Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 2.2.2025 / 06:12
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > winantiviruspro/sysprotect problem .. vundo help!
Show topics
 
Forums
Forums
WinAntivirusPro/SysProtect problem .. Vundo help!
  Jump to:
 
Posted Message
We3xY
Newbie
_ 		24. August 2006 @ 17:24 _ Link to this message    Send private message to this user   
Hi I have read lots of posts and soloutions for this problem and am pretty sure that this is the problem that i have, i read how you guys told other people to fix this but i dont want to do any damage t my system so i thought it would be better if I made this new thread.

Here is my Hijack This Log.. Thanx


Logfile of HijackThis v1.99.1
Scan saved at 02:23:33, on 25/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Chris\Desktop\My Videos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CD9B7812-74BD-4DA3-A02A-79C8E25A2AED} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Gmyqfcw] C:\Program Files\Fcuamf\Lfyhxj.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bone title flag joy] C:\Documents and Settings\All Users\Application Data\Settings Heck Bone Title\PureThis.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [livesect] C:\DOCUME~1\Chris\APPLIC~1\USERLO~1\Scrthe.exe
O4 - HKCU\..\Run: [KotqRVaFP] nerbvm60.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/0b303dcb9df0fd/player.virtool...
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E26F7E28-45D5-4655-8B8E-654566864029}: NameServer = 212.74.114.129 212.74.112.67
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		24. August 2006 @ 20:08 _ Link to this message    Send private message to this user   
Go here http://www.atribune.org/ccount/click.php?id=4 download VundoFix.exe to your desktop.

Open VundoFix.exe
Put a check next to Run VundoFix as a task.
Prompt about close adn reopen. Click OK.
After reopen, click Scan for Vundo.
When finish, click Remove Vundo.
Prompt - remove. Click OK.
Your desktop will go blank as it starts removal.
Prompt for shutdown. Click OK.
Post new HijackThis log along with C:\vundofix.txt.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
We3xY
Newbie
_ 		25. August 2006 @ 06:37 _ Link to this message    Send private message to this user   
Here is vundofix.txt, when it was removing it said that SSQPP.dll could not be deleted , is this a problem???


VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 15:16:00 25/08/2006

Listing files found while scanning....

C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\ppqss.tmp
C:\WINDOWS\system32\wvuuspn.dll
C:\WINDOWS\system32\bjgnkqfk.exe
C:\WINDOWS\system32\brbvbcav.exe
C:\WINDOWS\system32\idjbhjoy.exe
C:\WINDOWS\system32\insensed.exe
C:\WINDOWS\system32\jvxwllxf.exe
C:\WINDOWS\system32\mvajefbu.exe
C:\WINDOWS\system32\tcmfwnqb.exe
C:\WINDOWS\system32\tcxmlltl.exe
C:\WINDOWS\system32\uxwbyylu.exe
C:\WINDOWS\system32\vperiylp.exe
C:\WINDOWS\system32\yhipqusy.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\ppqss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.tmp
C:\WINDOWS\system32\ppqss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuuspn.dll
C:\WINDOWS\system32\wvuuspn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bjgnkqfk.exe
C:\WINDOWS\system32\bjgnkqfk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\brbvbcav.exe
C:\WINDOWS\system32\brbvbcav.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\idjbhjoy.exe
C:\WINDOWS\system32\idjbhjoy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\insensed.exe
C:\WINDOWS\system32\insensed.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jvxwllxf.exe
C:\WINDOWS\system32\jvxwllxf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mvajefbu.exe
C:\WINDOWS\system32\mvajefbu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tcmfwnqb.exe
C:\WINDOWS\system32\tcmfwnqb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tcxmlltl.exe
C:\WINDOWS\system32\tcxmlltl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uxwbyylu.exe
C:\WINDOWS\system32\uxwbyylu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vperiylp.exe
C:\WINDOWS\system32\vperiylp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yhipqusy.exe
C:\WINDOWS\system32\yhipqusy.exe Has been deleted!

Performing Repairs to the registry.
Done!




Here is my new H/J this log




Logfile of HijackThis v1.99.1
Scan saved at 15:33:56, on 25/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\My Videos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CD9B7812-74BD-4DA3-A02A-79C8E25A2AED} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Gmyqfcw] C:\Program Files\Fcuamf\Lfyhxj.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bone title flag joy] C:\Documents and Settings\All Users\Application Data\Settings Heck Bone Title\PureThis.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [livesect] C:\DOCUME~1\Chris\APPLIC~1\USERLO~1\Scrthe.exe
O4 - HKCU\..\Run: [KotqRVaFP] nerbvm60.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/0b303dcb9df0fd/player.virtool...
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E26F7E28-45D5-4655-8B8E-654566864029}: NameServer = 212.74.114.129 212.74.112.66
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
Niobis
Senior Member
_ 		25. August 2006 @ 23:53 _ Link to this message    Send private message to this user   
Go here http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Save the file to your desktop.
Close all windows.
Run VirtumundoBeGone.exe
Read the introductory information, and then click Continue.
Click Start.
When asked if you want to continue, click Yes to run the fix
Click "Save Log"

Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.

A log is created named VBG.TXT and will be on located on your desktop. Save it.

Empty Recycle Bin.

Restart your computer.
Post a new HijackThis log along with the VBG.txt.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
We3xY
Newbie
_ 		26. August 2006 @ 08:40 _ Link to this message    Send private message to this user   
ok.. here is the VBG log that io found on my desktop but i didnt get a BSOD, my pc just froze instead so i rebooted, i dnt know if i let VBG have enough time to work.


[08/26/2006, 14:31:20] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Chris\Desktop\VirtumundoBeGone.exe" )
[08/26/2006, 14:31:26] - Detected System Information:
[08/26/2006, 14:31:26] - Windows Version: 5.1.2600, Service Pack 2
[08/26/2006, 14:31:26] - Current Username: Chris (Admin)
[08/26/2006, 14:31:26] - Windows is in NORMAL mode.
[08/26/2006, 14:31:26] - Searching for Browser Helper Objects:
[08/26/2006, 14:31:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/26/2006, 14:31:26] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/26/2006, 14:31:26] - BHO 3: {7a932ed2-1737-4ab8-b84d-c71779958551} (Nothing)
[08/26/2006, 14:31:26] - BHO 4: {B4EE39A5-0942-483B-8064-EE8753341DA0} ()
[08/26/2006, 14:31:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2006, 14:31:26] - Checking for HKLM\...\Winlogon\Notify\ssqpp
[08/26/2006, 14:31:26] - Found: HKLM\...\Winlogon\Notify\ssqpp - This is probably Virtumundo.
[08/26/2006, 14:31:26] - Assigning {B4EE39A5-0942-483B-8064-EE8753341DA0} MSEvents Object
[08/26/2006, 14:31:26] - BHO list has been changed! Starting over...
[08/26/2006, 14:31:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/26/2006, 14:31:26] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/26/2006, 14:31:26] - BHO 3: {7a932ed2-1737-4ab8-b84d-c71779958551} (Nothing)
[08/26/2006, 14:31:26] - BHO 4: {B4EE39A5-0942-483B-8064-EE8753341DA0} (MSEvents Object)
[08/26/2006, 14:31:26] - ALERT: Found MSEvents Object!
[08/26/2006, 14:31:26] - BHO 5: {E21A202B-3225-A8C9-4DCE-60D9E5DD828B} ()
[08/26/2006, 14:31:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2006, 14:31:26] - Checking for HKLM\...\Winlogon\Notify\Vga Peak
[08/26/2006, 14:31:26] - Key not found: HKLM\...\Winlogon\Notify\Vga Peak, continuing.
[08/26/2006, 14:31:26] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[08/26/2006, 14:31:26] - Finished Searching Browser Helper Objects
[08/26/2006, 14:31:26] - *** Detected MSEvents Object
[08/26/2006, 14:31:26] - Trying to remove MSEvents Object...
[08/26/2006, 14:31:27] - Terminating Process: IEXPLORE.EXE
[08/26/2006, 14:31:28] - Terminating Process: RUNDLL32.EXE
[08/26/2006, 14:31:28] - Disabling Automatic Shell Restart
[08/26/2006, 14:31:28] - Terminating Process: EXPLORER.EXE
[08/26/2006, 14:31:28] - Suspending the NT Session Manager System Service
[08/26/2006, 14:31:28] - Terminating Windows NT Logon/Logoff Manager



and this is new hijack this




Logfile of HijackThis v1.99.1
Scan saved at 17:39:53, on 26/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CD9B7812-74BD-4DA3-A02A-79C8E25A2AED} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Gmyqfcw] C:\Program Files\Fcuamf\Lfyhxj.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bone title flag joy] C:\Documents and Settings\All Users\Application Data\Settings Heck Bone Title\PureThis.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [livesect] C:\DOCUME~1\Chris\APPLIC~1\USERLO~1\Scrthe.exe
O4 - HKCU\..\Run: [KotqRVaFP] nerbvm60.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/0b303dcb9df0fd/player.virtool...
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E26F7E28-45D5-4655-8B8E-654566864029}: NameServer = 212.74.114.129 212.74.112.67
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
Niobis
Senior Member
_ 		26. August 2006 @ 18:18 _ Link to this message    Send private message to this user   
You should have let it finish. Run it again and if see the blank screen for over 30 minutes then restart.

...Still seeing bad entries in your log so, try that first then we'll work on the others.


[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
We3xY
Newbie
_ 		27. August 2006 @ 09:16 _ Link to this message    Send private message to this user   
OK here is my VBG.txt and new HJ/this log. By The Way since i used VUNDOFIX i havent had any popups from WinAntivirus Pro or Sysprotect. I probably have other problems too tho. :(




[08/27/2006, 17:54:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Chris\Desktop\VirtumundoBeGone.exe" )
[08/27/2006, 17:54:12] - Detected System Information:
[08/27/2006, 17:54:12] - Windows Version: 5.1.2600, Service Pack 2
[08/27/2006, 17:54:12] - Current Username: Chris (Admin)
[08/27/2006, 17:54:12] - Windows is in NORMAL mode.
[08/27/2006, 17:54:12] - Searching for Browser Helper Objects:
[08/27/2006, 17:54:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/27/2006, 17:54:12] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/27/2006, 17:54:12] - BHO 3: {7a932ed2-1737-4ab8-b84d-c71779958551} (Nothing)
[08/27/2006, 17:54:12] - BHO 4: {7F6E5BD4-6BC6-4861-80B8-2A5F3913ADB7} ()
[08/27/2006, 17:54:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/27/2006, 17:54:12] - Checking for HKLM\...\Winlogon\Notify\ssqpp
[08/27/2006, 17:54:12] - Found: HKLM\...\Winlogon\Notify\ssqpp - This is probably Virtumundo.
[08/27/2006, 17:54:12] - Assigning {7F6E5BD4-6BC6-4861-80B8-2A5F3913ADB7} MSEvents Object
[08/27/2006, 17:54:12] - BHO list has been changed! Starting over...
[08/27/2006, 17:54:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/27/2006, 17:54:12] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/27/2006, 17:54:12] - BHO 3: {7a932ed2-1737-4ab8-b84d-c71779958551} (Nothing)
[08/27/2006, 17:54:12] - BHO 4: {7F6E5BD4-6BC6-4861-80B8-2A5F3913ADB7} (MSEvents Object)
[08/27/2006, 17:54:12] - ALERT: Found MSEvents Object!
[08/27/2006, 17:54:12] - BHO 5: {E21A202B-3225-A8C9-4DCE-60D9E5DD828B} ()
[08/27/2006, 17:54:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/27/2006, 17:54:12] - Checking for HKLM\...\Winlogon\Notify\Vga Peak
[08/27/2006, 17:54:12] - Key not found: HKLM\...\Winlogon\Notify\Vga Peak, continuing.
[08/27/2006, 17:54:12] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[08/27/2006, 17:54:12] - Finished Searching Browser Helper Objects
[08/27/2006, 17:54:12] - *** Detected MSEvents Object
[08/27/2006, 17:54:12] - Trying to remove MSEvents Object...
[08/27/2006, 17:54:13] - Terminating Process: IEXPLORE.EXE
[08/27/2006, 17:54:13] - Terminating Process: RUNDLL32.EXE
[08/27/2006, 17:54:13] - Disabling Automatic Shell Restart
[08/27/2006, 17:54:13] - Terminating Process: EXPLORER.EXE
[08/27/2006, 17:54:14] - Suspending the NT Session Manager System Service
[08/27/2006, 17:54:14] - Terminating Windows NT Logon/Logoff Manager
[08/27/2006, 17:59:42] - Re-enabling Automatic Shell Restart
[08/27/2006, 17:59:42] - File to disable: C:\WINDOWS\system32\ssqpp.dll
[08/27/2006, 17:59:42] - Renaming C:\WINDOWS\system32\ssqpp.dll -> C:\WINDOWS\system32\ssqpp.dll.vir
[08/27/2006, 17:59:42] - File successfully renamed!
[08/27/2006, 17:59:42] - Removing HKLM\...\Browser Helper Objects\{7F6E5BD4-6BC6-4861-80B8-2A5F3913ADB7}
[08/27/2006, 17:59:42] - Removing HKCR\CLSID\{7F6E5BD4-6BC6-4861-80B8-2A5F3913ADB7}
[08/27/2006, 17:59:42] - Adding Kill Bit for ActiveX for GUID: {7F6E5BD4-6BC6-4861-80B8-2A5F3913ADB7}
[08/27/2006, 17:59:42] - Deleting ATLEvents/MSEvents Registry entries
[08/27/2006, 17:59:42] - Removing HKLM\...\Winlogon\Notify\ssqpp
[08/27/2006, 17:59:42] - Searching for Browser Helper Objects:
[08/27/2006, 17:59:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/27/2006, 17:59:42] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/27/2006, 17:59:42] - BHO 3: {7a932ed2-1737-4ab8-b84d-c71779958551} (Nothing)
[08/27/2006, 17:59:42] - BHO 4: {E21A202B-3225-A8C9-4DCE-60D9E5DD828B} ()
[08/27/2006, 17:59:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/27/2006, 17:59:42] - Checking for HKLM\...\Winlogon\Notify\Vga Peak
[08/27/2006, 17:59:42] - Key not found: HKLM\...\Winlogon\Notify\Vga Peak, continuing.
[08/27/2006, 17:59:42] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[08/27/2006, 17:59:42] - Finished Searching Browser Helper Objects
[08/27/2006, 17:59:42] - Finishing up...
[08/27/2006, 17:59:42] - A restart is needed.
[08/27/2006, 17:59:42] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[08/27/2006, 18:00:49] - Attempting to Restart via STOP error (Blue Screen!)
















Logfile of HijackThis v1.99.1
Scan saved at 18:10:50, on 27/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CD9B7812-74BD-4DA3-A02A-79C8E25A2AED} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp6E55.tmp (file missing)
O2 - BHO: (no name) - {E21A202B-3225-A8C9-4DCE-60D9E5DD828B} - C:\DOCUME~1\Chris\APPLIC~1\MOVEMA~1\Vga Peak.exe
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Gmyqfcw] C:\Program Files\Fcuamf\Lfyhxj.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bone title flag joy] C:\Documents and Settings\All Users\Application Data\Settings Heck Bone Title\PureThis.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [livesect] C:\DOCUME~1\Chris\APPLIC~1\USERLO~1\Scrthe.exe
O4 - HKCU\..\Run: [KotqRVaFP] nerbvm60.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/0b303dcb9df0fd/player.virtool...
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E26F7E28-45D5-4655-8B8E-654566864029}: NameServer = 80.225.255.185 80.225.255.177
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O20 - Winlogon Notify: zopenssl - zopenssl.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
We3xY
Newbie
_ 		30. August 2006 @ 10:55 _ Link to this message    Send private message to this user   
?
[ + quote]
thugs121
Member
_ 		30. August 2006 @ 11:24 _ Link to this message    Send private message to this user   
You're still infected with SysProtect and IBIS Toolbar...

Download Crap Cleaner: http://filehippo.com/download_ccleaner/

- Do not install the Yahoo! tool bar if you do not want it. (during installation)

Download Ewido Anti-Spyware: http://filehippo.com/download_ewido/

- Install Ewido, update for the latest signatures (your firewall may alert you that Ewido wants to connect to the internet, you can allow it), but do not scan yet...

Close all browsers, run CCleaner. Choose Run Cleaner on the bottom right. A pop-up will appear alerting that by deleting, you may not recover it. Choose Ok and let it do its job. Depending onw how much stuff you've accumulated, it may take a few moments.

After that, close CCleaner, run Ewido, choose Scanner (top left), then choose Complete System Scan. When it is done scanning, choose to quarantine objects found and set it to "apply" to all infections...

After that, reboot (Ewido might prompt you for a reboot) your computer, post a new Hijack This log and your log from Ewido.
[ + quote]






- Ideal way to deal with the MPAA~RIAA

This message has been edited since posting. Last time this message was edited on 30. August 2006 @ 11:27
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		30. August 2006 @ 14:51 _ Link to this message    Send private message to this user   
You should run Ewido in safe mode for best results.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > winantiviruspro/sysprotect problem .. vundo help!
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork