Hi,

All of my Spyware seemed to be destroyed except Virtumonde.prx won't remove I run the Spybot Search & Destroy and it "locates" this file and I click on remove but I run the scan again and it is still there!

It also says windows security centre disabled.

Spybot report below:

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Virtumonde.prx: [SBI $C46E6FC7] Configuration file (File, nothing done)
C:\WINDOWS\pskt.ini

Virtumonde.prx: [SBI $13DC8D4E] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\IProxyProvider\Path=...C:\WINDOWS\sys tem32\utrdvjfl.dll...

Virtumonde.prx: [SBI $797B4EBF] Library (File, nothing done)
C:\WINDOWS\system32\utrdvjfl.dll

Virtumonde.prx: [SBI $0EED8ADA] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BMbf229304

Virtumonde.prx: [SBI $7BFCBA71] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct

Hijackthis log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:30, on 04/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\ipd\tray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [uiksxnifrjnuqchq] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\hiblctoomkw.dll" EntryPoint
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bc11a098] rundll32.exe "C:\WINDOWS\system32\qfkjfgnf.dll",b
O4 - HKLM\..\Run: [BMbf229304] Rundll32.exe "C:\WINDOWS\system32\utrdvjfl.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Start Shopper Link System Tray App.lnk = C:\Documents and Settings\All Users\Application Data\ipd\tray.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: tarsbu.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8029 bytes

Thanks for any help.

Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2300 @ 1.66GHz )
BIOS : ZB1 v1.3221 3B21
USER : new ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 15.0.0.58 (Activated)
Firewall : Norton AntiVirus 15.0.0.58 (Activated)
C:\ (Local Disk) - NTFS - Total : 111 Go Free : 77 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 04/10/2008|12:57 )

--------------------\\ Listing folders in APPLIC~1

[17/09/2008|20:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[22/09/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[06/09/2008|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[06/09/2008|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[05/09/2008|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[04/10/2008|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ipd
[04/09/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[04/09/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[04/10/2008|09:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[20/09/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[04/09/2008|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers Headquarters
[22/09/2008|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[23/09/2008|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[06/09/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05/09/2008|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
[05/09/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[04/09/2008|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[04/09/2008|12:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[04/09/2008|12:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[22/09/2008|21:02] C:\DOCUME~1\new\APPLIC~1\ACD Systems
[05/09/2008|10:36] C:\DOCUME~1\new\APPLIC~1\Adobe
[17/09/2008|20:53] C:\DOCUME~1\new\APPLIC~1\Apple Computer
[05/09/2008|09:15] C:\DOCUME~1\new\APPLIC~1\ATI
[05/09/2008|10:16] C:\DOCUME~1\new\APPLIC~1\IBPlugin
[04/09/2008|12:13] C:\DOCUME~1\new\APPLIC~1\Identities
[05/09/2008|10:10] C:\DOCUME~1\new\APPLIC~1\Intel
[05/09/2008|10:36] C:\DOCUME~1\new\APPLIC~1\Macromedia
[04/10/2008|09:38] C:\DOCUME~1\new\APPLIC~1\Malwarebytes
[20/09/2008|15:04] C:\DOCUME~1\new\APPLIC~1\Microsoft
[05/09/2008|13:30] C:\DOCUME~1\new\APPLIC~1\Mozilla

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/10/2008 15:51][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[29/09/2008 20:39][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - new.job
[04/10/2008 10:06][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[22/09/2008|20:37] C:\Program Files\ACD Systems
[17/09/2008|21:54] C:\Program Files\Apple Software Update
[04/09/2008|12:23] C:\Program Files\ASIX Electronics Corporation
[05/09/2008|09:57] C:\Program Files\Atheros
[04/09/2008|14:17] C:\Program Files\ATI Technologies
[17/09/2008|20:41] C:\Program Files\Bonjour
[23/09/2008|20:57] C:\Program Files\Citrix
[22/09/2008|20:36] C:\Program Files\Common Files
[04/09/2008|12:05] C:\Program Files\ComPlus Applications
[05/09/2008|10:05] C:\Program Files\CONEXANT
[05/09/2008|10:03] C:\Program Files\InstallShield Installation Information
[05/09/2008|10:08] C:\Program Files\Intel
[06/09/2008|13:30] C:\Program Files\Internet Explorer
[17/09/2008|20:55] C:\Program Files\iPod
[17/09/2008|20:56] C:\Program Files\iTunes
[05/09/2008|10:14] C:\Program Files\Launch Manager
[04/09/2008|14:45] C:\Program Files\Logitech
[04/10/2008|09:39] C:\Program Files\Malwarebytes' Anti-Malware
[04/09/2008|12:04] C:\Program Files\Messenger
[04/09/2008|12:08] C:\Program Files\microsoft frontpage
[04/09/2008|12:05] C:\Program Files\Movie Maker
[17/09/2008|21:54] C:\Program Files\Mozilla Firefox
[04/09/2008|12:03] C:\Program Files\MSN
[04/09/2008|12:04] C:\Program Files\MSN Gaming Zone
[04/09/2008|12:06] C:\Program Files\NetMeeting
[06/09/2008|15:50] C:\Program Files\Norton AntiVirus
[04/09/2008|12:04] C:\Program Files\Online Services
[04/09/2008|12:06] C:\Program Files\Outlook Express
[04/09/2008|12:48] C:\Program Files\PC Drivers HeadQuarters
[22/09/2008|20:21] C:\Program Files\PENTAX
[17/09/2008|20:51] C:\Program Files\QuickTime
[05/09/2008|10:03] C:\Program Files\Realtek
[17/09/2008|20:42] C:\Program Files\Safari
[05/09/2008|10:16] C:\Program Files\ShopperLink
[23/09/2008|12:05] C:\Program Files\Spybot - Search & Destroy
[06/09/2008|13:08] C:\Program Files\Symantec
[04/10/2008|09:27] C:\Program Files\Trend Micro
[04/09/2008|12:13] C:\Program Files\Uninstall Information
[24/09/2008|17:41] C:\Program Files\Windows Media Player
[04/09/2008|12:04] C:\Program Files\Windows NT
[05/09/2008|11:01] C:\Program Files\Windows Sidebar
[17/09/2008|20:39] C:\Program Files\Windows WebMedia
[04/09/2008|12:07] C:\Program Files\WindowsUpdate
[04/09/2008|12:08] C:\Program Files\xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[22/09/2008|20:38] C:\Program Files\Common Files\ACD Systems
[05/09/2008|09:55] C:\Program Files\Common Files\Acer
[17/09/2008|20:50] C:\Program Files\Common Files\Apple
[04/09/2008|14:45] C:\Program Files\Common Files\InstallShield
[04/09/2008|14:45] C:\Program Files\Common Files\LogiShrd
[05/09/2008|09:56] C:\Program Files\Common Files\Logitech
[05/09/2008|10:39] C:\Program Files\Common Files\Microsoft Shared
[04/09/2008|12:06] C:\Program Files\Common Files\MSSoap
[04/09/2008|12:58] C:\Program Files\Common Files\ODBC
[04/09/2008|12:06] C:\Program Files\Common Files\Services
[04/09/2008|12:58] C:\Program Files\Common Files\SpeechEngines
[01/10/2008|20:20] C:\Program Files\Common Files\Symantec Shared
[04/09/2008|12:05] C:\Program Files\Common Files\System

--------------------\\ Process

( 46 Processes )

Can you post all of the log

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.