Tech Support Forum - View Single Post - Trojans, Malware, pop-up ads in IE and Firefox

Pepe Silvia · 12-04-2008, 09:49 PM

For the past few days I've been getting pop-up ads on IE and Firefox, and my computer is running slower. I have done full scans with AVG and Spybot 3 times so far, and they turn up problems each time. Last S&D scan came up with 14 problems, Virtumonde and Virtumonde.generic having the most entries.

Also, Windows updates have been disabled. The Windows Security Alert is indicating that Automatic Updates is turned off, though when I check the actual settings, it still shows as on. System Restore is also not functioning.

DDS (Version 1.0) - NTFSx86
Run by Mia at 19:56:38.59 on Thu 12/04/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.884 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mia\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dellnet.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {1f5a768f-3d15-4b5c-8989-a1b3f1a8897a} - c:\windows\system32\beoxzy.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\khfFXQGW.dll
BHO: {B4FF83D7-4299-4939-8574-847CBBCA71B4} - c:\windows\system32\awtRiiIX.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\program files\microsoft money\system\mnyviewer.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Dell|Alert] c:\program files\dell\support\alert\bin\DAMon.exe
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zone labs\zonealarm\zapro.exe
uPolicies-explorer: NoSMMyPictures = 01000000
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: khfFXQGW - khfFXQGW.dll
Notify: WB - c:\progra~1\stardock\object~1\window~1\fastload.dll
AppInit_DLLs: wbsys.dll beoxzy.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\khfFXQGW.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtRiiIX

============= SERVICES / DRIVERS ===============

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2004-5-29 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2004-5-29 5504]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-5-26 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2005-10-23 4224]
R1 Avg7RsXP;AVG7 Rezident Driver;c:\windows\system32\drivers\avg7rsxp.sys [2006-3-15 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-3-7 10760]
R2 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2003-5-23 177280]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1979-12-31 142336]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1979-12-31 524288]
S2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-3-7 418816]
S2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-3-7 49664]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]

=============== Created Last 30 ================

2008-12-04 11:25 250 a------- c:\windows\gmer.ini
2008-12-04 11:22 592 a--sh--- c:\windows\system32\XIiiRtwa.ini2
2008-12-04 11:22 592 a--sh--- c:\windows\system32\XIiiRtwa.ini
2008-12-04 08:44 143 a------- c:\windows\system32\mcrh.tmp
2008-12-03 22:18 129,024 a------- c:\windows\system32\beoxzy.dll
2008-12-03 22:18 129,024 a------- c:\windows\system32\unpqygup.dll
2008-12-03 19:18 129,024 a------- c:\windows\system32\mkrytb.dll
2008-12-03 19:18 129,024 a------- c:\windows\system32\myxedsgh.dll
2008-12-03 13:56 1,426,531 a--sh--- c:\windows\system32\syqqnfnr.tmp
2008-12-03 13:56 129,024 a------- c:\windows\system32\tofzjg.dll
2008-12-03 13:56 129,024 a------- c:\windows\system32\ukaneyhl.dll
2008-12-03 13:31 72,704 -------- c:\windows\system32\tftkfndj.dll
2008-12-03 13:31 129,024 a------- c:\windows\system32\mslfdowh.dll
2008-12-03 13:31 129,024 a------- c:\windows\system32\lirfkb.dll
2008-12-03 13:28 72,704 -------- c:\windows\system32\ypqwugqh.dll
2008-12-03 13:28 129,024 a------- c:\windows\system32\dqwbtd.dll
2008-12-03 13:28 129,024 a------- c:\windows\system32\ldrfisrk.dll
2008-12-03 07:32 129,024 a------- c:\windows\system32\iilzlt.dll
2008-12-03 07:31 129,024 a------- c:\windows\system32\lcffwblq.dll
2008-12-03 07:29 72,704 -------- c:\windows\system32\tasaywek.dll
2008-12-03 07:24 302,592 a------- c:\windows\system32\awtRiiIX.dll
2008-12-01 10:18 260 a------- c:\windows\_delis32.ini
2008-11-30 20:28 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-30 20:28 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-30 20:28 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-30 20:15 32,768 a------- c:\windows\system32\ddcBRhhI.dll
2008-11-30 20:15 <DIR> --d----- c:\docume~1\mia\applic~1\NI.GSCNS
2008-11-30 20:06 32,768 a------- c:\windows\system32\khfFXQGW.dll
2008-11-12 05:31 <DIR> --d----- C:\5f582f17051f5fba323323d66b427188
2008-11-11 12:56 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 12:55 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-12-04 08:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-03 22:11 <DIR> --d----- c:\program files\LimeWire
2008-12-03 22:11 <DIR> --d----- c:\docume~1\mia\applic~1\uTorrent
2008-12-03 22:09 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-03 08:59 <DIR> --d----- c:\docume~1\mia\applic~1\AVG7
2008-12-03 08:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-12-03 08:40 <DIR> --d----- c:\program files\Viewpoint
2008-12-01 12:17 306,688 a------- c:\windows\IsUninst.exe
2008-12-01 09:36 <DIR> --d----- c:\program files\BroadJump
2008-11-26 08:49 <DIR> --d----- c:\program files\AIM6
2008-11-01 08:07 <DIR> --d----- c:\program files\Skype
2008-10-31 11:54 <DIR> --d----- c:\program files\Lavalys
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 08:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 09:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 04:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-09 17:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 17:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 02:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-09-07 09:17 <DIR> --d----- c:\docume~1\mia\applic~1\Unity
2008-06-22 22:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2007-06-21 16:10 <DIR> --d----- c:\docume~1\mia\applic~1\DelinvFile
2007-06-05 17:26 <DIR> --d----- c:\docume~1\mia\applic~1\Finding Nemo Communicator(2)
2007-02-23 02:11 <DIR> --d----- c:\docume~1\mia\applic~1\My Games
2006-09-30 18:31 <DIR> --d----- c:\docume~1\mia\applic~1\AOL
2006-09-27 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\espionServerData
2006-03-28 18:57 <DIR> --d----- c:\docume~1\mia\applic~1\ICQLite
2004-12-18 14:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2004-11-21 01:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2004-09-05 10:08 <DIR> --d----- c:\docume~1\mia\applic~1\The Learning Company
2004-06-04 17:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2004-06-04 17:36 <DIR> --d----- c:\docume~1\mia\applic~1\You've Got Pictures Screensaver
2004-02-22 15:29 <DIR> --d----- c:\docume~1\mia\applic~1\Steganos Internet Anonym Pro 6
2004-01-07 13:58 <DIR> --d----- c:\docume~1\mia\applic~1\Jasc
2003-11-22 23:49 <DIR> --d----- c:\docume~1\mia\applic~1\Phoenix
2003-11-06 21:21 <DIR> --d----- c:\docume~1\mia\applic~1\Kazaa Lite
2003-05-24 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2002-08-06 10:17 <DIR> --d----- c:\docume~1\mia\applic~1\ACD Systems
2002-06-04 06:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\JASC
2002-06-04 06:09 <DIR> --d----- c:\docume~1\mia\applic~1\Symantec
2002-06-04 06:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2001-08-18 03:00 94,784 ---sh--- c:\windows\TWAIN.DLL
2008-04-13 16:12 50,688 ---sh--- c:\windows\twain_32.dll
2004-06-06 13:45 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-04-13 16:12 57,344 a--sh--- c:\windows\system32\msvcirt.dll
2008-04-13 16:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 16:12 551,936 a--sh--- c:\windows\system32\oleaut32.dll
2008-04-13 16:12 84,992 a--sh--- c:\windows\system32\olepro32.dll
2008-04-13 16:12 11,776 a--sh--- c:\windows\system32\regsvr32.exe
2008-08-29 20:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 20:00:46.37 ===============