Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please help me...trojans here...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

please help me...trojans here...

Unread postby gnihykcaj » July 18th, 2008, 9:29 am

need help..looks like i've been infected by trojans?my pc runs so slow.here's my log.thanks for your time...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:26, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
D:\crusty\gNiHyKcAj.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8800D43D-7355-4DAD-8755-A3BDBB506679} - C:\WINDOWS\system32\opnnklKE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMef4c400f] Rundll32.exe "C:\WINDOWS\system32\vnrphufb.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - Winlogon Notify: ssqOHxwW - C:\WINDOWS\SYSTEM32\ssqOHxwW.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4560 bytes
gnihykcaj
Active Member
 
Posts: 4
Joined: July 10th, 2008, 7:49 pm
Advertisement
Register to Remove

Re: please help me...trojans here...

Unread postby MikeSwim07 » July 18th, 2008, 9:33 am

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please note: All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: please help me...trojans here...

Unread postby gnihykcaj » July 18th, 2008, 10:21 am

hi michael thanks for your response.heres the log for my uninstall list.

32 Bit HP CIO Components Installer
AAA Logo 1.2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Media Player
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i 3
avast! Antivirus
BootSkin
Camfrog Video Chat 5.1 (remove only)
CamStudio
Chikka Messenger V4
CursorXP
DeskScapes
DesktopX
Dingyi usb2.0 web Camera
DVD Suite
EasyWorship 2007
e-Sword
Folder Lock
Form Fill (Windows Live Toolbar)
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HPSSupply
IconPackager
iTunes
Java(TM) 6 Update 6
K-Lite Mega Codec Pack 3.5.3
LightScribe System Software 1.12.37.1
LightScribe Template Designs - Urban Pack 1
LightScribeTemplateLabeler
Map Button (Windows Live Toolbar)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox (2.0.0.16)
Nero 7 Essentials
neroxml
ObjectDock Plus
OneCare Advisor (Windows Live Toolbar)
Photodex Presenter
Popup Blocker (Windows Live Toolbar)
PowerDVD
ProShow Gold
QuickTime
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SmartSound Quicktracks Plugin
SopCast 2.0.4
SoundMAX
Spybot - Search & Destroy
SpywareBlaster 4.1
Stardock MyColors
SUPER © Version 2008.bld.30 (Mar 22, 2008)
Tabbed Browsing (Windows Live Toolbar)
Theophilos 3
TuneUp Utilities 2006
Ulead VideoStudio 10
V-Gear TalkCam RX8
VIA Platform Device Manager
VIA/S3G Display Driver
Winamp (remove only)
WindowBlinds
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
WinRAR archiver
X360 Video Player ActiveX Control
Yahoo! ¤u¨ã¦C
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
gnihykcaj
Active Member
 
Posts: 4
Joined: July 10th, 2008, 7:49 pm

Re: please help me...trojans here...

Unread postby MikeSwim07 » July 19th, 2008, 7:43 am

P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you wish to keep them, please do not use them until your computer is cleaned.

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

Please attach ALL external devices (flash drive, camera, phone, etc) before running the below!

Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

MGA results
C:\ComboFix.txt
New HijackThis log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: please help me...trojans here...

Unread postby gnihykcaj » July 21st, 2008, 12:32 am

I have attached the logs you needed to fix my computer.and heres my new Hijak log.thank you for your time

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:31, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
D:\crusty\gNiHyKcAj.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 3834 bytes
You do not have the required permissions to view the files attached to this post.
gnihykcaj
Active Member
 
Posts: 4
Joined: July 10th, 2008, 7:49 pm

Re: please help me...trojans here...

Unread postby MikeSwim07 » July 21st, 2008, 7:39 am

It is this forum's policy to decline help to those who are either using illegal copies of software and/or are attempting to circumvent the software's restrictions in order to use said software without lawfully purchasing the product, in violation of the EULA (End User License Agreement).
To do otherwise would put us in the position of aiding and abetting an unlawful act.
The forum's policy on invalid copies of Windows is here : http://forum.malwareremoval.com/viewtopic.php?t=550

As the information you have posted indicates that your system falls into this category, we are unable to offer assistance until it can be conclusively demonstrated that this situation has been rectified.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: please help me...trojans here...

Unread postby NonSuch » July 27th, 2008, 6:11 pm

It appears that there are issues with your Windows operating system as it has failed the validation process. This means that the copy of Windows installed on your computer cannot be properly validated as being genuine; therefore, it cannot be updated nor can it be made secure. Accordingly, it would be counterproductive to attempt cleaning of this machine as it would be immediately reinfected. Moreover, it is the policy of the Malware Removal Forum that we do not assist those who are using illegal/invalid software.

viewtopic.php?t=550

If you have reason to believe that your copy of Windows should have passed the validation process, you may contact Microsoft for assistance:

http://forums.microsoft.com/genuine/def ... ?siteid=25

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware