rhapsodyfan Posted September 23, 2005 CID Share Posted September 23, 2005 hey everyone i am having some issues with spyware and adaware. i have ran microsoft spyware, spyware doctor, adaware, spybot, spysweeper, and a few more online test from pc chillin. i cant seem to get rid of WINFIXER and VIRTUMONDE. only spysweeper picked up the Virtumonde and i followed it step by step but it keeps coming back. here is my hijackthis results if anyone knows anything about this. this is bothering me that i want to reinstall XP if it comes down to that!! thank you so much for any help:) Link to comment Share on other sites More sharing options...
rhapsodyfan Posted September 23, 2005 Author CID Share Posted September 23, 2005 oops here is the reults Logfile of HijackThis v1.99.1 Scan saved at 12:32:09 AM, on 9/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe%temp%bs5657.tmp C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE C:Program FilesWebrootSpy SweeperWRSSSDK.exe C:WINDOWSsystem32wdfmgr.exe C:Program FilesRaxcoPerfectDiskPDSched.exe C:WINDOWSSystem32alg.exe C:Program FilesJavaj2re1.4.2_03binjusched.exe C:windowssystemhpsysdrv.exe C:WINDOWSsystem32hphmon06.exe C:WINDOWSALCWZRD.EXE C:hpdrivershplsbwatcherlsburnwatcher.exe C:Program FilesCreativeSBLive 24-Bit ExternalSurround MixerCTSysVol.exe C:WINDOWSsystem32RunDll32.exe C:Program FilesHP DVDUmbrellaDVDTray.exe C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe C:Program FilesHPhpcoretechhpcmpmgr.exe C:WINDOWSsystem32hphmon05.exe C:WINDOWSsystem32rmctrl.exe C:PROGRA~1GrisoftAVGFRE~1avgcc.exe C:PROGRA~1GrisoftAVGFRE~1avgemc.exe C:Program FilesHPDigital Imagingbinhpqtra08.exe C:WINDOWSsystem32HPZipm12.exe C:WINDOWSsystem32wuauclt.exe C:DOCUME~1HP_OwnerLOCALS~1TempTemporary Directory 1 for hijackthis.zipHijackThis.exe R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:WINDOWSsystem32ddaby.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:Program FilesHPDigital ImagingbinHPDTLK02.dll O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03binjusched.exe O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM..Run: [HPHUPD06] c:Program FilesHP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}hphupd06.exe O4 - HKLM..Run: [HPHmon06] C:WINDOWSsystem32hphmon06.exe O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM..Run: [LSBWatcher] c:hpdrivershplsbwatcherlsburnwatcher.exe O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe" O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBLive 24-Bit ExternalSurround MixerCTSysVol.exe /r O4 - HKLM..Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM..Run: [DVDTray] "C:Program FilesHP DVDUmbrellaDVDTray.exe" O4 - HKLM..Run: [DVDBitSet] "C:Program FilesHP DVDUmbrellaDVDBitSet.exe" /NOUI O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe O4 - HKLM..Run: [HPHUPD05] C:Program FilesHP{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}hphupd05.exe O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe" O4 - HKLM..Run: [HPHmon05] C:WINDOWSsystem32hphmon05.exe O4 - HKLM..Run: [RemoteControl] C:WINDOWSsystem32rmctrl.exe O4 - HKLM..Run: [spySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /startintray O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe O4 - HKLM..Run: [spyHunter] C:Program FilesEnigma Software GroupSpyHunterSpyHunter.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124952160796 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O20 - Winlogon Notify: ddaby - C:WINDOWSsystem32ddaby.dll O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll O20 - Winlogon Notify: vtutq - vtutq.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:Program FilesRaxcoPerfectDiskPDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:Program FilesRaxcoPerfectDiskPDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperWRSSSDK.exe Link to comment Share on other sites More sharing options...
organ_shifter Posted September 23, 2005 CID Share Posted September 23, 2005 About Adware VirtuMonde VirtuMonde is an adware that monitors your browsing habits and brings targeted advertisements to your computer. The program runs in the backgorund when the sytem starts up. How to Remove VirtuMonde? Follow these removal steps to remove this adware from your computer: 1.) Click Start > Run, type 'regedit', and click Ok to open the Registry eidtor. 2.) Navigate to the following key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun. In the right pane find and delete the entries with the value 'WindowsUpd' or ' SysUpd ' . 3.) Navigate to and delete the following registry keys: HKEY_CURRENT_USERSoftwareMicrosoftWindowsUpd HKEY_CURRENT_USERSoftwareMicrosoftSysUpd 4.) Exit Registry Editor. 5.) Open a DOS command prompt window ( Start > Run , type 'cmd' (on Windows NT/2000/XP ) or 'command' (on Windows 95/98/Me)) and enter the following command: regsvr32 /u %WinDir%system32cidrules.dll 6.) Reboot the computer. 7.) Search for and delete the following files from System directory ( by default this is C:WindowsSystem32 ): windowsupd2.exe cidrules.dll I hope this helps with the VirtuMonde. I'm searching for manual WINFIXER removal steps. EDIT: OK. Read this thread for removal of Winfixer: Help me...WinFixer virus victim Link to comment Share on other sites More sharing options...
cholla Posted September 23, 2005 CID Share Posted September 23, 2005 You can run your hijac this through this analyzer. http://www.hijackthis.de/ Link to comment Share on other sites More sharing options...
compuworm Posted September 23, 2005 CID Share Posted September 23, 2005 I pasted your hijackthis results and go to this site to see your Log File Analysis results: I hope this helps, compuworm http://www.hijackthis.de/index.php#anl Also, see this link: http://www.testmy.net/forum/index.php?topic=8305.0 Link to comment Share on other sites More sharing options...
Recommended Posts