Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty sure its vundo.


  • This topic is locked This topic is locked
13 replies to this topic

#1 saucepan

saucepan

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 12 January 2009 - 06:56 AM

Hello, for a few weeks I have been getting constant pop-ups etc. I am 99% sure it is vundo. I do not know exactly when it began, but i think it was shortly before christmas. I have spent hours googling the web and nothing else seems to be doing me any favors. I'm not very good at understanding all the files etc. on my computer so I dare not try to get rid of this on my own as I would probably cause more harm than good. Hopefully you guys can help me and I would really appreciate it if you did. If you need anymore info. from me let me know and I'll get posting straight away!

I have used the MBAM several times and it keeps telling me it is vundo. After I have run the MBAM, the computer seems "ok" for a short ammount of time and then vundo kicks in again with all these annoying pop-ups etc. Please help me in removing it as it is driving me mad. Thanks, here is the log;


DDS (Ver_09-01-07.01) - NTFSx86
Run by Matt at 11:54:59.56 on 12/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1535.1060 [GMT 0:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DC4B162B-CEFE-4BE1-A7AE-6BE30AAB3C1D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRunOnce: [Trojan Remover] "c:\program files\trojan remover\RMVTRJAN.EXE" /restart
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
LSA: Notification Packages = scecli c:\windows\system32\wafatoto.dll c:\windows\system32\kagohaku.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-12-19 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-12-19 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-12-19 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-12-19 10760]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-12-19 271216]
R3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2007-7-5 171264]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-12-19 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-12-19 49664]
R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-12-19 406528]
R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-12-19 4960]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-29 206096]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-5 1174152]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-6-14 61504]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-6-14 86368]
Unknown4 trutil;trutil; [x]

=============== Created Last 30 ================

2009-01-12 11:31 279,040 a------- c:\windows\system32\ljJYPhEX.dll.vir
2009-01-12 11:30 47,023 a------- c:\windows\system32\drivers\senekaxwkbnyll.sys.vir
2009-01-12 11:23 14,336 a------- c:\windows\system32\senekathxdwfha.dll
2009-01-12 11:23 59 a------- c:\windows\system32\seneka.dat
2009-01-12 11:23 3 a------- c:\windows\system32\senekadf.dat
2009-01-12 11:17 29,613 a------- c:\windows\system32\senekasrqxnkop.dll
2009-01-12 11:17 2,587 a------- c:\windows\system32\senekalog.dat
2009-01-12 11:17 38,400 a------- c:\windows\system32\prunnet.exe.vir
2009-01-12 00:59 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-01-12 00:59 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-01-12 00:59 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-01-12 00:59 75,264 a------- c:\windows\system32\unacev2.dll
2009-01-12 00:59 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-01-12 00:59 <DIR> --d----- c:\program files\Trojan Remover
2009-01-12 00:59 <DIR> --d----- c:\docume~1\matt\applic~1\Simply Super Software
2009-01-12 00:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-01-11 17:24 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-11 17:24 1,409 a------- c:\windows\QTFont.for
2009-01-11 12:39 61,440 a------- c:\windows\system32\drivers\fsluoybk.sys
2009-01-08 18:50 754 a------- c:\windows\WORDPAD.INI
2009-01-07 16:58 61,440 a------- c:\windows\system32\drivers\rvikuhcy.sys
2009-01-01 15:15 61,440 a------- c:\windows\system32\drivers\ctjhyr.sys
2008-12-27 15:55 <DIR> --d----- c:\program files\Yahoo!
2008-12-27 15:55 <DIR> --d----- c:\program files\CCleaner
2008-12-27 15:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-27 14:25 <DIR> --dsh--- C:\found.002
2008-12-25 17:45 <DIR> --d----- c:\program files\common files\EasyInfo
2008-12-23 16:17 22,328 a------- c:\docume~1\matt\applic~1\PnkBstrK.sys
2008-12-23 15:29 <DIR> --d----- c:\program files\Activision
2008-12-22 21:00 0 a--sh--- c:\windows\system32\ditetiro.dll
2008-12-22 09:07 61,440 a------- c:\windows\system32\drivers\idfqvsl.sys
2008-12-22 00:18 <DIR> --d----- c:\docume~1\matt\applic~1\Malwarebytes
2008-12-22 00:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 00:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 00:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 00:37 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-16 00:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-15 22:42 1,353 a--sh--- c:\windows\system32\tDedNqru.ini2
2008-12-15 22:42 1,353 a--sh--- c:\windows\system32\tDedNqru.ini
2008-12-15 22:37 70,144 a------- c:\windows\system32\awtsSkLC.dll.vir

==================== Find3M ====================

2009-01-12 00:42 91,357 a------- c:\windows\system32\ronuruso.dll.vir
2009-01-12 00:42 103,199 a------- c:\windows\system32\biheseya.dll.vir
2008-12-27 20:32 137,688 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-27 20:32 202,040 a------- c:\windows\system32\PnkBstrB.exe
2008-12-23 18:42 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

============= FINISH: 11:55:12.81 ===============

Attached Files


Edited by saucepan, 12 January 2009 - 07:00 AM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 12 January 2009 - 03:01 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 12 January 2009 - 05:59 PM

New Hijackthis log;



DDS (Ver_09-01-07.01) - NTFSx86
Run by Matt at 22:58:02.57 on 12/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1535.994 [GMT 0:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-12-19 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-12-19 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-12-19 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-12-19 10760]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-12-19 271216]
R3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2007-7-5 171264]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-12-19 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-12-19 49664]
R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-12-19 406528]
R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-12-19 4960]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-29 206096]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-5 1174152]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-6-14 61504]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-6-14 86368]

=============== Created Last 30 ================

2009-01-12 22:39 161,792 a------- c:\windows\SWREG.exe
2009-01-12 22:39 98,816 a------- c:\windows\sed.exe
2009-01-12 15:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-12 11:30 47,023 a------- c:\windows\system32\drivers\senekaxwkbnyll.sys.vir
2009-01-12 11:17 38,400 a------- c:\windows\system32\prunnet.exe.vir
2009-01-12 00:59 <DIR> --d----- c:\program files\Trojan Remover
2009-01-12 00:59 <DIR> --d----- c:\docume~1\matt\applic~1\Simply Super Software
2009-01-11 17:24 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-11 17:24 1,409 a------- c:\windows\QTFont.for
2009-01-11 12:39 61,440 a------- c:\windows\system32\drivers\fsluoybk.sys
2009-01-08 18:50 754 a------- c:\windows\WORDPAD.INI
2009-01-07 16:58 61,440 a------- c:\windows\system32\drivers\rvikuhcy.sys
2009-01-01 15:15 61,440 a------- c:\windows\system32\drivers\ctjhyr.sys
2008-12-27 15:55 <DIR> --d----- c:\program files\Yahoo!
2008-12-27 15:55 <DIR> --d----- c:\program files\CCleaner
2008-12-27 15:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-27 14:25 <DIR> --dsh--- C:\found.002
2008-12-25 17:45 <DIR> --d----- c:\program files\common files\EasyInfo
2008-12-23 16:17 22,328 a------- c:\docume~1\matt\applic~1\PnkBstrK.sys
2008-12-23 15:29 <DIR> --d----- c:\program files\Activision
2008-12-22 09:07 61,440 a------- c:\windows\system32\drivers\idfqvsl.sys
2008-12-22 00:18 <DIR> --d----- c:\docume~1\matt\applic~1\Malwarebytes
2008-12-22 00:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 00:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 00:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 00:37 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-16 00:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-15 22:37 70,144 a------- c:\windows\system32\awtsSkLC.dll.vir

==================== Find3M ====================

2008-12-27 20:32 137,688 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-27 20:32 202,040 a------- c:\windows\system32\PnkBstrB.exe
2008-12-23 18:42 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

============= FINISH: 22:58:22.81 ===============

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 12 January 2009 - 11:02 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\drivers\senekaxwkbnyll.sys.vir
c:\windows\system32\prunnet.exe.vir
c:\windows\system32\drivers\fsluoybk.sys
c:\windows\system32\drivers\rvikuhcy.sys
c:\windows\system32\drivers\ctjhyr.sys
c:\windows\system32\drivers\idfqvsl.sys
c:\windows\system32\awtsSkLC.dll.vir

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 13 January 2009 - 06:37 AM

DDS (Ver_09-01-07.01) - NTFSx86
Run by Matt at 11:13:20.60 on 13/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1535.1016 [GMT 0:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-12-19 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-12-19 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-12-19 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-12-19 10760]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-12-19 271216]
R3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2007-7-5 171264]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-12-19 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-12-19 49664]
R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-12-19 406528]
R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-12-19 4960]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-29 206096]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-5 1174152]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-6-14 61504]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-6-14 86368]

=============== Created Last 30 ================

2009-01-12 22:39 161,792 a------- c:\windows\SWREG.exe
2009-01-12 22:39 98,816 a------- c:\windows\sed.exe
2009-01-12 15:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-12 00:59 <DIR> --d----- c:\program files\Trojan Remover
2009-01-12 00:59 <DIR> --d----- c:\docume~1\matt\applic~1\Simply Super Software
2009-01-11 17:24 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-11 17:24 1,409 a------- c:\windows\QTFont.for
2009-01-08 18:50 754 a------- c:\windows\WORDPAD.INI
2008-12-27 15:55 <DIR> --d----- c:\program files\Yahoo!
2008-12-27 15:55 <DIR> --d----- c:\program files\CCleaner
2008-12-27 15:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-27 14:25 <DIR> --dsh--- C:\found.002
2008-12-25 17:45 <DIR> --d----- c:\program files\common files\EasyInfo
2008-12-23 16:17 22,328 a------- c:\docume~1\matt\applic~1\PnkBstrK.sys
2008-12-23 15:29 <DIR> --d----- c:\program files\Activision
2008-12-22 00:18 <DIR> --d----- c:\docume~1\matt\applic~1\Malwarebytes
2008-12-22 00:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 00:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 00:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 00:37 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-16 00:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2008-12-27 20:32 137,688 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-27 20:32 202,040 a------- c:\windows\system32\PnkBstrB.exe
2008-12-23 18:42 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

============= FINISH: 11:13:39.42 ===============

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 January 2009 - 07:28 AM

Hello, your AVG7.5 is outdated and no longer support by Grisoft.. It has been replaced by AVG8.. I strongly suggest you to uninstall AVG7.5 and replace it with AVG8.. More info below..

AVG Anti-Virus Free Edition 8.0



Log looks good.. Lets do an online scan to see what's left..


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 13 January 2009 - 03:09 PM

Sorry about the late replies, I have been working a bit lately. So far so good though, haven't had any pop-ups or any of the things I experienced before. I will update my AVG now and then run the online scan and report back.

Thanks so much for your help!

#8 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 13 January 2009 - 08:34 PM

Sorry again for another late reply.

I have uninstalled AVG 7.5 and attempted to install AVG 8. However while installing i get this/these problems;

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Classes\AVG.AvgKernel: creating registry key....
Error 0x80070005
Warning: Action failed for registry key HKLM\SOFTWARE\Classes\AVG.Office: creating registry key....
Error 0x80070005
Warning: Action failed for registry key HKLM\SOFTWARE\Classes\AVG.Office\CLSID: creating registry key....
Internal error. Registry handle has not been opened.
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office\CLSID:: creating registry value....
Parent registry key for value creation has not been initialized.
Warning: Action failed for registry key HKLM\SOFTWARE\Classes\AVG.Office\CurVer: creating registry key....
Internal error. Registry handle has not been opened.
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office\CurVer:: creating registry value....
Parent registry key for value creation has not been initialized.
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office:: creating registry value....
Parent registry key for value creation has not been initialized.
Rollback:
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office\CLSID:: removing registry value....
Internal error. Registry handle has not been opened.
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office\CurVer:: removing registry value....
Internal error. Registry handle has not been opened.
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office:: removing registry value....
Internal error. Registry handle has not been opened.

If you could also help me resolve this I would be greatful as I don't want to leave my machine wide open to new threats.




Here is the log from the scan;

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3763 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9908df02c5abf24dbf1ee6fda98ab423
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-14 01:32:53
# local_time=2009-01-14 01:32:53 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=306306
# found=6
# scan_time=2774
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtsSkLC.dll.vir.vir Win32/BHO.NKQ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir.vir Win32/VB.NUJ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\guyuzera.dll.tmp Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\jadebaji.dll.tmp Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\vihobuwu.dll.tmp Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\wuduzuli.dll.tmp Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 January 2009 - 01:31 AM

Lets use other antivirus.. Install ONLY ONE of these...

Reboot the pc.. Then run RSIT again and post the log here

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 14 January 2009 - 06:52 AM

Hey, I have successfully installed the Avira anti-virus and it is updated etc.

What do you mean by the "RSIT" again?

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 January 2009 - 09:13 AM

Sorry.. My mistake.. run DDS again and post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 14 January 2009 - 10:25 AM

DDS (Ver_09-01-07.01) - NTFSx86
Run by Matt at 15:23:34.92 on 14/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1535.901 [GMT 0:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Steam\steamapps\saundario\tools\mIRC\mirc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\steam\steamapps\saundario\counter-strike\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-14 11840]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-14 52032]
R3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2007-7-5 171264]
R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-14 68865]
R4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-14 151297]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-29 206096]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-5 1174152]
R4 vsdatant;vsdatant; [x]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-6-14 61504]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-6-14 86368]

=============== Created Last 30 ================

2009-01-14 11:44 <DIR> --d----- c:\program files\Avira
2009-01-14 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-14 00:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-12 22:39 161,792 a------- c:\windows\SWREG.exe
2009-01-12 22:39 98,816 a------- c:\windows\sed.exe
2009-01-12 00:59 <DIR> --d----- c:\docume~1\matt\applic~1\Simply Super Software
2009-01-11 17:24 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-11 17:24 1,409 a------- c:\windows\QTFont.for
2009-01-08 18:50 754 a------- c:\windows\WORDPAD.INI
2008-12-27 15:55 <DIR> --d----- c:\program files\Yahoo!
2008-12-27 15:55 <DIR> --d----- c:\program files\CCleaner
2008-12-27 15:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-27 14:25 <DIR> --dsh--- C:\found.002
2008-12-25 17:45 <DIR> --d----- c:\program files\common files\EasyInfo
2008-12-23 16:17 22,328 a------- c:\docume~1\matt\applic~1\PnkBstrK.sys
2008-12-23 15:29 <DIR> --d----- c:\program files\Activision
2008-12-22 00:18 <DIR> --d----- c:\docume~1\matt\applic~1\Malwarebytes
2008-12-22 00:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 00:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 00:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 00:37 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-16 00:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2008-12-27 20:32 137,688 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-27 20:32 202,040 a------- c:\windows\system32\PnkBstrB.exe
2008-12-23 18:42 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 15:24:50.93 ===============

Attached Files



#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 January 2009 - 10:31 AM

Looks good to me.. Lets do some cleanup... :thumbsup:


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 14 January 2009 - 01:42 PM

I have run the clean up and now i will be taking a look at those articles to stop this happening again.


You are an absolute legend! The computer is running great. No problems what-so-ever. Feels like a new machine. I can't tell you how greatful I am for your help, I REALLY appreciate everything you have done. Also I would like to say thankyou to all the other guys / girls who help out around here. You are all amazing!

Running out of nice things to say now but I think you get the picture. :)

Once again, Thanks! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users