1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unable to remove trojan/virus/worm Disabling my system

Discussion in 'Virus & Other Malware Removal' started by Markos230, Apr 7, 2010.

Thread Status:
Not open for further replies.
  1. Markos230

    Markos230 Thread Starter

    Joined:
    Mar 11, 2009
    Messages:
    29
    Hello,

    I have been wrestling with many virus's which I cant seem to shake off. At one point my system was grounded to a halt and I was unable to enter windows at all even on safe mode (blue screen). I have done a windows repair which lets me back into windows but none of my antivirus/spyware removes can get rid of them, my avg went down adn SUPERantispyware is unable to update, Malwarebytes can update but is unable to permanently remove them, I have tried IObit security 360 and thats doing jus tthe same. Since the windows repair i seem to be back at sp1 on windows zp home and unable to update. (through internet). I think all the key sites are being blocked . other notes, some exe files no longer work and my "add/remove programs is empty?"

    My system is Windows XP Home (SP1 now...) Intel Q6600 2.4 ghz and nvidia 8800GT

    here is my HJT log, Thanks in advance.


    Logfile of HijackThis v1.99.1
    Scan saved at 00:55:46, on 08/04/2010
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    G:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    G:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\TEMP\VRT1.tmp
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\WINDOWS\System32\rundll32.exe
    G:\Program Files\Razer\DeathAdder\razerhid.exe
    C:\WINDOWS\System32\RunDLL32.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    G:\Program Files\IObit\IObit Security 360\IS360tray.exe
    C:\WINDOWS\System32\ctfmon.exe
    G:\Program Files\Razer\DeathAdder\razertra.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    G:\Program Files\Razer\DeathAdder\razerofa.exe
    G:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    O4 - HKLM\..\Run: [DeathAdder] G:\Program Files\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] G:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [fzwkht] RUNDLL32.EXE C:\WINDOWS\System32\msuqddft.dll,w
    O4 - HKLM\..\Run: [IObit Security 360] "G:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Security Toolbar Service - Unknown owner - G:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: IS360service - IObit - G:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: peresvc Service (peresvc) - Unknown owner - C:\WINDOWS\System32\PereSvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    Thanks again
     
  2. Markos230

    Markos230 Thread Starter

    Joined:
    Mar 11, 2009
    Messages:
    29
    Hey, after getting quite bad again I decided to fortmat my C:\ drive and try a fresh install after many drivers started to fail and I lost sound completly (reinstalling drivers did not help). After the fresh install I was fine for a few hours before the virus's made a re-appearence. Probably hanging onto my other hard drives which I did not want to format. Although this time I managed to get in a few updates before it hit the fan again. Updated SUPERantispyware and malwarebytes removes allot but they reappear. Althought SUPERantispyware is now blocked from updating and many websites such as microsoft.com are blocked with many redirects when entering other sites.

    think main problems are removing VRT1.tmp, PereSvc.exe and W.exe

    so new system details are:

    Windows XP Home (SP2) Intel Q6600 2.4 ghz and nvidia 8800GT

    NewHJT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 19:44:47, on 09/04/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Razer\DeathAdder\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Razer\DeathAdder\razertra.exe
    C:\Program Files\Razer\DeathAdder\razerofa.exe
    C:\WINDOWS\system32\wpabaln.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\w.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\fonts\services.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\PereSvc.exe
    C:\WINDOWS\system32\7362.exe
    E:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [fzwkht] RUNDLL32.EXE C:\WINDOWS\system32\msuqddft.dll,w
    O4 - HKLM\..\Run: [aholbs] RUNDLL32.EXE C:\WINDOWS\system32\msepdlkp.dll,w
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: peresvc Service (peresvc) - Neto systems - C:\WINDOWS\system32\PereSvc.exe


    ps I need to keep re scanning and deleting to keep this pc going but I have a Mac book to keep an eye on the thread ;) Although I really need the pc power for my video rendering work ;)

    pps thanks again
     
  3. Markos230

    Markos230 Thread Starter

    Joined:
    Mar 11, 2009
    Messages:
    29
    Still having allot of trouble with this, can anybody help please?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915457

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice