angelgabbby

I keep getting various trojans, etc (including Vundu) pop up in all sorts of places. I did the online deep scan at trojanscans site but it didnt find any. Most are in my D: drive but some are in C. I am including the dds info & gmer

Thanks for the help cause these are really annoying.


dds:

DDS (Ver_09-03-16.01) - FAT32x86
Run by chris at 11:53:26.60 on Thu 04/23/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.751.409 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
SVCHOST.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-4-1 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-4-1 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-4-1 151297]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-4-1 52032]
S3 D100IB;D100IB;c:\windows\system32\drivers\D100IB5.SYS [2009-3-29 117760]

=============== Created Last 30 ================

2009-04-22 22:28 <DIR> --d----- c:\documents and settings\chris\.housecall6.6
2009-04-22 00:11 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-21 12:09 135,168 a------- c:\windows\system32\igfxres.dll
2009-04-21 12:09 <DIR> --d----- C:\Intel
2009-04-15 21:08 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-15 21:06 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-15 21:06 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-15 21:06 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-15 21:06 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-15 21:06 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-15 21:06 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-15 21:06 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-15 20:48 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 20:48 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 20:48 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 20:48 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 20:48 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 20:48 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 20:48 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 20:48 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 20:48 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 20:47 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 20:47 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 20:47 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 12:03 720,896 a------- c:\windows\iun6002.exe
2009-04-15 12:02 <DIR> --d----- c:\program files\BlueVoda Website Builder
2009-04-14 20:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FunGames
2009-04-14 02:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap
2009-04-12 14:47 <DIR> --d----- c:\docume~1\chris\applic~1\Intuit
2009-04-12 14:46 31 a------- c:\windows\QUICKEN.INI
2009-04-12 14:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-04-03 15:26 <DIR> --d----- c:\program files\Prism Casino
2009-04-03 15:07 <DIR> --d----- c:\program files\VIP Lounge
2009-04-03 13:40 <DIR> --d----- c:\program files\Chami
2009-04-03 11:58 <DIR> --d----- c:\program files\BetRoyal Casino
2009-04-03 11:48 <DIR> --d----- c:\program files\Slots of Vegas
2009-04-03 09:01 <DIR> --d----- c:\program files\Joyland Casino
2009-04-03 04:53 <DIR> --d----- c:\windows\system32\scripting
2009-04-03 04:53 <DIR> --d----- c:\windows\l2schemas
2009-04-03 04:53 <DIR> --d----- c:\windows\system32\en
2009-04-03 04:53 <DIR> --d----- c:\windows\system32\bits
2009-04-03 04:46 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-03 04:45 <DIR> --dsh--- c:\windows\ftpcache
2009-04-03 04:41 <DIR> --d----- c:\windows\network diagnostic
2009-04-02 18:23 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-02 18:23 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-04-02 18:23 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-04-02 18:22 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-02 18:19 <DIR> --d----- c:\program files\Microsoft IntelliType Pro
2009-04-02 18:18 <DIR> --d----- c:\program files\Microsoft IntelliType Pro 5.2
2009-04-01 03:19 304,182 a------- C:\StiImg.dat
2009-04-01 03:09 <DIR> --d----- c:\windows\PAC207
2009-04-01 03:09 <DIR> --d----- c:\program files\ORITE
2009-04-01 03:09 <DIR> --d----- c:\program files\common files\PCCamera
2009-04-01 03:08 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-01 02:56 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-01 02:46 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-04-01 02:43 <DIR> --d----- c:\program files\Modem Assistant
2009-04-01 02:43 <DIR> --d----- c:\program files\CONEXANT
2009-04-01 02:40 <DIR> --d----- C:\cabs
2009-04-01 02:28 22,060 -------- c:\windows\system32\dllcache\npds.zip
2009-04-01 02:27 11,295 -------- c:\windows\system32\drivers\wadv08nt.sys
2009-04-01 02:26 1,897,408 -------- c:\windows\system32\drivers\nv4_mini.sys
2009-04-01 02:26 126,686 -------- c:\windows\system32\drivers\mtlmnt5.sys
2009-04-01 02:24 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2009-04-01 02:20 <DIR> --d----- c:\program files\Microsoft DirectX SDK (November 2008)
2009-04-01 02:19 <DIR> --d----- c:\windows\Logs
2009-04-01 02:18 119,120 a------- c:\windows\dxsdkuninst.exe
2009-04-01 02:00 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-04-01 02:00 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-04-01 01:58 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-04-01 01:58 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-04-01 01:58 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-04-01 01:58 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-04-01 01:58 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-04-01 01:55 <DIR> --d----- c:\program files\Avira
2009-04-01 01:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-01 01:53 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-01 01:51 13,646 a------- c:\windows\system32\wpa.bak
2009-03-31 21:10 <DIR> --d----- C:\downloads
2009-03-31 03:31 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-31 03:31 208,744 a------- c:\windows\system32\muweb.dll
2009-03-31 03:31 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-30 23:19 <DIR> --ds---- c:\documents and settings\chris\UserData
2009-03-30 17:51 552 a------- c:\windows\system32\d3d8caps.dat
2009-03-30 17:05 <DIR> --dsh--- C:\Recycled
2009-03-30 10:03 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-30 10:02 <DIR> --d----- c:\program files\Virtual Earth 3D
2009-03-30 08:54 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-29 14:48 148 a------- c:\windows\system32\acmeinc.ini
2009-03-29 14:48 116 a------- c:\windows\system32\vxdtgm.ini
2009-03-29 14:47 <DIR> --d----- c:\program files\TG Games
2009-03-29 07:22 154,112 a------- c:\windows\system32\drivers\e100b325.sys
2009-03-29 07:22 154,112 a------- c:\windows\system32\dllcache\e100b325.sys
2009-03-29 07:21 117,760 a------- c:\windows\system32\drivers\D100IB5.SYS
2009-03-29 07:21 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
2009-03-29 07:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2009-03-29 07:09 <DIR> --d----- c:\program files\common files\New Boundary
2009-03-29 07:03 1,374 a------- c:\windows\imsins.BAK
2009-03-29 06:58 <DIR> --d----- c:\windows\speech
2009-03-29 06:42 <DIR> --d----- c:\documents and settings\chris
2009-03-29 06:41 <DIR> --d----- c:\docume~1\chris\applic~1\BitTorrent Pro
2009-03-29 06:41 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-29 06:40 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-29 06:40 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-29 06:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-29 06:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-29 06:39 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-03-29 06:37 67,584 a------- c:\windows\system32\dllcache\pmigrate.dll
2009-03-29 06:36 18,432 a------- c:\windows\system32\dllcache\jupiw.dll
2009-03-29 06:35 78,848 a------- c:\windows\system32\dllcache\dayi.ime
2009-03-29 06:34 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-03-29 06:34 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-03-29 06:34 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-03-29 06:34 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-03-29 06:34 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-03-29 06:34 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-03-29 06:34 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-03-29 06:34 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-03-29 06:34 <DIR> --d----- c:\windows\system32\xircom
2009-03-29 06:34 <DIR> --d----- C:\DELL
2009-03-29 06:32 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-29 06:31 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-03-29 06:31 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-29 06:31 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-03-29 06:31 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-03-29 06:31 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-29 06:31 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-29 06:31 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-29 06:31 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-29 06:31 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-03-29 06:31 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-03-29 06:31 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-29 06:31 4,399,505 a------- c:\windows\system32\dllcache\nls302en.lex
2009-03-29 06:31 <DIR> --d----- c:\windows\system32\DirectX
2009-03-29 06:30 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-29 06:28 <DIR> --d----- c:\program files\Online Services
2009-03-29 06:28 <DIR> --d----- c:\program files\Messenger
2009-03-29 06:28 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-29 06:27 <DIR> --d----- c:\program files\Windows NT
2009-03-29 06:03 <DIR> --d----- c:\program files\common files\ODBC
2009-03-29 06:03 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-29 06:03 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-03 05:00 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-29 06:29 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 18:04 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-20 03:11 3,068,416 -------- c:\windows\system32\dllcache\mshtml.dll
2009-02-20 03:11 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 03:11 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-20 03:11 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2009-02-20 03:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-20 03:10 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 05:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 05:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 06:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 05:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 14:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 11:53:54.10 ===============

Attached Files

	Attach.rar (1.8 KB, 4 views)
	ark.rar (381 Bytes, 5 views)

angelgabbby

Anyone???