:19 2,977,792 -------- c:\windows\UNNMP.exe
2009-03-25 02:16 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-03-25 02:13 154,568 -------- c:\windows\UNNeroVision.cfg
2009-03-25 02:13 2,973,696 -------- c:\windows\UNNeroVision.exe
2009-03-25 02:13 24,064 -------- c:\windows\system32\msxml3a.dll
2009-03-25 02:11 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-03-25 02:11 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-03-25 02:11 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-03-25 02:11 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-03-25 02:11 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-03-25 02:11 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-03-25 02:11 38,912 -------- c:\windows\system32\picn20.dll
2009-03-24 02:55 10,920 a------- C:\aolconnfix.exe
2009-03-23 07:56 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-03-22 17:42 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-22 10:25 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-22 10:25 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-22 10:25 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-03-22 10:24 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-03-22 10:24 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-22 10:24 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-22 10:24 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-22 10:24 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-22 10:24 6,066,688 -------- c:\windows\system32\dllcache\ieframe.dll
2009-03-22 10:09 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-22 10:09 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-22 10:09 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-03-22 10:06 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-22 10:05 2,180,352 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-22 10:05 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-22 10:05 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-22 04:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-22 03:31 10,520 -------- c:\windows\system32\avgrsstx.dll.install_backup
2009-03-22 00:33 2 a------- c:\windows\AR.DAT
2009-03-22 00:28 27 a------- c:\windows\addrem.ini
2009-03-21 23:33 <DIR> --d----- c:\program files\CleanUp!
2009-03-21 23:33 <DIR> --d----- c:\program files\Audacity
2009-03-21 23:32 <DIR> --d----- c:\program files\Lame for Audacity
2009-03-21 23:32 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-03-21 21:56 <DIR> --d----- c:\windows\network diagnostic
2009-03-21 21:50 <DIR> --d----- C:\6a05734c9b162d68450827
2009-03-21 21:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-03-21 20:06 659 a------- C:\AOL 9.1.lnk
2009-03-21 20:06 2 a------- c:\windows\msoffice.ini
2009-03-21 18:09 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-03-21 13:06 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-03-21 13:06 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-03-21 13:06 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-03-21 13:06 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-21 13:06 129,784 -------- c:\windows\system32\pxafs.dll
2009-03-21 13:04 <DIR> --d----- c:\program files\DivX
2009-03-21 12:52 <DIR> --d----- c:\program files\Yahoo!
2009-03-21 12:38 421,888 a------- c:\windows\system32\ac3filter.acm
2009-03-21 12:38 <DIR> --d----- c:\program files\AC3Filter
2009-03-21 11:22 <DIR> --dshr-- C:\cmdcons
2009-03-21 11:22 <DIR> --d----- c:\windows\setup.pss
2009-03-21 10:15 <DIR> --d----- c:\program files\Pando Networks
2009-03-21 09:46 <DIR> --d----- c:\docume~1\compaq~1\applic~1\AOL
2009-03-21 09:45 <DIR> --d----- c:\docume~1\compaq~1\applic~1\You've Got Pictures Screensaver
2009-03-21 09:45 <DIR> --d----- c:\program files\common files\Nullsoft
2009-03-21 09:44 647,872 a------- c:\windows\system32\MSComCt2.ocx
2009-03-21 09:44 203,976 a------- c:\windows\system32\RichTx32.ocx
2009-03-21 09:44 115,920 a------- c:\windows\system32\MSInet.ocx
2009-03-21 09:44 10,752 a------- c:\windows\system32\aamd532.dll
2009-03-21 09:44 102,400 a------- c:\windows\system32\SimpleRegistry.dll
2009-03-21 09:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-03-21 09:43 <DIR> --d----- c:\program files\Viewpoint
2009-03-21 09:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-03-21 09:43 <DIR> --d----- c:\program files\Pure Networks
2009-03-21 09:42 <DIR> --d----- c:\program files\common files\AolCoach
2009-03-21 09:40 <DIR> --d----- c:\program files\common files\aolshare
2009-03-21 09:40 <DIR> --d----- c:\program files\America Online 9.0
2009-03-21 09:40 <DIR> --d----- c:\program files\common files\AOL
2009-03-21 09:39 <DIR> --dsh--- c:\documents and settings\compaq_owner\UserData
2009-03-21 09:20 601 a------- C:\Register with HP.url
2009-03-21 09:19 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-21 09:19 1,857 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_ED861AA-ABA SR1603WM NA540_YC_0Pres_QCNH535_E54NAheRED2_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.07_T050729_WXH2_L409_M223_J80_7AMD_8Sempron_91.8_#051217_N10EC8139_Z14F12F20_G10025954.MRK
2009-03-21 09:16 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Intuit
2009-03-21 09:16 <DIR> --d----- c:\documents and settings\compaq_owner\WINDOWS
2009-03-21 09:16 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Symantec
2009-03-21 09:16 <DIR> --d----- c:\documents and settings\Compaq_Owner
2009-03-21 09:15 2,194 a------- C:\BLOCKBUSTER Online.lnk
2009-03-21 09:15 2,085 a------- C:\AOL Latino 3 Meses Incluidos.lnk
2009-03-21 09:15 1,990 a------- C:\My Compaq Games.lnk
2009-03-21 09:15 1,941 a------- C:\AOL 3 Months Included.lnk
2009-03-21 09:15 1,854 a------- C:\MSN.lnk
2009-03-21 09:15 1,537 a------- C:\HP Extended Service Plans.lnk
2009-03-21 09:15 742 a------- C:\Easy Internet Sign-up.lnk
2009-03-21 09:14 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-21 09:11 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-03-21 09:08 249 a------- c:\windows\system\hpsysdrv.dat
2009-03-21 09:06 <DIR> --d----- c:\windows\I386
2009-03-21 08:57 <DIR> --d--r-- C:\User's Guides

==================== Find3M ====================

2009-04-08 22:21 107,520 a--sh--- c:\windows\system32\yabuvasu.dll
2009-03-21 09:21 3,649 a------- c:\windows\viassary-hp.reg
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2005-12-19 05:12 22 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 4:07:56.13 ===============

Quote:

Originally Posted by softsuzzable

C:\WINDOWS\system32\diforusa.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault.
C:\WINDOWS\system32\mojekeva.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault.
C:\WINDOWS\system32\silahije.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault.
C:\WINDOWS\system32\tesenati.dll Trojan horse Vundo.GB Object was moved to Virus Vault.

"Object name";"C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP55\A0008477.dll"
"Detection name";"Trojan horse Generic13.WDS"
"Object type";"File"
"SDK Type";"Core"
"Result";"Moved to Virus Vault"

"Object name";"C:\WINDOWS\system32\yuhoraki.dll"
"Detection name";"Trojan horse Generic13.WEA"
"Object type";"File"
"SDK Type";"Core"
"Result";"Moved to Virus Vault"

"Object name";"C:\WINDOWS\system32\zakupuju.dll"
"Detection name";"Trojan horse Generic13.WDT"
"Object type";"File"
"SDK Type";"Core"
"Result";"Moved to Virus Vault"

I have WinXP Home edition Compaq

Someone help me I tried Malwarebyte's, only made a dent in cleaning it up and I had 26 of these buggers in the hard drive, and now I'm down to what's above and Vundofix won't even pick up anything and I also have AVG 8.0.522 anything higher will not work with the computer. I have tried McAfee, Norton 360 just races my hard drive too much and slows everything down, I have tried AVG Anti-Virus PLUS, that crashed my computer. I have done all the microsoft updates so far, I have Cleanup, CCleaner. Please help someone?

Ried · 04-12-2009, 07:38 AM

Hello softsuzzable,

I see you've already tried to run ComboFix. Did is complete the run? If so, post the C:\ComboFix.txt.

Ried · 04-19-2009, 12:50 AM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic.

04-12-2009, 01:39 AM	#1 (permalink)
softsuzzable Registered User Join Date: Apr 2009 Posts: 2 OS: XP home edition	HELP Vundo.GB & C:\WINDOWS\system32\diforusa.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault. C:\WINDOWS\system32\mojekeva.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault. C:\WINDOWS\system32\silahije.dll.tmp Trojan horse Vundo.GB Object was moved to Virus Vault. C:\WINDOWS\system32\tesenati.dll Trojan horse Vundo.GB Object was moved to Virus Vault. "Object name";"C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP55\A0008477.dll" "Detection name";"Trojan horse Generic13.WDS" "Object type";"File" "SDK Type";"Core" "Result";"Moved to Virus Vault" "Object name";"C:\WINDOWS\system32\yuhoraki.dll" "Detection name";"Trojan horse Generic13.WEA" "Object type";"File" "SDK Type";"Core" "Result";"Moved to Virus Vault" "Object name";"C:\WINDOWS\system32\zakupuju.dll" "Detection name";"Trojan horse Generic13.WDT" "Object type";"File" "SDK Type";"Core" "Result";"Moved to Virus Vault" I have WinXP Home edition Compaq Someone help me I tried Malwarebyte's, only made a dent in cleaning it up and I had 26 of these buggers in the hard drive, and now I'm down to what's above and Vundofix won't even pick up anything and I also have AVG 8.0.522 anything higher will not work with the computer. I have tried McAfee, Norton 360 just races my hard drive too much and slows everything down, I have tried AVG Anti-Virus PLUS, that crashed my computer. I have done all the microsoft updates so far, I have Cleanup, CCleaner. Please help someone?

04-12-2009, 07:38 AM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,953 OS: WinXP and Vista	Re: HELP Vundo.GB & Hello softsuzzable, I see you've already tried to run ComboFix. Did is complete the run? If so, post the C:\ComboFix.txt. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 04-12-2009 at 07:40 AM.

04-19-2009, 12:50 AM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,953 OS: WinXP and Vista	Re: HELP Vundo.GB & Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."