Hi there,
The other night, while google image searching, I got asked to install an activex control. Not to intelligently, I allowed the install and all hell broke loose. My webbrowser was redirected to some fake antivirus software page and a scanner installed on my pc. I removed the scanner through add/remove programs. Then the little windows warning symbol came up saying that I may have been infected by spyware. So I downloaded avg free edition (I didnt have an anti virus) and it installed and scanned finding nothing. I tried to update avg as it said that I was not protected because I had no updates. And my pc froze,,,,,,,,,
Following a reboot, I cannot open My computer, internet explorer, avg etc. And the few programs that do load up, do not run properly. And I cannot access the internet. Oh and avg popped up saying it had discovered a trojan, but the window was incomplete and the pc froze again.
I downloaded the gmer.exe and dds.exe from the links in this forum and had to transfer them via flashdrive to my pc in safemode.
The programs wont run in normal startup so I ran them in safe mode too.
I am running windows xp media center edition 2005.
I have also run avg several times in safe mode and found nothing.
Heres the dds
DDS (Version 1.0) - NTFSx86 MINIMAL
Run by Xander Cage at 12:45:19.05 on 03/12/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.371 [GMT 0:00]
============== Running Processes ===============
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Xander Cage\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = about
:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*
http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*
http://uk.search.yahoo.com/
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\program files\avg\avg8\avgssie.dll
BHO: {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - d:\program files\webmediaviewer\hpmun.dll
BHO: {95E9BCC0-2E84-4500-8A9C-0B7A96769124} - d:\program files\anvtrgrsoftware\AnvTrgrWarning.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - d:\program files\webmediaviewer\browseul.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [AnvTrgr] "d:\program files\anvtrgrsoftware\AnvTrgr.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
mExplorerRun: [VMware hptray] d:\program files\webmediaviewer\hpmon.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} -
http://www.expresstoolie.com/redirect.php
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} -
http://www.expresstoolie.com/redirect.php
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
============= SERVICES / DRIVERS ===============
S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-12-2 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2008-12-2 26824]
S2 A5C7DA6261682860;A5C7DA6261682860;\??\d:\documents and settings\xander cage\desktop\a5c7da6261682860\A5C7DA6261682860 []
S2 avg8wd;AVG Free8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-2 231704]
S2 LicCtrlService;LicCtrl Service;d:\windows\runservice.exe [2008-9-5 2560]
S3 ati2mtaa;ati2mtaa;d:\windows\system32\drivers\ati2mtaa.sys [2008-2-29 327040]
=============== Created Last 30 ================
2008-12-03 12:16 250 a------- d:\windows\gmer.ini
2008-12-03 11:49 <DIR> --d----- d:\docume~1\xander~1\applic~1\Malwarebytes
2008-12-03 11:48 15,504 a------- d:\windows\system32\drivers\mbam.sys
2008-12-03 11:48 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 11:48 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2008-12-03 11:48 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-02 01:39 <DIR> --d-h--- D:\$AVG8.VAULT$
2008-12-02 01:23 10,520 a------- d:\windows\system32\avgrsstx.dll
2008-12-02 01:22 97,928 a------- d:\windows\system32\drivers\avgldx86.sys
2008-12-02 01:22 <DIR> --d----- d:\windows\system32\drivers\Avg
2008-12-02 01:22 <DIR> --d----- d:\docume~1\xander~1\applic~1\AVGTOOLBAR
2008-12-02 01:01 <DIR> --d----- d:\program files\WebMediaViewer
2008-11-26 00:59 <DIR> --d----- d:\program files\Utherverse Digital Inc
2008-11-18 00:19 <DIR> --d----- d:\program files\DownloadToolz
2008-11-15 18:50 78,464 ac------ d:\windows\system32\dllcache\usbvideo.sys
2008-11-15 18:50 20,992 ac------ d:\windows\system32\dllcache\dshowext.ax
2008-11-15 18:50 78,464 a------- d:\windows\system32\drivers\usbvideo.sys
2008-11-15 18:50 20,992 a------- d:\windows\system32\dshowext.ax
2008-11-15 01:23 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Avg8
2008-11-12 17:34 453,632 -c------ d:\windows\system32\dllcache\mrxsmb.sys
==================== Find3M ====================
2008-12-02 00:57 <DIR> --d----- d:\docume~1\xander~1\applic~1\uTorrent
2008-12-01 09:52 15,360 a--s---- d:\windows\system32\cwegus.dll
2008-10-30 17:27 <DIR> --d----- d:\program files\Pinnacle
2008-10-30 11:18 <DIR> --d----- d:\program files\Messenger
2008-10-30 07:43 <DIR> --d----- d:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-30 07:31 <DIR> --d----- d:\program files\MSXML 4.0
2008-10-28 20:36 <DIR> --d----- d:\program files\common files\Logitech
2008-10-16 14:06 268,648 a------- d:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- d:\windows\system32\muweb.dll
2008-10-15 09:11 <DIR> --d----- d:\program files\MUSHclient
2008-10-13 02:22 <DIR> --d----- d:\program files\K-Lite Codec Pack
2008-09-30 16:43 1,286,152 a------- d:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 a------- d:\windows\system32\win32k.sys
2008-09-14 22:39 43,520 a------- d:\windows\system32\CmdLineExt03.dll
2008-09-05 20:23 45,056 a------- d:\windows\mmfs.dll
2008-09-05 20:23 2,560 a------- d:\windows\Runservice.exe
2008-09-04 16:42 1,106,944 a------- d:\windows\system32\msxml3.dll
============= FINISH: 12:45:54.61 ===============
Any and all help greatly appreciated
Oh yeah, dont know if its important, but If I load iexplorer, it shows on the taskmanager menu, but cannot be seen or use otherwise, and there are 2 or 3 of the same program in taskmanager that I havnt seen before, hmop or something like that. And in add remove programs there is an ieplorer add on with no file size. And if you try to remove it, it says you must restart before uninstalling it. Queue an endless loop of restarting before uninstalling etc.