1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

wow been trying toi fix this for days need help!

Discussion in 'Virus & Other Malware Removal' started by khyto, Jul 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. khyto

    khyto Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    2
    okay so out of nowhere my comoputer is infested with god knows what ,i scan with trend micro ,and various other anto spy ware systems ,i destroy 100's of detections , Pareto logic detects vondo trojan everytime i start my computer, il delete it and next time i shut down and start up its there again.

    everytime i go on the next everything goes slow and trend micro comes up woith a hacker/ proxy something and not to visit the website but im not ,what do i do?? ?anyone encounter this problem? my computer is running alot better now but use to be running mega slow.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:43:56 PM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\WINDOWS\system32\jftrhwgv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\Powers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\PROGRA~1\McAfee\COMMON~1\naPrdMgr.exe
    C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
    C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
    C:\Program Files\McAfee\AntiSpyware Enterprise\shstat.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
    C:\Documents and Settings\Owner\Desktop\Mother\Khyle's Drive\Security\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
    O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [DRam prosessor] rBot.exe
    O4 - HKLM\..\Run: [McAfee Online Virus Scanner] avp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [GPLv3] "rundll32.exe" "C:\WINDOWS\system32\kehxjxos.dll",realset
    O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\Powers.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\PROGRA~1\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [DataLayer] "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\RunServices: [McAfee Online Virus Scanner] avp.exe
    O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - HKCU\..\Run: [UnHackMe Monitor] "C:\Program Files\UnHackMe\hackmon.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8028A9C4-8B5F-47E4-822E-14DD84FD105B}: Domain = nsw.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE774071-8CA5-40B1-8EB2-03980769347C}: Domain = nsw.bigpond.net.au
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - (no file)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - (no file)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\jftrhwgv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.

    Download hijack this from the link below.Please do this. Click here:

    http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

    to download HijackThis. Click scan and save a logfile, then post it here so
    we can take a look at it for you. Don't click fix on anything in hijack this
    as most of the files are legitimate.
     
  3. khyto

    khyto Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    2
    ok i did that also it seems that whenever i start up in safe mode my computer friezes up or crashes
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Is Trend micro also an anti virus because you already have McaFee and running two anti virus with two firewalls will cause major problems and conflicts plus I see you have Norton anti virus too and Panda. So keep one and uninstall all the rest!!


    Disable Adwatch


    Please disable AdWatch, as it may hinder the removal of some entries.
    To disable AdWatch:

    right-click the AW icon in the sys tray and select "Unload Ad-Watch" and
    also
    untick load adwatch at system start and automatic when you have finished
    clean
    ing open adaware and click on the adwatch button and then reverse the
    settings




    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find DomainService
    Right click and choose "Properties". On the "General" tab under "Service
    Status" click the "Stop" button to stop the service. Beside "Startup Type"
    in the dropdown menu select "Disabled". Click Apply then OK. Exit the
    Services utility.

    Note: You may get an error here when trying to access the properties of the
    service. If you do get an error, just select the service and look there in
    the top left of the main service window and click "Stop" to stop the
    service. If that gives an error or it is already stopped, just skip this
    step and proceed with the rest.




    To deactivate Spyware Doctor's OnGuard Tools

    * From within Spyware Doctor, click the "OnGuard" button on the left
    side.
    * Uncheck "Activate OnGuard".

    You can reenable it once your system is clean.



    spysweeper.

    Before you proceed with the removal directions below you need to turn off
    SpySweeper's realtime protection as it will interfere with the changes we
    are trying to make.

    Open Spysweeper and click on Options > Program Options.
    Uncheck "load at windows startup".
    On the left click "shields" and then uncheck everything there.
    Uncheck "home page shield".
    Uncheck "automatically restore default without notification".
    Exit the program.
    Leave it disabled until we are finished here.




    Download the pocket killbox

    http://www.majorgeeks.com/Pocket_KillBox_d4709.html




    Download AVG Anti-Spyware

    http://www.ewido.net/en/


    * Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
    * Once the setup is complete you will need run AVG and update the definition
    files.
    * On the main screen select the icon "Update" then select the "Update now"
    link.
    * Next select the "Start Update" button, the update will start and a
    progress bar will show the updates being installed.
    * Once the update has completed select the "Scanner" icon at the top of the
    screen, then select the "Settings" tab.
    * Once in the Settings screen click on "Recommended actions" and then select
    "Delete"
    * Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"


    Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that
    later in safe mode.






    * Click here to download ATF Cleaner by Atribune and save it to your
    desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords,
    please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords,
    please click No at the prompt.
    * Click Exit on the Main menu to close the program.


    * Click here for info on how to boot to safe mode if you don't already know
    how.

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.



    O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [GPLv3] "rundll32.exe" "C:\WINDOWS\system32\kehxjxos.dll",realset
    O23 - Service: DomainService - - C:\WINDOWS\system32\jftrhwgv.exe


    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
    In the Full Path of File to Delete box, copy and paste each of the following
    lines one at a time then click on the button that has the red circle with
    the
    X in the middle after you enter each file. It will ask for confirmation to
    delete the file. Click Yes. Continue with that same procedure until you have
    copied and pasted all of these in the Paste Full Path of File to Delete box.



    Note: It is possible that Killbox will tell you that one or more files do
    not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.




    C:\WINDOWS\system32\kehxjxos.dll
    C:\WINDOWS\system32\jftrhwgv.exe




    Run AVG Anti-Spyware!

    # IMPORTANT: Do not open any other windows or programs while AVG is scanning
    as it may interfere with the scanning process:
    # Launch AVG Anti-spyware by double-clicking the icon on your desktop.
    # Select the "Scanner" icon at the top and then the "Scan" tab then click on
    "Complete System Scan".
    # AVG will now begin the scanning process. Be patient this may take a little
    time.
    Once the scan is complete do the following:
    # If you have any infections you will prompted, then select "Apply all
    actions"
    # Next select the "Reports" icon at the top.
    # Select the "Save report as" button in the lower left hand of the screen
    and save it to a text file on your system (make sure to remember where you
    saved that file, this is important).
    # Close AVG and reboot your system back into Normal Mode.


    Note: this is a stand alone, it doesn't install to start/programmes.

    Download Mwav,

    http://www.spywareinfo.dk/download/mwav.exe


    double click on it and it will extract to C:\kaspersky. Click
    on the kaspersky folder and click on Kavupd, a black dos window will open
    and it will update the programme for you, be patient it will take 5-10
    minutes to download the new definitions. Once it's updated, click on
    mwavscan
    to launch the programme.

    Use the defaults of:

    Memory
    startup folders
    Registry
    system folders
    services

    Choose drive , all drives and, click scan all files
    and then click scan/clean. After it finishes scanning and cleaning post
    the log here with a new hijack this log.

    Note: this is a very thorough scanner, it might take anything up to an hour
    or more, depending on how many drives you have and how badly infected your
    pc is.



    Highlight the portion of the scan that lists infected items and hold
    CTRL + C to Copy then paste it here. The whole log with be extremely
    big so there is no way to copy the whole thing. I just need the
    infected items list.



    Post a new hijack this, the Mwav scan log and the AVg antispware log!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595998

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice