Virtumonde and Virtumonde.Dll -- Please help

C

chrsky

New member
Sudden pop-up gave me random malware, but I was able to delete most of them through SpyBot and AdAware. However, Virtumonde and Virtumonde.Dll keeps showing up. On a previous scan, I found Smitfraud-C.CoreService but it's not being detected anymore, which is strange because it's suppose to be hard to get rid of. Anyways, any help would be appreciated. My hijackthis file and dxdiag is below. Oh and also, everytime I try to fix the problems on SpyBot, it freezes. Any help with that? I cleaned out the temp files and stuff.


HijackThis:
PHP: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:49 PM, on 5/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\CHRISK~1\MYDOCU~1\SMBOLS~1\winlogon.exe
C:\Documents and Settings\Chris Kim\My Documents\?dobe\r?ndll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=032208 serial=WA12WRX-0000002-HMD lang=EN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\System32\HncUpdate.exe /A
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\CHRISK~1\MYDOCU~1\SMBOLS~1\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Oyrsktg] "C:\Documents and Settings\Chris Kim\My Documents\?dobe\r?ndll32.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4380 bytes
 
DxDiag:
PHP: 
------------------
System Information
------------------
Time of this report: 5/17/2004, 13:24:07
       Machine name: FAMILY-X74YEH4O
   Operating System: Microsoft Windows XP Home Edition (5.1, Build 2600) Service Pack 1 (2600.xpsp1.020828-1920)
           Language: English (Regional Setting: English)
System Manufacturer: Dell Computer Corporation
       System Model: Dimension 4600i              
               BIOS: DELL   - 7
          Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
             Memory: 254MB RAM
          Page File: 278MB used, 347MB available
Primary File System: n/a
    DirectX Version: DirectX 8.1 (4.08.01.0810)
DX Setup Parameters: Not found
     DxDiag Version: 5.01.2600.1106 32bit Unicode

------------
DxDiag Notes
------------
  DirectX Files Tab: No problems found.
      Display Tab 1: No problems found.
        Sound Tab 1: No problems found.
          Music Tab: No problems found.
          Input Tab: No problems found.
        Network Tab: No problems found.

------------------
DirectX Components
------------------
   ddraw.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:26:39 253440 bytes 
 ddrawex.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:39 24064 bytes 
   dxapi.sys: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:46 10496 bytes 
    d3d8.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:26:31 1180672 bytes 
   d3dim.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:31 436224 bytes 
d3dim700.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:31 791040 bytes 
 d3dramp.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:32 590336 bytes 
   d3drm.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:32 350208 bytes 
  d3dxof.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:32 47616 bytes 
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:32 34816 bytes 
  dplayx.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:12 212992 bytes 
dpmodemx.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:12 20992 bytes 
dpwsockx.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:17 49664 bytes 
dplaysvr.exe: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:12 26112 bytes 
  dpnsvr.exe: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:14 18944 bytes 
   dpnet.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:13 156672 bytes 
dpnlobby.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:14 38400 bytes 
dpnwsock.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:15 61952 bytes 
 dpnaddr.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:12 26112 bytes 
dpnmodem.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:14 62464 bytes 
 dpvoice.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:16 206336 bytes 
dpvsetup.exe: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:16 58368 bytes 
  dpvvox.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:17 113152 bytes 
  dpvacm.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:16 24064 bytes 
dpnhpast.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:13 29696 bytes 
dpnhupnp.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:13 56320 bytes 
  dinput.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:26:54 151552 bytes 
 dinput8.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:26:54 168960 bytes 
   dimap.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:53 44032 bytes 
diactfrm.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:26:49 394240 bytes 
     joy.cpl: 5.01.2600.1106 English Final Retail 7/16/2003 16:31:04 65536 bytes 
   gcdef.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:28:49 76800 bytes 
     pid.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:46:14 31744 bytes 
  dsound.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:39 338944 bytes 
dsound3d.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:39 1293824 bytes 
  dswave.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:42 16896 bytes 
   dsdmo.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:36 165888 bytes 
dsdmoprp.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:36 66560 bytes 
  dmusic.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:06 94720 bytes 
  dmband.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:01 26112 bytes 
dmcompos.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:02 57344 bytes 
   dmime.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:03 172544 bytes 
dmloader.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:04 31744 bytes 
 dmstyle.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:06 110080 bytes 
 dmsynth.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:06 99840 bytes 
dmscript.dll: 5.01.2600.1106 English Final Retail 7/16/2003 16:27:05 77312 bytes 
   dx7vb.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:46 595456 bytes 
   dx8vb.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:46 1185792 bytes 
   mfc40.dll: 4.01.00.6140 English Final Retail 7/16/2003 16:33:32 924432 bytes 
   mfc42.dll: 6.00.8665.0000 English Beta Retail 7/16/2003 16:33:33 995383 bytes 
 wsock32.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:53:16 21504 bytes 
amstream.dll: 6.04.2600.0000 English Final Retail 7/16/2003 16:24:10 63488 bytes 
 devenum.dll: 6.04.2600.0000 English Final Retail 7/16/2003 16:26:42 51712 bytes 
  dxmasf.dll: 6.04.09.1125 English Final Retail 7/16/2003 16:27:48 498205 bytes 
mciqtz32.dll: 6.04.2600.0000 English Final Retail 7/16/2003 16:32:32 33280 bytes 
 mpg2splt.ax: 6.04.2600.1106 English Final Retail 7/16/2003 16:34:17 135168 bytes 
   msdmo.dll: 6.04.2600.0000 English Final Retail 7/16/2003 16:35:28 11264 bytes 
    qasf.dll: 6.04.2600.0000 English Final Retail 7/16/2003 16:42:22 152576 bytes 
    qcap.dll: 6.04.2600.1106 English Final Retail 7/16/2003 16:42:22 184832 bytes 
     qdv.dll: 6.04.2600.0000 English Final Retail 7/16/2003 16:42:22 266752 bytes 
    qdvd.dll: 6.04.2600.1106 English Final Retail 7/16/2003 16:42:23 357376 bytes 
   qedit.dll: 6.04.2600.1106 English Final Retail 7/16/2003 16:42:23 511488 bytes 
qedwipes.dll: 6.04.2600.0000 English Final Retail 7/16/2003 16:42:24 734208 bytes 
  quartz.dll: 6.04.2600.1106 English Final Retail 7/16/2003 16:42:29 1142784 bytes 
 strmdll.dll: 4.01.00.3928 English Final Retail 7/16/2003 16:46:56 251904 bytes 
 iac25_32.ax: 2.00.05.0053 English Final Retail 11/14/2002 12:58:00 199680 bytes 
  ir41_32.ax: 4.51.16.0003 English Final Retail 11/14/2002 12:58:00 848384 bytes 
 ir41_qc.dll: 4.30.62.0002 English Final Retail 11/14/2002 12:58:02 120320 bytes 
ir41_qcx.dll: 4.30.64.0001 English Final Retail 11/14/2002 12:58:02 338432 bytes 
 ir50_32.dll: 5.2562.15.0055 English Final Retail 11/14/2002 12:58:02 755200 bytes 
 ir50_qc.dll: 5.00.63.0048 English Final Retail 11/14/2002 12:58:04 200192 bytes 
ir50_qcx.dll: 5.00.64.0048 English Final Retail 11/14/2002 12:58:04 183808 bytes 
   ivfsrc.ax: 5.10.02.0051 English Final Retail 11/14/2002 12:58:06 154624 bytes 
mswebdvd.dll: 6.04.2600.1106 English Final Retail 7/16/2003 16:37:00 192512 bytes 
      ks.sys: 5.01.2600.1106 English Final Retail 8/29/2002 01:13:42 131712 bytes 
  ksproxy.ax: 5.01.2600.0000 English Final Retail 8/17/2001 21:37:04 117248 bytes 
  ksuser.dll: 5.01.2600.0000 English Final Retail 8/17/2001 21:36:18 4096 bytes 
  stream.sys: 5.01.2600.1106 English Final Retail 8/29/2002 00:32:34 44416 bytes 
mspclock.sys: 5.01.2600.0000 English Final Retail 8/17/2001 13:48:42 5120 bytes 
   mspqm.sys: 5.01.2600.0000 English Final Retail 8/17/2001 13:48:46 4608 bytes 
 mskssrv.sys: 5.01.2600.1106 English Final Retail 8/29/2002 01:27:12 7040 bytes 
  swenum.sys: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:31 3840 bytes 
msvidctl.dll: 6.04.2600.1106 English Final Retail 7/16/2003 16:36:58 1220608 bytes 
  vbisurf.ax: 5.01.2600.1106 English Final Retail 7/16/2003 16:49:38 27136 bytes 
   msyuv.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:27:31 16384 bytes 
wstdecod.dll: 5.01.2600.0000 English Final Retail 7/16/2003 16:53:17 46080 bytes 

---------------
Display Devices
---------------
        Card name: NVIDIA GeForce FX 5200 
     Manufacturer: NVIDIA
        Chip type: GeForce FX 5200
         DAC type: Integrated RAMDAC
        Device ID: Enum\PCI\VEN_10DE&DEV_0322&SUBSYS_01B910DE&REV_A1
   Display Memory: 128.0 MB
     Current Mode: 1280 x 1024 (32 bit) (75Hz)
          Monitor: Plug and Play Monitor
  Monitor Max Res: 1600,1200
      Driver Name: nv4_disp.dll
   Driver Version: 6.14.10.4502 (English)
      DDI Version: 8 (or higher)
Driver Attributes: Final Retail
 Driver Date/Size: 11/3/2003 12:46:00, 3335916 bytes
    Driver Signed: Yes
  WHQL Date Stamp: n/a
              VDD: 
         Mini VDD: nv4_mini.sys
    Mini VDD Date: 11/3/2003 12:46:00, 1330940 bytes
Device Identifier: {D7B71E3E-4062-11CF-F862-B32100C2CB35}
        Vendor ID: 0x10DE
        Device ID: 0x0322
        SubSys ID: 0x01B910DE
      Revision ID: 0x00A1
         Registry: OK
     DDraw Status: Enabled
       D3D Status: Enabled
       AGP Status: Enabled
DDraw Test Result: 
 D3D7 Test Result: 
 D3D8 Test Result:
 
and the rest of the DxDiag code:
PHP: 
[PHP]
-------------
Sound Devices
-------------
      Description: SoundMAX Digital Audio
        Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02
  Manufacturer ID: 1
       Product ID: 100
             Type: WDM
      Driver Name: smwdm.sys
   Driver Version: 5.12.01.3600 (English)
Driver Attributes: Final Retail
    Driver Signed: Yes
    Date and Size: 5/6/2003 08:14:34, 580992 bytes
      Other Files: 
  Driver Provider: Analog Devices
   HW Accel Level: Full
         Registry: OK
Sound Test Result: 

-----------
DirectMusic
-----------
 DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
  Version: 1.00.16.0002
    Ports:
           Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
           SoundMAX Digital Audio, Software (Kernel Mode), Output, DLS, Internal
           Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
           Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
 Registry: OK
Music Test Result: 

------------------
DirectShow Filters
------------------

DirectShow Filters:
WMAudio Decoder DMO,0x00600800,1,1,,
WMVideo 8 Decoder DMO,0x00800001,1,1,,
MSScreen decoder DMO,0x00600800,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.04.2600.1106
Gretech ASF Source Filter,0x00200000,0,1,GSFU.ax,
Gretech MPEG Source Filter,0x00200000,0,1,GSFU.ax,
DV Muxer,0x00400000,0,0,qdv.dll,6.04.2600.0000
Color Space Converter,0x00400001,1,1,quartz.dll,6.04.2600.1106
WM ASF Reader,0x00400000,0,0,qasf.dll,6.04.2600.0000
AVI Splitter,0x00600000,1,1,quartz.dll,6.04.2600.1106
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.04.2600.1106
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.15.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.00.4487
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.04.2600.1106
StreamBufferSink,0x00200000,0,0,sbe.dll,6.04.2600.1106
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.04.2600.1106
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.15.0055
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.00.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.04.2600.1106
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.05.00.0050
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.04.2600.1106
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.00.0000
Gretech Video Filter,0x00200000,1,1,GVF.ax,
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.04.2600.1106
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.04.2600.1106
File Source (Netshow URL),0x00400000,0,1,dxmasf.dll,6.04.09.1125
Gretech FLV Source Filter,0x00200000,0,1,GSFU.ax,
DV Splitter,0x00600000,1,2,qdv.dll,6.04.2600.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.00.4487
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.00.4000
Gretech AsfEx Source Filter,0x00200000,0,1,GSFU.ax,
Windows Media Multiplexer,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASX file Parser,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASX v.2 file Parser,0x00600000,1,0,dxmasf.dll,6.04.09.1125
NSC file Parser,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ACM Wrapper,0x00600000,1,1,quartz.dll,6.04.2600.1106
Windows Media source filter,0x00600000,0,2,dxmasf.dll,6.04.09.1125
Gretech AVI Source Filter,0x00200000,0,1,GSFU.ax,
Video Renderer,0x00800001,1,0,quartz.dll,6.04.2600.1106
Gretech Network(OGG) Filter,0x00200000,0,1,GNF.ax,
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.04.2600.1106
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.04.2600.1106
Video Port Manager,0x00600000,2,1,quartz.dll,6.04.2600.1106
WST Decoder,0x00600000,1,1,wstdecod.dll,5.01.2600.0000
Video Renderer,0x00400000,1,0,quartz.dll,6.04.2600.1106
WM ASF Writer,0x00400000,0,0,qasf.dll,6.04.2600.0000
Gretech Audio Filter,0x00200000,1,1,GAF.ax,
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.01.2600.1106
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.00.4487
File writer,0x00200000,1,0,qcap.dll,6.04.2600.1106
Gretech OGG Source Filter,0x00200000,0,1,GSFU.ax,
Gretech Network(AVI) Filter,0x00200000,0,1,GNF.ax,
Gretech MKV Source Filter,0x00200000,0,1,GSFU.ax,
DVD Navigator,0x00200000,0,2,qdvd.dll,6.04.2600.1106
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.04.2600.1106
AVI Draw,0x00600064,9,1,quartz.dll,6.04.2600.1106
.RAM file Parser,0x00600000,1,0,dxmasf.dll,6.04.09.1125
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.04.2600.1106
DV Video Decoder,0x00800000,1,1,qdv.dll,6.04.2600.0000
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.05.0053
Windows Media Update Filter,0x00400000,1,0,dxmasf.dll,6.04.09.1125
Gretech Network(SHOUTcast) Filter,0x00200000,0,1,GNF.ax,
ASF DIB Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF ACM Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF ICM Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF URL Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF JPEG Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF DJPEG Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF embedded stuff Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.00.0000
Gretech Network(GOM) Filter,0x00200000,0,1,GNF.ax,
SampleGrabber,0x00200000,1,1,qedit.dll,6.04.2600.1106
Null Renderer,0x00200000,1,0,qedit.dll,6.04.2600.1106
IVF source filter,0x00600000,0,1,ivfsrc.ax,5.10.02.0051
StreamBufferSource,0x00200000,0,0,sbe.dll,6.04.2600.1106
WMP CD Filter,0x00600000,0,1,wmpcd.dll,8.00.00.4487
Smart Tee,0x00200000,1,2,qcap.dll,6.04.2600.1106
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.04.2600.1106
AVI Decompressor,0x00600000,1,1,quartz.dll,6.04.2600.1106
Gretech MP4 Source Filter,0x00200000,0,1,GSFU.ax,
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.04.2600.1106
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.04.2600.1106
Wave Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
MIDI Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
Multi-file Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
Lyric Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
File stream renderer,0x00400000,1,1,quartz.dll,6.04.2600.1106
XML Playlist,0x00400000,1,0,dxmasf.dll,6.04.09.1125
AVI Mux,0x00200000,1,0,qcap.dll,6.04.2600.1106
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.04.2600.1106
File Source (Async.),0x00400000,0,1,quartz.dll,6.04.2600.1106
File Source (URL),0x00400000,0,1,quartz.dll,6.04.2600.1106
Windows Media Pad VU Data Grabber,0x00600000,1,0,wmmfilt.dll,1.01.2427.0001
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.04.2600.1106
QT Decompressor,0x00600000,1,1,quartz.dll,6.04.2600.1106
ShotBoundaryDet,0x00200000,1,1,wmmfilt.dll,1.01.2427.0001
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.04.2600.1106
Indeo® video 4.4 Decompression Filter,0x0009c400,1,1,ir41_32.ax,4.51.16.0003
Indeo® video 4.4 Compression Filter,0x00030d40,1,1,ir41_32.ax,4.51.16.0003

WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00200000,2,2,ksproxy.ax,5.01.2600.0000
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,ksproxy.ax,5.01.2600.0000
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,ksproxy.ax,5.01.2600.0000
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,ksproxy.ax,5.01.2600.0000

Video Compressors:
WMVideo Encoder DMO,0x00600800,1,1,,
MSScreen encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.04.2600.0000
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.15.0055
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.04.2600.1106
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.04.2600.1106
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.04.2600.1106
Intel Indeo(R) Video R3.2,0x00200000,1,1,qcap.dll,6.04.2600.1106
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.04.2600.1106
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.04.2600.1106
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft RLE,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft Windows Media Video 9,0x00200000,1,1,qcap.dll,6.04.2600.1106

Audio Compressors:
WMAudio Encoder DMO,0x00600800,1,1,,
IAC2,0x00200000,1,1,quartz.dll,6.04.2600.1106
IMA ADPCM,0x00200000,1,1,quartz.dll,6.04.2600.1106
PCM,0x00200000,1,1,quartz.dll,6.04.2600.1106
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.04.2600.1106
ACELP.net,0x00200000,1,1,quartz.dll,6.04.2600.1106
DSP Group TrueSpeech(TM),0x00200000,1,1,quartz.dll,6.04.2600.1106
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.04.2600.1106
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.04.2600.1106
GSM 6.10,0x00200000,1,1,quartz.dll,6.04.2600.1106
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.04.2600.1106
CCITT A-Law,0x00200000,1,1,quartz.dll,6.04.2600.1106
CCITT u-Law,0x00200000,1,1,quartz.dll,6.04.2600.1106
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.04.2600.1106

Audio Capture Sources:
SoundMAX Digital Audio,0x00200000,0,0,qcap.dll,6.04.2600.1106

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.04.2600.1106
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.04.2600.1106

WDM Streaming Capture Devices:
SoundMAX Digital Audio,0x00200000,2,2,ksproxy.ax,5.01.2600.0000

WDM Streaming Rendering Devices:
SoundMAX Digital Audio,0x00200000,2,2,ksproxy.ax,5.01.2600.0000

WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,

BDA CP/CA Filters:
Decrypt/Tag,0x00200000,0,0,encdec.dll,6.04.2600.1106
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.04.2600.1106
XDS Codec,0x00200000,0,0,encdec.dll,6.04.2600.1106

Audio Renderers:
SoundMAX Digital Audio,0x00200000,1,0,quartz.dll,6.04.2600.1106
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.04.2600.1106
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.04.2600.1106
DirectSound: SoundMAX Digital Audio,0x00200000,1,0,quartz.dll,6.04.2600.1106

WDM Streaming System Devices:
SoundMAX Digital Audio,0x00200000,13,2,ksproxy.ax,5.01.2600.0000

-------------
Input Devices
-------------
      Device Name: USB Human Interface Device
         Provider: (Standard system devices)
      Hardware ID: USB\Vid_413c&Pid_3010&Rev_0220
           Status: 0
        Port Name: USB Root Hub
    Port Provider: (Standard USB Host Controller)
          Port ID: USB\ROOT_HUB&VID8086&PID24D4&REV0002
      Port Status: 0

Poll w/ Interrupt: No
         Registry: OK

-------------
Input Drivers
-------------

----------------------------
DirectPlay Service Providers
----------------------------
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.01.2600.1106)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.01.2600.1106)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.01.2600.0000)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.01.2600.0000)
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnmodem.dll (5.01.2600.0000)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnmodem.dll (5.01.2600.0000)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnwsock.dll (5.01.2600.0000)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnwsock.dll (5.01.2600.0000)
DirectPlay Test Result: 

-------------------------
DirectPlay Lobbyable Apps
-------------------------

Thank-you
 
Oh dang, I just found the program that was downloaded into my system that I think spread the viruses; AVSystemCare. I've deleted them through HijackThis.

Here's the new HJK file:
PHP: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:15 PM, on 5/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\CHRISK~1\MYDOCU~1\SMBOLS~1\winlogon.exe
C:\Documents and Settings\Chris Kim\My Documents\?dobe\r?ndll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=032208 serial=WA12WRX-0000002-HMD lang=EN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\System32\HncUpdate.exe /A
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\CHRISK~1\MYDOCU~1\SMBOLS~1\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Oyrsktg] "C:\Documents and Settings\Chris Kim\My Documents\?dobe\r?ndll32.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4026 bytes

Thanks again
 
please help me! AntiVir continuously pops up saying there's a detection, mainly Vundo, which is probably Virtumonde.
 
You must log in or register to reply here.
Back
Top