Thread: Trojan.virtumonde found by Spyware doctor but infection still on pc
View Single Post
Old 12-03-2008, 01:28 AM   #1 (permalink)
pcnooby
Registered User
 
Join Date: Nov 2008
Posts: 12
OS: XP


Trojan.virtumonde found by Spyware doctor but infection still on pc
I have a red circle with a white cross and "warning!security report - your computer is infected etc" that keeps appearing.
IE or Firefox pops up randomly with spyware/malware removal recommendations.
The current browser I am typing on right at the top is informing me I have several trojans and that my computer is infected.
Computer is running very slow, not too sure what extra info I can provide, that's all that seems to be showing.
I'm no good with computers, so be gentle. :)

Logs are requested:


DDS (Version 1.0) - NTFSx86
Run by Michelle at 18:34:50.89 on Wed 03/12/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.337 [GMT 11:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Michelle\LOCALS~1\Temp\Rar$EX00.203\gmer.exe
C:\Documents and Settings\Michelle\My Documents\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Framework Windows] frmwrk32.exe
mRun: [SpywareCleaner] c:\windows\system32\SpywareRemover.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\michelle\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {68A8056A-AC6D-4907-9CF8-A48B6595F1C7} = 220.233.0.3 220.233.0.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-11-22 40840]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-10 78416]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-11-22 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-11-22 81288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-10 20560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-11-22 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-11-22 1079176]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;"c:\program files\google\google desktop search\GoogleDesktop.exe" [2008-11-22 30192]

=============== Created Last 30 ================

2008-12-03 18:31 250 a------- c:\windows\gmer.ini
2008-11-30 20:45 <DIR> --d----- C:\VundoFix Backups
2008-11-30 20:02 129,024 a------- c:\windows\system32\kpkada.dll
2008-11-30 20:02 129,024 a------- c:\windows\system32\kkdgrjtq.dll
2008-11-30 20:01 51,200 a------- c:\windows\system32\dcyklsoj.dll
2008-11-30 19:59 1,341,574 ---sh--- c:\windows\system32\jjgtmjwv.ini
2008-11-30 19:58 667,717 a--sh--- c:\windows\system32\rCMUBccf.ini2
2008-11-30 19:58 431 a--sh--- c:\windows\system32\rCMUBccf.ini
2008-11-30 19:53 1,349 a------- c:\windows\system32\ahtn.htm
2008-11-30 19:53 4,785 a------- c:\windows\system32\warning.gif
2008-11-30 19:53 3,104 a------- c:\windows\system32\ntdll64.exe
2008-11-30 19:53 1 a------- c:\windows\system32\uniq.tll
2008-11-30 19:53 1 a------- c:\windows\system32\test.ttt
2008-11-30 19:53 65,536 a------- c:\windows\system32\wvUlJBTK.dll
2008-11-30 19:52 32,256 a------- c:\windows\system32\frmwrk32.exe
2008-11-30 19:52 38,400 a------- c:\windows\system32\khfCvSKc.dll
2008-11-26 20:58 297,697 a------- c:\windows\system32\SpywareRemover.exe
2008-11-23 16:59 319 a------- C:\drmHeader.bin
2008-11-22 18:51 129,784 -------- c:\windows\system32\pxafs.dll
2008-11-22 18:51 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-11-22 18:51 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-11-22 18:51 <DIR> --d----- c:\program files\DivX
2008-11-22 17:36 <DIR> --d----- c:\program files\common files\xing shared
2008-11-22 17:36 <DIR> --d----- c:\program files\Real
2008-11-22 17:36 <DIR> --d----- c:\program files\common files\Real
2008-11-22 14:44 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-11-22 14:44 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-11-22 14:44 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-11-22 14:44 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-11-22 14:44 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-22 14:44 <DIR> --d----- c:\docume~1\michelle\applic~1\PC Tools
2008-11-22 14:19 <DIR> --d----- c:\program files\Skype
2008-11-22 14:05 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-22 14:05 <DIR> --d----- c:\program files\Norton Security Scan
2008-11-22 14:02 2,560 -------- c:\windows\system32\drivers\cdralw2k.sys
2008-11-22 14:02 2,432 -------- c:\windows\system32\drivers\cdr4_xp.sys
2008-11-22 14:02 <DIR> --d----- c:\program files\Picasa2
2008-11-22 13:59 <DIR> --d----- c:\windows\system32\runtime
2008-11-15 14:50 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-15 14:50 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-15 14:50 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-15 14:50 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-15 14:16 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-11-15 14:13 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-11-15 13:58 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-15 13:54 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-11-15 13:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-11-22 17:36 499,712 a------- c:\windows\system32\msvcp71.dll
2008-11-22 17:36 348,160 a------- c:\windows\system32\msvcr71.dll
2008-10-29 09:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-29 09:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-29 09:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-29 09:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-29 09:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-07 03:01 <DIR> --d----- c:\program files\Messenger
2008-10-06 21:31 <DIR> --d----- c:\program files\TARI Racing Software
2008-10-06 21:26 <DIR> --d----- c:\program files\RomRaider
2008-10-06 21:19 <DIR> --d----- c:\program files\OpenECU
2008-10-06 21:09 507,904 a------- c:\windows\system32\winlogon.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-25 19:03 524,288 a------- c:\windows\system32\DivXsm.exe
2008-09-25 19:03 196,608 a------- c:\windows\system32\dtu100.dll
2008-09-25 19:03 81,920 a------- c:\windows\system32\dpl100.dll
2008-09-25 19:03 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-09-25 19:03 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-09-25 19:03 344,064 a------- c:\windows\system32\dpus11.dll
2008-09-25 19:03 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-25 19:03 294,912 a------- c:\windows\system32\dpu11.dll
2008-09-25 19:03 294,912 a------- c:\windows\system32\dpu10.dll
2008-09-25 19:03 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-20 08:57 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-09-20 08:55 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-20 08:55 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-20 08:54 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-09-15 23:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 12:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-09 07:17 1,159,168 a------- c:\windows\system32\op20pt32.dll
2008-09-05 04:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-10 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel

============= FINISH: 18:35:22.79 ===============
Attached Files
File Type: txt gymer.txt (61.0 KB, 4 views)
File Type: txt DDS.txt (12.1 KB, 3 views)
pcnooby is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here