wow been trying toi fix this for days need help!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
K

khyto

Thread Starter
Joined
Jul 15, 2007
Messages
2
okay so out of nowhere my comoputer is infested with god knows what ,i scan with trend micro ,and various other anto spy ware systems ,i destroy 100's of detections , Pareto logic detects vondo trojan everytime i start my computer, il delete it and next time i shut down and start up its there again.

everytime i go on the next everything goes slow and trend micro comes up woith a hacker/ proxy something and not to visit the website but im not ,what do i do?? ?anyone encounter this problem? my computer is running alot better now but use to be running mega slow.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:56 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\system32\jftrhwgv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\Powers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\PROGRA~1\McAfee\COMMON~1\naPrdMgr.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\shstat.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Documents and Settings\Owner\Desktop\Mother\Khyle's Drive\Security\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DRam prosessor] rBot.exe
O4 - HKLM\..\Run: [McAfee Online Virus Scanner] avp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GPLv3] "rundll32.exe" "C:\WINDOWS\system32\kehxjxos.dll",realset
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\Powers.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\PROGRA~1\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [DataLayer] "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\RunServices: [McAfee Online Virus Scanner] avp.exe
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [UnHackMe Monitor] "C:\Program Files\UnHackMe\hackmon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O17 - HKLM\System\CCS\Services\Tcpip\..\{8028A9C4-8B5F-47E4-822E-14DD84FD105B}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE774071-8CA5-40B1-8EB2-03980769347C}: Domain = nsw.bigpond.net.au
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - (no file)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - (no file)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\jftrhwgv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
K

khyto

Thread Starter
Joined
Jul 15, 2007
Messages
2
ok i did that also it seems that whenever i start up in safe mode my computer friezes up or crashes
 
K

khazars

Joined
Feb 15, 2004
Messages
12,302
Is Trend micro also an anti virus because you already have McaFee and running two anti virus with two firewalls will cause major problems and conflicts plus I see you have Norton anti virus too and Panda. So keep one and uninstall all the rest!!


Disable Adwatch


Please disable AdWatch, as it may hinder the removal of some entries.
To disable AdWatch:

right-click the AW icon in the sys tray and select "Unload Ad-Watch" and
also
untick load adwatch at system start and automatic when you have finished
clean
ing open adaware and click on the adwatch button and then reverse the
settings




Click Start > Run > and type in:

services.msc

Click OK.

In the services window find DomainService
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.

Note: You may get an error here when trying to access the properties of the
service. If you do get an error, just select the service and look there in
the top left of the main service window and click "Stop" to stop the
service. If that gives an error or it is already stopped, just skip this
step and proceed with the rest.




To deactivate Spyware Doctor's OnGuard Tools

* From within Spyware Doctor, click the "OnGuard" button on the left
side.
* Uncheck "Activate OnGuard".

You can reenable it once your system is clean.



spysweeper.

Before you proceed with the removal directions below you need to turn off
SpySweeper's realtime protection as it will interfere with the changes we
are trying to make.

Open Spysweeper and click on Options > Program Options.
Uncheck "load at windows startup".
On the left click "shields" and then uncheck everything there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.
Leave it disabled until we are finished here.




Download the pocket killbox

http://www.majorgeeks.com/Pocket_KillBox_d4709.html




Download AVG Anti-Spyware

http://www.ewido.net/en/


* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the
screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select
"Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"


Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that
later in safe mode.






* Click here to download ATF Cleaner by Atribune and save it to your
desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html


* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
* Click Exit on the Main menu to close the program.


* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:



have hijack this fix these entries. close all browsers and programmes before
clicking FIX.



O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GPLv3] "rundll32.exe" "C:\WINDOWS\system32\kehxjxos.dll",realset
O23 - Service: DomainService - - C:\WINDOWS\system32\jftrhwgv.exe


Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with
the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.



Note: It is possible that Killbox will tell you that one or more files do
not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.




C:\WINDOWS\system32\kehxjxos.dll
C:\WINDOWS\system32\jftrhwgv.exe




Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs while AVG is scanning
as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on
"Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little
time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all
actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen
and save it to a text file on your system (make sure to remember where you
saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.


Note: this is a stand alone, it doesn't install to start/programmes.

Download Mwav,

http://www.spywareinfo.dk/download/mwav.exe


double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on
mwavscan
to launch the programme.

Use the defaults of:

Memory
startup folders
Registry
system folders
services

Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.

Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.



Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.



Post a new hijack this, the Mwav scan log and the AVg antispware log!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 599 (members: 3, guests: 596)
Top