New Victim: Virtumonde - et. al. fix request

[peter100]

Dear S&D Forum,

I consider myself moderately computer literate, but probably a newbie in this crowd. I have a WinXP PC and I’ve used the personal version of Spybot S&D over the past year or so with great results. Thank you for a great product. Together with Lavasoft’s Ad-Aware and Avast Aniti-Virus as well as the regular XP updates, it has kept my PC relatively problem-free… until now. It’s probably my fault but last night I decided to have my first go at “torrent downloading” (I’m still working out what that is exactly). My motivation was to get an old TV show for research purposes. BitZip by Miro looked like a decent client. In the process I found HiDownload with keygen by CORE that I wanted to test for saving streaming media files. But that’s when my problems started. I’ve tried using S&D several times but each time I re-scan to “fix problems” it crashes.

Below is the S&D printout that I made before trying to fix problems for the nth-time. Will you please help me?

Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-562591055-839522115-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-562591055-839522115-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\ddabc.dll
AdRevolver: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Majsan) (Cookie, nothing done)
AdRevolver: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Majsan) (Cookie, nothing done)
DoubleClick: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Majsan) (Cookie, nothing done)
HitBox: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Majsan) (Cookie, nothing done)
HitBox: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Majsan) (Cookie, nothing done)
Tradedoubler: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Majsan) (Cookie, nothing done)
BurstMedia: [SBI $4CDCC3D5] Tracking cookie (Firefox: default) (Cookie, nothing done)
BurstMedia: [SBI $4CDCC3D5] Tracking cookie (Firefox: default) (Cookie, nothing done)
Common Dialogs: [SBI $4CDCC3D5] History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
MS Office 9.0: [SBI $4CDCC3D5] Recently used files (14 files) (Directory, nothing done)
C:\Documents and Settings\Majsan\Application Data\Microsoft\Office\Recent\
Log: [SBI $4CDCC3D5] Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log
Log: [SBI $4CDCC3D5] Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: [SBI $4CDCC3D5] Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: [SBI $4CDCC3D5] Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: [SBI $4CDCC3D5] Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: [SBI $4CDCC3D5] Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log
Log: [SBI $4CDCC3D5] Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: [SBI $4CDCC3D5] Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: [SBI $4CDCC3D5] Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: [SBI $4CDCC3D5] Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt
Log: [SBI $4CDCC3D5] Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log
Log: [SBI $4CDCC3D5] Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: [SBI $4CDCC3D5] Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log
Log: [SBI $4CDCC3D5] Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Cookie: Cookie (290) (Cookie, nothing done)
Cache: Cache (8035) (Cache, nothing done)
History: History (1376) (History, nothing done)
Cookie: Cookie (697) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2005-10-03 unins000.exe (51.41.0.0)
2008-02-14 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-02-13 Includes\Beta.sbi (*)
2007-11-06 Includes\Beta.uti (*)
2008-02-13 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-02-13 Includes\DialerC.sbi (*)
2008-02-13 Includes\HeavyDuty.sbi (*)
2008-02-13 Includes\Hijackers.sbi (*)
2008-02-13 Includes\HijackersC.sbi (*)
2008-02-13 Includes\Keyloggers.sbi (*)
2008-02-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-02-13 Includes\Malware.sbi (*)
2008-02-13 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-02-13 Includes\PUPSC.sbi (*)
2008-02-13 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-02-13 Includes\SecurityC.sbi (*)
2008-02-13 Includes\Spybots.sbi (*)
2008-02-13 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-02-13 Includes\Trojans.sbi (*)
2008-02-13 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll

[md usa spybot fan]

Consider posting in the Malware Removal forum and have someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

• "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance).

After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal forum, making sure to post the logs produced from the above instructions.