Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Infected Virtumonde.dll help please

  1. #1
    Junior Member swonderbin's Avatar
    Join Date
    Dec 2010
    Location
    Australia / Indonesia
    Posts
    11

    Default

    Hi
    I have been infected with the Virtumonde.dll trojan and cant get rid of it using spybot. It is not a false positive as the PC is playing up. Before I (possibly) start the long process of trying to disinfect if some one can please answer the following questions it would be helpful.

    1/ If I re-install windows from the OEM copy on the hard drive will this eliminate the trojan? (or does the trojan go deep enough to infect from there) . I usually re-install windows every couple of years anyway to refresh the system and it is just about due.

    2/ Any special precautions I should take doing this ?

    3/ If I connect any external hardrives will they be infected?
    (there is some files I still want to get off the hard drive, and luckily none of my externals have been connected for a while)

    If anyone knows the quick answer to these it would be greatly appreciated so I dont take up to much time trying to disinfect if I dont have to.


    In advance - Thank You
    Steve
    --------------------------------
    Edit Removed own post as helpers look for topics with zero response. -tashi
    --------------------------------

    Hi
    Thanks for your help. Find attached the required reports.

    Dont know if you need this info but I have run 3 full spybot removals (1 x in windows AND 1x on reboot)

    Major problems occuring with shortcuts wanting to delete files, delete button gets stuck on, Vaio splash screen freezes and much more, It is getting very hard to even try and operate the machine.

    I do want to get this problem solved but please bare with me if it takes a while due to several things (bad internet connection, work etc) If you do not hear from me for 24 hours that is why. BUT I WILL DO MY BEST.

    Thanks for helping a little lost sole.


    Steve

    DDS Report

    DDS (Ver_10-11-27.01) - NTFSx86
    Run by BarrellON Production at 1:17:34.21 on Sat 04/12/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.421 [GMT 11:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Documents and Settings\BarrellON Production\My Documents\SpyBot Removal Stuff\DDS\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
    mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
    mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [NeroFilterCheck] C:\Program F)Please wait scanning download directoriesexe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
    StartupFolder: c:\docume~1\barrel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236322130609
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286798456296
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286798433937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    TCP: {2C67CE15-22B8-4EAC-B05D-335174D5D78A} = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cef4538&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-GB&q=
    FF - component: c:\documents and settings\barrellon production\application data\mozilla\firefox\profiles\yak88t2s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\barrellon production\application data\mozilla\firefox\profiles\yak88t2s.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-21 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-14 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-14 297752]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-5 1120960]

    =============== Created Last 30 ================

    2010-11-28 04:46:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-11-28 04:46:45 -------- d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================


    ============= FINISH: 1:18:04.15 ===============




    Spybot Report



    --- Report generated: 2010-12-02 03:33 ---

    Virtumonde.dll: [SBI $DB0322C4] Library (File, fixed)
    C:\WINDOWS\system32\mfc40.dll
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Log: Activity: COM+.log (Backup file, nothing done)
    C:\WINDOWS\COM+.log

    Log: Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: imsins.log (Backup file, nothing done)
    C:\WINDOWS\imsins.log

    Log: Activity: OEWABLog.txt (Backup file, nothing done)
    C:\WINDOWS\OEWABLog.txt

    Log: Install: comsetup.log (Backup file, nothing done)
    C:\WINDOWS\comsetup.log

    Log: Install: Directx.log (Backup file, nothing done)
    C:\WINDOWS\Directx.log

    Log: Install: ocgen.log (Backup file, nothing done)
    C:\WINDOWS\ocgen.log

    Log: Install: setupact.log (Backup file, nothing done)
    C:\WINDOWS\setupact.log

    Log: Install: setupapi.log (Backup file, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Install: setuplog.txt (Backup file, nothing done)
    C:\WINDOWS\setuplog.txt

    Log: Install: svcpack.log (Backup file, nothing done)
    C:\WINDOWS\svcpack.log

    Log: Install: wmsetup.log (Backup file, nothing done)
    C:\WINDOWS\wmsetup.log

    Log: Install: DtcInstall.log (Backup file, nothing done)
    C:\WINDOWS\DtcInstall.log

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Ahead Nero Burning Rom: [SBI $B67505E9] Recent file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Ahead\Nero - Burning Rom\Recent file list

    Ahead Nero Burning Rom: [SBI $0D846EDB] Compilation directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation

    Ahead Nero Burning Rom: [SBI $DE353278] Browser directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir

    Ahead Nero Burning Rom: [SBI $F3FD92E9] Working directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir

    Ahead Nero Burning Rom: [SBI $055C754D] Last ISO directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\ahead\Nero - Burning Rom\General\OFDLastISODir

    MS Management Console: [SBI $ECD50EAD] Recent command list (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Media Player: [SBI $735D57D7] Recent open directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir

    MS Media Player: [SBI $656F1808] Search terms history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

    MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

    MS Media Player: [SBI $1BDA487B] Last selected track index (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

    MS Media Player: [SBI $6D2E50D8] Last selected node (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS Office 12.0 (Publisher): [SBI $CBBE5E84] Recent Publication List (9 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Office\12.0\Publisher\Recent File List

    MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (50 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Office\12.0\Word\File MRU

    MS Paint: [SBI $07867C39] Recent file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Search Assistant\ACMru

    MS Wordpad: [SBI $4C02334D] Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (6 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: [SBI $DCEE25EC] Open with list - .BAK extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

    Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

    Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (48 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: [SBI $7308A845] Run history (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: [SBI $AA0766B5] Stream history (201 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (11 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (286 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $B7EBA926] Last visited history (24 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    History: [SBI $49804B54] History (60) (History, nothing done)


    Cookie: [SBI $49804B54] Cookie (10) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-01-26 TeaTimer.exe (1.6.4.26)
    2009-02-17 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2010-06-29 Includes\Adware.sbi (*)
    2010-10-12 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-09-22 Includes\Dialer.sbi (*)
    2010-10-12 Includes\DialerC.sbi (*)
    2010-01-25 Includes\HeavyDuty.sbi (*)
    2010-11-16 Includes\Hijackers.sbi (*)
    2010-11-16 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-08-02 Includes\Keyloggers.sbi (*)
    2010-10-12 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2010-09-13 Includes\Malware.sbi (*)
    2010-11-23 Includes\MalwareC.sbi (*)
    2010-05-18 Includes\PUPS.sbi (*)
    2010-10-12 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-14 Includes\Security.sbi (*)
    2010-10-12 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2010-06-29 Includes\Spyware.sbi (*)
    2010-10-26 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti (*)
    2010-11-02 Includes\Trojans.sbi (*)
    2010-10-12 Includes\TrojansC-02.sbi (*)
    2010-10-12 Includes\TrojansC-03.sbi (*)
    2010-10-12 Includes\TrojansC-04.sbi (*)
    2010-11-24 Includes\TrojansC-05.sbi (*)
    2010-11-23 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Last edited by tashi; 2010-12-03 at 18:40. Reason: Merged two posts

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,
    Virtumonde.dll: [SBI $DB0322C4] Library (File, fixed)
    C:\WINDOWS\system32\mfc40.dll
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E
    That looks like possible false positive. Please update Spybot and try to run scan again.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member swonderbin's Avatar
    Join Date
    Dec 2010
    Location
    Australia / Indonesia
    Posts
    11

    Default

    It is not a false positive as the computer started playing up and then I ran spybot which detected the virus.

    I had followed a questionable link the day before and didnt think to much about it at the time. The next time I started the PC up it started playing up
    ie. hovering over a shortcut wants to delete files, Vaio splash screen freezes and various other abnormal things.

    Something is wrong.

    I have tried to disinfect 4 times with spybot before I contacted you so that may be hiding something??

    I will TRY and update spybot but it had only been updated a week before.

    Thanks
    Steve

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    You may want to check this topic: http://forums.spybot.info/showthread.php?t=60587
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member swonderbin's Avatar
    Join Date
    Dec 2010
    Location
    Australia / Indonesia
    Posts
    11

    Question A little confused

    Hi
    I am reasonably confident around computers but not an expert. Can you please tell me if I am not picking up on something.

    You directed me to something about false positives. I assume this term means that spybot detects a virus that is not a virus and that it does not affect Windows operation.

    The operation of my Windows is being affected as described in previous post

    Major problems occuring with shortcuts wanting to delete files, delete button gets stuck on, Vaio splash screen freezes and much more, It is getting very hard to even try and operate the machine.

    Are you telling me that
    a/ Spybot is picking up a false positive
    and it just so happens that at the same time
    b/ My windows operation has fallen over ??????????

    I dont understand why you sent me to the other link as they say all their machines are still operating OK, just that spybot is picking up a false positive.

    This is the order that things happened
    1/ Followed a dodgy link while in a hurry.
    2/ restarted computer and it started playing up straight away (as above)
    3/ Restarted again, no fix
    4/ Ran AVG virus, picked up nothing
    5/ Ran Spybot. picked up Virtumond, Spybot wanted to run again on reboot so I allowed it.
    6/ Have repeated this Spybot cycle 3 more times
    7/ Have started windows without spybot scan on boot, computer still plays up

    I am a little confused. Can you spell it out straight for me please.

    Thanks from a little bewildered
    Steve

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    I posted link to false positive topic to support my earlier reply since you told me you didn't believe it was a false positive Spybot was finding. Please run Spybot after updating its definitions first.

    When done, post fresh dds logs.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member swonderbin's Avatar
    Join Date
    Dec 2010
    Location
    Australia / Indonesia
    Posts
    11

    Default Re-Run Spybot

    Hi
    Updated spybot and ran it, virtumonde did not come up. Also ran the DDS again. Both logs are below.

    If I dont have a virus (AVG doesnt pick up anything either) then what is wrong. All actions that go wrong seem to be malicious in that they want to destroy things.

    A couple of times over the years the system has gone belly up and "system restore" usually fixes it. Not this time!!

    Any recomendations on how I can fix it / what I should do ??

    I will update and run AVG again to see if anything new comes up.

    I just found the suspected download file that caused the problem. Do you want to have a look at it?


    Steve

    DDS (Ver_10-11-27.01) - NTFSx86
    Run by BarrellON Production at 14:02:15.96 on Thu 09/12/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.312 [GMT 11:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\BarrellON Production\My Documents\SpyBot Removal Stuff\DDS\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
    mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
    mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [NeroFilterCheck] C:\Program F)Please wait scanning download directoriesexe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    StartupFolder: c:\docume~1\barrel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236322130609
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286798456296
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286798433937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    TCP: {2C67CE15-22B8-4EAC-B05D-335174D5D78A} = 192.168.1.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cef4538&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-GB&q=
    FF - component: c:\documents and settings\barrellon production\application data\mozilla\firefox\profiles\yak88t2s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\barrellon production\application data\mozilla\firefox\profiles\yak88t2s.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-21 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-14 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-14 297752]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-11-26 517448]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-5 1120960]

    =============== Created Last 30 ================

    2010-12-09 01:59:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-12-09 01:59:54 -------- d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================


    ============= FINISH: 14:03:21.98 ===============


    Spybot Report
    The report would not fit in the allowed text quota so have attached it as a txt zip file

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    If I dont have a virus (AVG doesnt pick up anything either) then what is wrong.
    AVG virus definitions seem to be outdated meaning it won't pick latest threats. You should update it.

    I just found the suspected download file that caused the problem. Do you want to have a look at it?
    Archive it into a zip file and upload here. Kindly include a link to this topic in the message.


    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.



    Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Post fresh dds logs after that.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member swonderbin's Avatar
    Join Date
    Dec 2010
    Location
    Australia / Indonesia
    Posts
    11

    Default Still no solution

    Hi
    I thought I had found the problem before your last post, AVG had sent out a corrupt copy of one of their updates. I tried doing their recovery procedure but it did not fix the problem, I still think it is part of the problem as both things happened at the same time.

    Did your suggestions
    Malware found a Nero burning thing, did not fix my problem.
    Have updated most of the programs Secunia suggested, no fix

    The probelm has now got worse
    Excuse the spelling mistakes as I cannot correct the without wiping out everything. It was only the delete button that was sticking on but now the arrow and end buttons are deleting stuff.Also as soon as I bring up the text files to read it starts deleting the text. Some of the text will be missing from the attached logs but hopefully nothing you need.

    Also I am unable to select and copy text as it automatically gets deleted so have had to just attach the logs instead of posting them.`It is very hard to do anything as soon as I highlight a link/shortcut it is deleted.

    After I post this I will be trying to reinstall AVG, should take me an hour or so.

    Sorry it took a while for the reply but went away for the weekend and updates here take ages due to fairly slow/intermitent net connections (as well as the major hassles of trying to navigate anywhere on the PC.

    I hope we can get a solution soon as this is starting to wear me out, I feel like just throwing the whole PC out the window. Who are these stupid people who make these viruses.


    Steve

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Have updated most of the programs Secunia suggested
    You should update all it suggests. Vulnerable 3rd party programs put system under threat even if OS updates were up-to-date.

    What kind of keyboard are you using, wired or wireless?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •