[delboy2028]

i hve thisvirus on my windows vista machine i can not git rid of it i have tried adaware i have tried nod32 i have tried everthing i have tried manualy deleteing the file it just aint working i am stuck confused whateva u wonna call it it bugging the hell out of me i got it on msn messenger when i logged on somone left me an offline msg with a link i never clicked the link i knw better than that but it infected vista any way here is my hijack this log, i have even tried nod32 undll program and that wont even get the infected dll file off the system i need help please lol




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:21, on 30/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIA IE.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <Link hidden. Register for free to see this link!>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <Link hidden. Register for free to see this link!>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: bigmaq Toolbar - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O1 - Hosts: ::1 localhost
O2 - BHO: {61072721-1971-3979-0594-bb6f4826e923} - {329e6284-f6bb-4950-9793-179112727016} - C:\Windows\system32\pxqtjlsa.dll
O2 - BHO: (no name) - {5B8307B3-B75E-4217-9B4A-A72CD3EFC1C2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: bigmaq Toolbar - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O2 - BHO: (no name) - {DE856D34-75E1-4F7F-A89C-A0FDA324F057} - C:\Windows\system32\mlJDvSKe.dll
O3 - Toolbar: bigmaq Toolbar - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqRJApm.dll,#1
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [BM11f62ce8] Rundll32.exe "C:\Windows\system32\uqdgqgex.dll",s
O4 - HKLM\..\Run: [12c51f74] rundll32.exe "C:\Windows\system32\pgyfqdhl.dll",b
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE /FU "C:\Windows\TEMP\E_S39A5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\DANIEL~1\AppData\Local\Temp\DX9\SessionLa uncher.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6199 bytes

[evilfantasy]

Yes you certainly have quite a few nasties on the PC.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• <Link hidden. Register for free to see this link!>
• <Link hidden. Register for free to see this link!>
• <Link hidden. Register for free to see this link!>

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click <Link hidden. Register for free to see this link!> to see a list of security programs that should be disabled and how to disable them.
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
• Double click combofix.exe & follow the prompts.
  • Choose Yes to accept the Disclaimers.[
• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

---------

Next post please add
Combofix log