Spazio 78 Posted August 18, 2008 Report Share Posted August 18, 2008 HiA few days ago my computer got infected with the dreaded Virus AntiVirus XP 2008. After a day pacing through the internet and heeding peopls advice I finally managed to remove it......some parts manually and some using MalwareBytes, SuperAntispyware, Adaware and AVG......however my PC still has these viruses: Trojan-clicker.win32.tiny.hTrojan-downloader.win32.agent.bqTrojan-spy.win32.keylogger.aaTrojan-spy.win32.GreenScreenTrojan-spy.HTML.Bankfraud.dqand maybe more hiding that the above malware/spyware removal tools cant seem to locate/remove. My system is a little sluggish and when I connect to the internet I get a notice asking me to protect myself from one of the above viruses and then it directs me to a website where i can buy a removal tool...Anyhow...here is the Hijack this log>Logfile of HijackThis v1.99.1Scan saved at 16:16:02, on 18/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXEC:\Program Files\iPod Access for Windows\iPAHelper.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\Documents and Settings\All Users\Application Data\janyzefo\nstgvizc.exeC:\WINDOWS\system32\CTHELPER.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exeC:\WINDOWS\pwfotiji.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\rofonglc.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.bt.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.localR3 - Default URLSearchHook is missingO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"O4 - HKLM\..\Run: [actutil] C:\WINDOWS\pwfotiji.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [srvadmhlp] C:\WINDOWS\system32\rofonglc.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218194157406O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.inforiviera.it/new_webcam/AxisCamControl.ocxO17 - HKLM\System\CCS\Services\Tcpip\..\{7F5C7065-F040-478D-BB55-7546D55C5345}: NameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\..\{880163D6-89BB-4D06-BD15-0833CAB337EF}: NameServer = 192.168.0.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: aplui - {385B8ECE-4FBD-CE9E-E11D-041C4E3423C8} - C:\Program Files\gvdodoe\aplui.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXEO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeI would do a complete re-install if I could find the bloody disc to do it , so your help would be much appreciated. Thanks Link to post Share on other sites
Spazio 78 Posted August 23, 2008 Author Report Share Posted August 23, 2008 bump Link to post Share on other sites
sarahw Posted September 3, 2008 Report Share Posted September 3, 2008 Hi,Welcome to the siteI will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.I want you to show hidden files. There are instructions HERE to help you do this.You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time. Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. Link to post Share on other sites
sarahw Posted September 3, 2008 Report Share Posted September 3, 2008 1.Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).Click Scan.When the scan is complete, click OK, then Show Results to view the results.If Malware is found...Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to your desktop.NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:Launch Malwarebytes' Anti-Malware.Click the Logs tab.Double-click log-mm.dd.yyyy [xxxxxx].txt.In your next reply post the Malwarebytes' Anti-Malware log.2.Click HERE and run an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information into your next post. Link to post Share on other sites
Recommended Posts