Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Problem And Hijack Problem


  • This topic is locked This topic is locked
14 replies to this topic

#1 bluelurker

bluelurker

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 20 July 2008 - 12:35 AM

Hey Guys, have a few problems here so will list actions and then results. I hope I have got this right this time but am having trouble accessing your web site to follow the links that you have with in "What to do first" section.
1. Downloaded a torrent for avi conversion and AVG picked it as a virus and then shut-down, I think?
2. Started getting this message all he time and a new page opening up with IE. I use Firefox as my default browser.
Posted Image
Posted Image
3. ran both spybot and ad-aware spybot found many different items so I fixed them all ad-aware had great trouble running and after a re-boot would not run.
4. I posted to the wrong section at bleeping and it was diverted and now firefox shuts down with a fault every time I click the link to where it has been moved.
5. I had dss installed and have done the scan and will post it at the end of this explination.
6. Running xp home
7. I also have just noticed that ther is a text message in my taskbar saying "virus alert!"
8. have run AVG three times with different results and Trojans found each time...when it comes to repair or remove the problems AVG informs me that the files are to large and I cant do any thing to remove tham other than delete the files them self, which I have done.
9. Have also run systems mech and removed any junk and obsolete items

Ok here is the dss scan info
Deckard's System Scanner v20071014.68
Run by me on 2008-07-20 13:17:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-20 13:20:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Photolightning\autodetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\me\Desktop\SIDEBAR\TORRENT DOWNLOADS\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - C:\WINDOWS\system32\tuvVMcYr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {B52D7982-A18A-4C36-B192-64ED12B3B3A4} - C:\WINDOWS\system32\byXQIywt.dll
O2 - BHO: {9dddb948-434c-e168-ee94-799b917bac5f} - {f5cab719-b997-49ee-861e-c434849bddd9} - C:\WINDOWS\system32\conjsg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [3029bd48] rundll32.exe "C:\WINDOWS\system32\elqthams.dll",b
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/A...01F/wmvadvd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183871029750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxdev.dll (file missing)
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: kvxqmtre - {D8D091F5-A06B-42BF-8A9C-7CA07EA0DBD6} - C:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {D5F4C27D-F935-4FE9-8FB2-2C37878BBF1C} - C:\WINDOWS\evgratsm.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9038 bytes

-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-20 07:37:35 93184 --a------ C:\WINDOWS\system32\elqthams.dll
2008-07-20 07:34:41 116864 --a------ C:\WINDOWS\system32\conjsg.dll
2008-07-20 07:34:37 116864 --a------ C:\WINDOWS\system32\lhfjegau.dll
2008-07-20 01:32:14 116864 --a------ C:\WINDOWS\system32\adwgtr.dll
2008-07-20 01:32:10 116864 --a------ C:\WINDOWS\system32\yhqvlvbw.dll
2008-07-20 01:31:15 169264 --ahs---- C:\WINDOWS\system32\twyIQXyb.ini2
2008-07-20 01:31:04 322816 --a------ C:\WINDOWS\system32\byXQIywt.dll
2008-07-20 01:23:26 0 d-------- C:\movies
2008-07-20 01:22:57 0 d-------- C:\Documents and Settings\me\Application Data\TmpRecentIcons
2008-07-20 01:22:45 454656 --a------ C:\WINDOWS\kgxmotapktx.dll
2008-07-20 01:22:43 155648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-15 19:39:23 0 d-------- C:\Program Files\iPod
2008-07-15 19:39:19 0 d-------- C:\Program Files\iTunes
2008-07-07 16:42:38 65536 --a------ C:\WINDOWS\Photolightning.SCR <Not Verified; Photolightning; Photolightning>
2008-07-07 16:40:19 0 d-------- C:\Program Files\Photolightning
2008-07-05 22:34:09 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-26 21:43:11 0 d-------- C:\Program Files\Apophysis 2.0
2008-06-22 10:55:17 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-07-20 13:19:59 0 d-------- C:\Documents and Settings\me\Application Data\uTorrent
2008-07-19 14:29:16 0 d-------- C:\Program Files\AllToAVI
2008-07-19 13:08:56 0 d-------- C:\Documents and Settings\me\Application Data\Adobe
2008-07-18 00:02:34 0 d-------- C:\Program Files\Movie Maker
2008-07-18 00:00:25 0 d-------- C:\Program Files\Lavasoft
2008-07-18 00:00:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 15:26:57 0 d-------- C:\Program Files\GRETECH
2008-07-15 19:38:25 0 d-------- C:\Program Files\Bonjour
2008-07-15 19:37:45 0 d-------- C:\Program Files\QuickTime
2008-07-12 09:40:12 0 d-------- C:\Documents and Settings\me\Application Data\Vso
2008-07-06 12:40:53 0 d-------- C:\Program Files\Google
2008-07-06 06:56:30 0 d-------- C:\Program Files\uTorrent
2008-06-26 19:22:51 0 d-------- C:\Program Files\PokerStars.NET
2008-06-24 20:03:31 0 d-------- C:\Program Files\Safari
2008-06-17 22:16:54 0 d-------- C:\Program Files\Photoshop
2008-06-12 12:13:50 0 d-------- C:\Documents and Settings\me\Application Data\Summitsoft
2008-06-12 01:05:15 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2008-06-11 02:41:12 0 d-------- C:\Documents and Settings\me\Application Data\DxO Labs
2008-06-11 02:40:43 0 d-------- C:\Documents and Settings\me\Application Data\PACE Anti-Piracy
2008-06-11 02:40:41 0 d-------- C:\Program Files\Common Files
2008-06-11 02:40:41 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-06-10 21:01:38 0 d-------- C:\Program Files\DxO Labs
2008-06-10 19:53:32 0 d-------- C:\Program Files\MSBuild
2008-06-10 19:53:25 0 d-------- C:\Program Files\Reference Assemblies
2008-06-10 19:49:18 0 d-------- C:\Program Files\MSXML 6.0
2008-06-10 19:46:51 0 d-------- C:\Program Files\InterLok
2008-06-10 19:08:02 0 d-------- C:\Documents and Settings\me\Application Data\Reallusion
2008-06-10 19:07:54 75 -r-hs---- C:\WINDOWS\FFSSET.BIN
2008-06-10 19:07:46 0 d-------- C:\Program Files\Reallusion
2008-06-10 19:07:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-10 16:45:31 0 d-------- C:\Program Files\Photo To Color Sketch
2008-06-10 16:12:13 0 d-------- C:\Program Files\intocartoonpro
2008-06-10 14:51:31 0 d-------- C:\Program Files\SuperGOO
2008-06-05 09:19:43 0 d-------- C:\Program Files\Apple Software Update
2008-05-31 20:21:14 0 d-------- C:\Program Files\Common Files\Xara
2008-05-31 20:21:02 0 d-------- C:\Program Files\Xara
2008-05-31 20:12:37 0 d-------- C:\Program Files\Portrait Professional Max 6
2008-05-31 20:10:03 0 d-------- C:\Documents and Settings\me\Application Data\Anthropics
2008-05-29 16:00:12 0 d-------- C:\Documents and Settings\me\Application Data\ACD Systems
2008-05-29 15:59:37 0 d-------- C:\Program Files\ACD Systems
2008-05-29 11:00:42 0 d-------- C:\Documents and Settings\me\Application Data\AVGTOOLBAR
2008-05-29 10:30:18 0 d-------- C:\Program Files\AVG
2008-05-20 11:00:43 0 d-------- C:\Documents and Settings\me\Application Data\Imagenomic
2008-05-20 10:55:49 0 d-------- C:\Program Files\Imagenomic


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]
C:\WINDOWS\system32\tuvVMcYr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/07/2008 09:31: VIRUS ALERT! 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B52D7982-A18A-4C36-B192-64ED12B3B3A4}]
20/07/2008 01:31: VIRUS ALERT! 322816 --a------ C:\WINDOWS\system32\byXQIywt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f5cab719-b997-49ee-861e-c434849bddd9}]
20/07/2008 07:34: VIRUS ALERT! 116864 --a------ C:\WINDOWS\system32\conjsg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20/05/2005 09:11: VIRUS ALERT!]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/09/2005 15:35: VIRUS ALERT!]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/07/2008 09:31: VIRUS ALERT!]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/04/2007 06:05: VIRUS ALERT!]
"3029bd48"="C:\WINDOWS\system32\elqthams.dll" [20/07/2008 07:37: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [31/01/2008 01:07: VIRUS ALERT!]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [31/01/2008 01:07: VIRUS ALERT!]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Autodetect.lnk - C:\Program Files\Photolightning\autodetect.exe [7/07/2008 4:42:41 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4/11/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [4/11/2004 7:50:52 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoStartBanner"=01000000
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}"= C:\WINDOWS\system32\tuvVMcYr.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kvxqmtre"= {D8D091F5-A06B-42BF-8A9C-7CA07EA0DBD6} - C:\WINDOWS\kvxqmtre.dll [ ]
"evgratsm"= {D5F4C27D-F935-4FE9-8FB2-2C37878BBF1C} - C:\WINDOWS\evgratsm.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15/11/2007 17:46: VIRUS ALERT! 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXQIywt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup




-- End of Deckard's System Scanner: finished at 2008-07-20 13:20:31 ------------

BC AdBot (Login to Remove)

 


#2 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 20 July 2008 - 12:44 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42: VIRUS ALERT!, on 20/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Photolightning\autodetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [3029bd48] rundll32.exe "C:\WINDOWS\system32\elqthams.dll",b
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183871029750
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: kvxqmtre - {D8D091F5-A06B-42BF-8A9C-7CA07EA0DBD6} - C:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {D5F4C27D-F935-4FE9-8FB2-2C37878BBF1C} - C:\WINDOWS\evgratsm.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5955 bytes

As request here is the new HJT file

#3 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 20 July 2008 - 04:28 AM

Just a quick up date if any one is reading this.
Still have the "VIRUS ALERT" in the task bar next to the date
Have tried to run Kaspersky Online Scanner, but the broswer shuts down every time I open the page/link
Every ime I try to access your site with Firefox, firefox goes into error mode
Posted Image
Have run ccleaner and follow other examples to clean out firefox and ie files and temp folders.
Have tried to run Malwarebytes anti malware but it to is running very slow and has stopped running three times.
I have started to use IE to access your site with a better response but am plauged with pop ups and other web page sites opening in new windows

Waiting in anticipation
Lurker
I know you guys are busy just be reading the forums so when ya get here, ya get here.
Thanks Guys

#4 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 20 July 2008 - 04:47 AM

Malwarebytes' Anti-Malware 1.21
Database version: 969
Windows 5.1.2600 Service Pack 2

5:36:52 PM 20/07/2008
mbam-log-7-20-2008 (17-36-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 182105
Time elapsed: 1 hour(s), 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 13
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\byXQIywt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\elqthams.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\conjsg.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b52d7982-a18a-4c36-b192-64ed12b3b3a4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b52d7982-a18a-4c36-b192-64ed12b3b3a4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5cab719-b997-49ee-861e-c434849bddd9} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f5cab719-b997-49ee-861e-c434849bddd9} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8c6aacdd-4862-496c-ba20-d712ad679760} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6a4a71b0-36d2-4674-87af-288f60e3ec71} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a74cd9a1-9348-4b3f-87a4-4852c2ce802e} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxqiywt -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxqiywt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55277-OEM-0015591-65243) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\byXQIywt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\twyIQXyb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\twyIQXyb.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\conjsg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\elqthams.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\smahtqle.ini (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F5A59FD8-AEED-4F15-9BBB-2C9303EF7F9D}\RP37\A0002424.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F5A59FD8-AEED-4F15-9BBB-2C9303EF7F9D}\RP37\A0002425.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F5A59FD8-AEED-4F15-9BBB-2C9303EF7F9D}\RP37\A0002492.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\adwgtr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yhqvlvbw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lhfjegau.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\kgxmotapktx.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\me\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken.

#5 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 20 July 2008 - 05:24 AM

Ok after running Malwarebytes' Anti-Malware 1.21 the "VIRUS ALERT!" in the task tray has gone and I dont seem to be getting any pop ups in IE.
Still have trouble accessing Bleeping with firefox and firefox is shutting down in fault mode if I open more than 10 or so tabs or windows, it is runnign very slow.
I ran another dss and will post the response here.
I have also gpt Kaspersky online scan to run but I think it keeps freezing.
So dont know if I have fixed any thing as yet but will wait till one of you guru guys have a look at all this information and get back to me.
If I get Kaspersky to work will post the log here.
Here is the latest dss scan.
Thanks for a great forum site it has help heaps, that is if I got any of it right.
Deckard's System Scanner v20071014.68
Run by me on 2008-07-20 18:16:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as me.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:31 PM, on 20/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Photolightning\autodetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\me\Desktop\SIDEBAR\TORRENT DOWNLOADS\dss.exe
C:\PROGRA~1\HIJACK~1\me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183871029750
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 6169 bytes

-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-20 17:42:46 229906 --ahs---- C:\WINDOWS\system32\twyIQXyb.ini2
2008-07-20 16:26:53 0 d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
2008-07-20 16:26:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 16:26:46 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 14:51:16 0 dr-h----- C:\Documents and Settings\me\Recent
2008-07-20 14:34:02 0 d-------- C:\Program Files\CCleaner
2008-07-20 07:37:35 93184 -----n--- C:\WINDOWS\system32\elqthams.dll
2008-07-20 07:34:41 116864 -----n--- C:\WINDOWS\system32\conjsg.dll
2008-07-20 01:31:04 322816 -----n--- C:\WINDOWS\system32\byXQIywt.dll
2008-07-20 01:23:26 0 d-------- C:\movies
2008-07-20 01:22:57 0 d-------- C:\Documents and Settings\me\Application Data\TmpRecentIcons
2008-07-15 19:39:23 0 d-------- C:\Program Files\iPod
2008-07-15 19:39:19 0 d-------- C:\Program Files\iTunes
2008-07-07 16:42:38 65536 --a------ C:\WINDOWS\Photolightning.SCR <Not Verified; Photolightning; Photolightning>
2008-07-07 16:40:19 0 d-------- C:\Program Files\Photolightning
2008-07-05 22:34:09 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-26 21:43:11 0 d-------- C:\Program Files\Apophysis 2.0
2008-06-22 10:55:17 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-07-20 18:14:25 0 d-------- C:\Documents and Settings\me\Application Data\uTorrent
2008-07-19 14:29:16 0 d-------- C:\Program Files\AllToAVI
2008-07-19 13:08:56 0 d-------- C:\Documents and Settings\me\Application Data\Adobe
2008-07-18 00:02:34 0 d-------- C:\Program Files\Movie Maker
2008-07-18 00:00:25 0 d-------- C:\Program Files\Lavasoft
2008-07-18 00:00:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 15:26:57 0 d-------- C:\Program Files\GRETECH
2008-07-15 19:38:25 0 d-------- C:\Program Files\Bonjour
2008-07-15 19:37:45 0 d-------- C:\Program Files\QuickTime
2008-07-12 09:40:12 0 d-------- C:\Documents and Settings\me\Application Data\Vso
2008-07-06 12:40:53 0 d-------- C:\Program Files\Google
2008-07-06 06:56:30 0 d-------- C:\Program Files\uTorrent
2008-06-26 19:22:51 0 d-------- C:\Program Files\PokerStars.NET
2008-06-24 20:03:31 0 d-------- C:\Program Files\Safari
2008-06-17 22:16:54 0 d-------- C:\Program Files\Photoshop
2008-06-12 12:13:50 0 d-------- C:\Documents and Settings\me\Application Data\Summitsoft
2008-06-12 01:05:15 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2008-06-11 02:41:12 0 d-------- C:\Documents and Settings\me\Application Data\DxO Labs
2008-06-11 02:40:43 0 d-------- C:\Documents and Settings\me\Application Data\PACE Anti-Piracy
2008-06-11 02:40:41 0 d-------- C:\Program Files\Common Files
2008-06-11 02:40:41 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-06-10 21:01:38 0 d-------- C:\Program Files\DxO Labs
2008-06-10 19:53:32 0 d-------- C:\Program Files\MSBuild
2008-06-10 19:53:25 0 d-------- C:\Program Files\Reference Assemblies
2008-06-10 19:49:18 0 d-------- C:\Program Files\MSXML 6.0
2008-06-10 19:46:51 0 d-------- C:\Program Files\InterLok
2008-06-10 19:08:02 0 d-------- C:\Documents and Settings\me\Application Data\Reallusion
2008-06-10 19:07:54 75 -r-hs---- C:\WINDOWS\FFSSET.BIN
2008-06-10 19:07:46 0 d-------- C:\Program Files\Reallusion
2008-06-10 19:07:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-10 16:45:31 0 d-------- C:\Program Files\Photo To Color Sketch
2008-06-10 16:12:13 0 d-------- C:\Program Files\intocartoonpro
2008-06-10 14:51:31 0 d-------- C:\Program Files\SuperGOO
2008-06-05 09:19:43 0 d-------- C:\Program Files\Apple Software Update
2008-05-31 20:21:14 0 d-------- C:\Program Files\Common Files\Xara
2008-05-31 20:21:02 0 d-------- C:\Program Files\Xara
2008-05-31 20:12:37 0 d-------- C:\Program Files\Portrait Professional Max 6
2008-05-31 20:10:03 0 d-------- C:\Documents and Settings\me\Application Data\Anthropics
2008-05-29 16:00:12 0 d-------- C:\Documents and Settings\me\Application Data\ACD Systems
2008-05-29 15:59:37 0 d-------- C:\Program Files\ACD Systems
2008-05-29 11:00:42 0 d-------- C:\Documents and Settings\me\Application Data\AVGTOOLBAR
2008-05-29 10:30:18 0 d-------- C:\Program Files\AVG
2008-05-20 11:00:43 0 d-------- C:\Documents and Settings\me\Application Data\Imagenomic
2008-05-20 10:55:49 0 d-------- C:\Program Files\Imagenomic


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/07/2008 09:31 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20/05/2005 09:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/09/2005 03:35 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/07/2008 09:31 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/04/2007 06:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [31/01/2008 01:07 AM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [31/01/2008 01:07 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Autodetect.lnk - C:\Program Files\Photolightning\autodetect.exe [7/07/2008 4:42:41 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4/11/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [4/11/2004 7:50:52 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoStartBanner"=01000000
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15/11/2007 05:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup




-- End of Deckard's System Scanner: finished at 2008-07-20 18:16:45 ------------

thanks guys will wait your response

#6 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 20 July 2008 - 07:43 AM

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 20, 2008 10:03:54
Records in database: 976931
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 144704
Threat name 2
Infected objects 3
Suspicious objects 0
Duration of the scan 01:57:15

File name Threat name Threats count
C:\Documents and Settings\me\Desktop\SIDEBAR\TORRENT DOWNLOADS\sofware\systemsoft\AnyDVD 6.4.2.0 Final\AnyDVDtray.exe Infected: Trojan-Downloader.Win32.Tiny.brd 1
C:\Documents and Settings\me\Desktop\SIDEBAR\TORRENT DOWNLOADS\sofware\systemsoft\AnyDVD 6.4.2.0 Final\SetupAnyDVD6420.exe Infected: Trojan-Downloader.Win32.Tiny.brd 1
C:\Documents and Settings\me\Desktop\SIDEBAR\TORRENT DOWNLOADS\sofware\systemsoft\nero full.zip Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
The selected area was scanned.
one more peice off infomation for ya

Edited by bluelurker, 21 July 2008 - 04:00 AM.


#7 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 20 July 2008 - 09:10 AM

Ok have rebooted my system and am still having the same problems as before.
So I guess I wait now for one of you guys to come and sort me out.
Learnt a lot from trying different things, so was not all lost

Edited by bluelurker, 21 July 2008 - 04:01 AM.


#8 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 20 July 2008 - 09:48 AM

Come on guys been waiting here for over 9 hours, I know ya busy and all, but let me know if any one is interested in helping me out here, please.
Cause Im seeing answers for other issues enteres well after I posted., is this a difficult issue to resolve?
Just let me know so I wont hang round waiting another 9 hours

Sorry for my impatiens just that been working on this for 9 hours and feel like Im getting know where, im sure you guys understand that feeling well enought. Will shut up now and wait for you guys to contact me.

HAve followed a few suggestions read in other posts and have solved some of the peoblems, as I have changed the original problem by using malware and spyware stuff I will re-enstate this post with the new hjt scans and kasp/scans. Will be patient this time and wait for some one to respond. Thanks for reading.

Edited by bluelurker, 21 July 2008 - 04:00 AM.


#9 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 21 July 2008 - 06:49 AM

Hi Guys and thanks for taking the time out to read this.
I started out with the dame problem as many others here with the "VIRUS ALERT!" in the task bar next to the time, and with the web pages opening up to virus type web pages looking for repairs. I also had some prompt windows popping up all the time as shown below.
Posted Image
Posted Image
I mainly use Firefox as a browser but all of a sudden ei started opening up with windows for virus scan webpages.
I had trouble with Firefox accessing your web pages and a snapshot of the resultant fault follows
Posted Image
Ok so that's where it all started, I did post this problem 2 days, ago I think it was about 2 days, but have since then followed some of the suggestions from other post with in this forum with some success. So here is what I have done so far

1. Ran spybot and adaware with some items being found
2. Ran AGV free many times till there were no virus found within its date page.
3. Cleaned my Cache and Cookies in IE, Firefox and temp folders
4. Run Systems mech and Ccleaner to remove any folders. files and reg problems
5. Malwarebytes' Anti-Malware a few times and the last found no infected files or folders
6. Shut down and restarted my system a few times during all this
7. Ran DSS. (will paste log at end of list)
8. Ran Kaspersky Online scanner (Will post log at end of list)
9. Ran spybot and adaware with both coming up clean as has avg

My symptons at the moment are that my system is running a little slow and the internet is very slow.
Still have access problems with Bleeping website using firefox. (Wonder if thats a Firefox thing)
And most recent scan with Kaspersky found 3 problems.
Malwarebytes anti-malware scan has found problems as well

Ok thats where I am at, at this present time

Here are the Kaspersky and dss logs
______________________________________________________________________________________
Monday, July 21, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 21, 2008 07:18:30
Records in database: 979828
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 145069
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 02:39:04

File name Threat name Threats count
C:\Documents and Settings\me\Desktop\SIDEBAR\TORRENT DOWNLOADS\sofware\systemsoft\AnyDVD 6.4.2.0 Final\AnyDVDtray.exe Infected: Trojan-Downloader.Win32.Tiny.brd 1
C:\Documents and Settings\me\Desktop\SIDEBAR\TORRENT DOWNLOADS\sofware\systemsoft\AnyDVD 6.4.2.0 Final\SetupAnyDVD6420.exe Infected: Trojan-Downloader.Win32.Tiny.brd 1
The selected area was scanned.
____________________________________________________________________________________

Malwarebytes' Anti-Malware 1.21
Database version: 969
Windows 5.1.2600 Service Pack 2

5:36:52 PM 20/07/2008
mbam-log-7-20-2008 (17-36-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 182105
Time elapsed: 1 hour(s), 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 13
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\byXQIywt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\elqthams.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\conjsg.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b52d7982-a18a-4c36-b192-64ed12b3b3a4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b52d7982-a18a-4c36-b192-64ed12b3b3a4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5cab719-b997-49ee-861e-c434849bddd9} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f5cab719-b997-49ee-861e-c434849bddd9} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8c6aacdd-4862-496c-ba20-d712ad679760} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6a4a71b0-36d2-4674-87af-288f60e3ec71} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a74cd9a1-9348-4b3f-87a4-4852c2ce802e} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxqiywt -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxqiywt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55277-OEM-0015591-65243) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\byXQIywt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\twyIQXyb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\twyIQXyb.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\conjsg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\elqthams.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\smahtqle.ini (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F5A59FD8-AEED-4F15-9BBB-2C9303EF7F9D}\RP37\A0002424.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F5A59FD8-AEED-4F15-9BBB-2C9303EF7F9D}\RP37\A0002425.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F5A59FD8-AEED-4F15-9BBB-2C9303EF7F9D}\RP37\A0002492.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\adwgtr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yhqvlvbw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lhfjegau.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\kgxmotapktx.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\me\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken.
____________________________________________________________________________________________

Deckard's System Scanner v20071014.68
Run by me on 2008-07-21 19:45:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as me.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:57 PM, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Photolightning\autodetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\me\Desktop\SIDEBAR\SYSTEM\dss.exe
C:\PROGRA~1\HIJACK~1\me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183871029750
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 6427 bytes

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-20 21:11:10 0 dr-h----- C:\Documents and Settings\me\Recent
2008-07-20 16:26:53 0 d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
2008-07-20 16:26:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 16:26:46 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 14:34:02 0 d-------- C:\Program Files\CCleaner
2008-07-20 07:37:35 93184 -----n--- C:\WINDOWS\system32\elqthams.dll
2008-07-20 07:34:41 116864 -----n--- C:\WINDOWS\system32\conjsg.dll
2008-07-20 01:23:26 0 d-------- C:\movies
2008-07-20 01:22:57 0 d-------- C:\Documents and Settings\me\Application Data\TmpRecentIcons
2008-07-15 19:39:23 0 d-------- C:\Program Files\iPod
2008-07-15 19:39:19 0 d-------- C:\Program Files\iTunes
2008-07-07 16:42:38 65536 --a------ C:\WINDOWS\Photolightning.SCR <Not Verified; Photolightning; Photolightning>
2008-07-07 16:40:19 0 d-------- C:\Program Files\Photolightning
2008-07-05 22:34:09 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-26 21:43:11 0 d-------- C:\Program Files\Apophysis 2.0
2008-06-22 10:55:17 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-07-21 19:45:45 0 d-------- C:\Documents and Settings\me\Application Data\uTorrent
2008-07-19 14:29:16 0 d-------- C:\Program Files\AllToAVI
2008-07-19 13:08:56 0 d-------- C:\Documents and Settings\me\Application Data\Adobe
2008-07-18 00:02:34 0 d-------- C:\Program Files\Movie Maker
2008-07-18 00:00:25 0 d-------- C:\Program Files\Lavasoft
2008-07-18 00:00:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 15:26:57 0 d-------- C:\Program Files\GRETECH
2008-07-15 19:38:25 0 d-------- C:\Program Files\Bonjour
2008-07-15 19:37:45 0 d-------- C:\Program Files\QuickTime
2008-07-12 09:40:12 0 d-------- C:\Documents and Settings\me\Application Data\Vso
2008-07-06 12:40:53 0 d-------- C:\Program Files\Google
2008-07-06 06:56:30 0 d-------- C:\Program Files\uTorrent
2008-06-26 19:22:51 0 d-------- C:\Program Files\PokerStars.NET
2008-06-24 20:03:31 0 d-------- C:\Program Files\Safari
2008-06-17 22:16:54 0 d-------- C:\Program Files\Photoshop
2008-06-12 12:13:50 0 d-------- C:\Documents and Settings\me\Application Data\Summitsoft
2008-06-12 01:05:15 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2008-06-11 02:41:12 0 d-------- C:\Documents and Settings\me\Application Data\DxO Labs
2008-06-11 02:40:43 0 d-------- C:\Documents and Settings\me\Application Data\PACE Anti-Piracy
2008-06-11 02:40:41 0 d-------- C:\Program Files\Common Files
2008-06-11 02:40:41 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-06-10 21:01:38 0 d-------- C:\Program Files\DxO Labs
2008-06-10 19:53:32 0 d-------- C:\Program Files\MSBuild
2008-06-10 19:53:25 0 d-------- C:\Program Files\Reference Assemblies
2008-06-10 19:49:18 0 d-------- C:\Program Files\MSXML 6.0
2008-06-10 19:46:51 0 d-------- C:\Program Files\InterLok
2008-06-10 19:08:02 0 d-------- C:\Documents and Settings\me\Application Data\Reallusion
2008-06-10 19:07:54 75 -r-hs---- C:\WINDOWS\FFSSET.BIN
2008-06-10 19:07:46 0 d-------- C:\Program Files\Reallusion
2008-06-10 19:07:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-10 16:45:31 0 d-------- C:\Program Files\Photo To Color Sketch
2008-06-10 16:12:13 0 d-------- C:\Program Files\intocartoonpro
2008-06-10 14:51:31 0 d-------- C:\Program Files\SuperGOO
2008-06-05 09:19:43 0 d-------- C:\Program Files\Apple Software Update
2008-05-31 20:21:14 0 d-------- C:\Program Files\Common Files\Xara
2008-05-31 20:21:02 0 d-------- C:\Program Files\Xara
2008-05-31 20:12:37 0 d-------- C:\Program Files\Portrait Professional Max 6
2008-05-31 20:10:03 0 d-------- C:\Documents and Settings\me\Application Data\Anthropics
2008-05-29 16:00:12 0 d-------- C:\Documents and Settings\me\Application Data\ACD Systems
2008-05-29 15:59:37 0 d-------- C:\Program Files\ACD Systems
2008-05-29 11:00:42 0 d-------- C:\Documents and Settings\me\Application Data\AVGTOOLBAR
2008-05-29 10:30:18 0 d-------- C:\Program Files\AVG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/07/2008 09:31 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20/05/2005 09:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/09/2005 03:35 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/07/2008 09:31 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/04/2007 06:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [31/01/2008 01:07 AM]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [31/01/2008 01:07 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 10:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Autodetect.lnk - C:\Program Files\Photolightning\autodetect.exe [7/07/2008 4:42:41 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4/11/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [4/11/2004 7:50:52 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoStartBanner"=01000000
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15/11/2007 05:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup




-- End of Deckard's System Scanner: finished at 2008-07-21 19:46:12 ------------

___________________________________________________________________________________________________

Ok thats about it will wait to hear from you guys. Thanks for just reading all that and for taking the time out to help.

Blue

Merged topics. ~ OB

Edited by Orange Blossom, 21 July 2008 - 03:29 PM.


#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:23 AM

Posted 27 July 2008 - 12:29 AM

Hello bluelurker,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your AVG Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( Iāā‚¬ā„¢ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


Please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 27 July 2008 - 11:59 AM

Hey SifuMike thanks for responding.
I will get on to this as soon as I can mate but with the time zone difference and my sudden work load it may be a few days between responses. Im sure you have lots of other people to help as well so I will get to this as quick as I can.

Thanks again mate

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:23 AM

Posted 27 July 2008 - 01:41 PM

Hi bluelurker,

That is OK, there is no rush. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:23 AM

Posted 31 July 2008 - 03:45 PM

Hey mate,

I had a complete system meltdown and ended up doing a complete clean and re-enstal of xp.
Took some time but all works well. Thank you for your time in helping guys keep up the good work.


Thanks again

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:23 AM

Posted 31 July 2008 - 04:35 PM

Sorry to hear you had to do a reformat and reinstall. I hope your computer continues to run smoothly.

Edited by SifuMike, 31 July 2008 - 04:36 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:23 AM

Posted 06 August 2008 - 09:55 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users