Hi,
You are running an outdated version of HijackThis. Also you have not posted the AVG Antispyware log as an attachment.
You can obtain both programs from the links in my signature. Please download them before going on with the following steps.
You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how
HERE
Next turn on "Show all files and folders, including hidden and system". See how
HERE
Go to start > run and type services.msc. Press the enter key.
Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
InfoData
SManager
CTDrive
AVP
Jcim
Sen
Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:
smanager.7.exe
avp.exe
services.exe
rundll.exe
After that,
run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\nmgyqaqc.dll",realset
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfib.dll,startup
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKCU\..\Run: [Jcim] "C:\Documents and Settings\Singh\Application Data\??sks\services.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Singh\APPLIC~1\SCURIT~1\rundll.exe" -vt ndrv
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
Close HJT.
Navigate in Windows Explorer and delete the following
files and
folders in
bold.
C:\WINDOWS\system32\
nmgyqaqc.dll
C:\WINDOWS\
smanager.7.exe
C:\WINDOWS\system32\
drvfib.dll
C:\WINDOWS\system32\
avp.exe
C:\Documents and Settings\Singh\Application Data\??sks\
services.exe
C:\DOCUME~1\Singh\APPLIC~1\SCURIT~1\
rundll.exe
Reboot into normal mode and rehide your protected OS files.
Please visit this link http://virusscan.jotti.org/
Click the
Browse... button and navigate to the following file:
C:\Program Files\vbuzzer\VBuzzer.exe
Click
Open
Also, do the same for:
C:/Program Files/Wengo/wengophone.exe
Please let me know the results.
Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.
Regards,
Your friendly Momok =)
This thread is for the use of ambarsaria only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.