Spazio 78

Members
 View Profile  See their activity

  • Content Count

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by Spazio 78

  2. Antivirus Xp 2008....can't Remove All Viruses![INACTIVE]

    in Malware Removal

    Posted

    Hi

    A few days ago my computer got infected with the dreaded Virus AntiVirus XP 2008. After a day pacing through the internet and heeding peopls advice I finally managed to remove it......some parts manually and some using MalwareBytes, SuperAntispyware, Adaware and AVG......however my PC still has these viruses:

    Trojan-clicker.win32.tiny.h

    Trojan-downloader.win32.agent.bq

    Trojan-spy.win32.keylogger.aa

    Trojan-spy.win32.GreenScreen

    Trojan-spy.HTML.Bankfraud.dq

    and maybe more hiding that the above malware/spyware removal tools cant seem to locate/remove. My system is a little sluggish and when I connect to the internet I get a notice asking me to protect myself from one of the above viruses and then it directs me to a website where i can buy a removal tool...

    Anyhow...here is the Hijack this log>

    Logfile of HijackThis v1.99.1

    Scan saved at 16:16:02, on 18/08/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

    C:\Program Files\iPod Access for Windows\iPAHelper.exe

    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    C:\Documents and Settings\All Users\Application Data\janyzefo\nstgvizc.exe

    C:\WINDOWS\system32\CTHELPER.EXE

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

    C:\WINDOWS\pwfotiji.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\WINDOWS\system32\rofonglc.exe

    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\MsPMSPSv.exe

    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.bt.yahoo.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

    R3 - Default URLSearchHook is missing

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

    O4 - HKLM\..\Run: [actutil] C:\WINDOWS\pwfotiji.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [srvadmhlp] C:\WINDOWS\system32\rofonglc.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218194157406

    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.inforiviera.it/new_webcam/AxisCamControl.ocx

    O17 - HKLM\System\CCS\Services\Tcpip\..\{7F5C7065-F040-478D-BB55-7546D55C5345}: NameServer = 192.168.0.1

    O17 - HKLM\System\CCS\Services\Tcpip\..\{880163D6-89BB-4D06-BD15-0833CAB337EF}: NameServer = 192.168.0.1

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: aplui - {385B8ECE-4FBD-CE9E-E11D-041C4E3423C8} - C:\Program Files\gvdodoe\aplui.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    I would do a complete re-install if I could find the bloody disc to do it :unsure: , so your help would be much appreciated. :thumbsup:

    Thanks