Let me start off this with a little intro into my problem. I was watching a couple of videos on youtube and my cat jumped in my lap causing me to hit my mouse and accidentally clicked on a link somewhere, happened so quick that I don't even know what it was. A couple of seconds later a box popped up on the screen saying something about needing to install virus scanner because i had a virus, then my desktop changed to what looked like a spyware software would look like after a scan was complete. A few minutes later I got the blue screen, as I was trying to read it, it "blue screened" again doing this about 6 times before I just shut it off.
I unplugged my network cable and booted into safe mode I preformed a hijack this and there was nothing amiss about it. I went and uninstalled everything that I had installed within the last 2 weeks. Ran Ace Utilities to clean up the registry. Ran both Spybot and Adaware, and found Smitfraud (which explained the whole fake blue screens) and a couple of low end cookies. I ran both AVG and Avast, wanted to make sure that it caught it all, and found 3 trojans: win32: bravix drp, win32: small-mar trj, and win32: trojan-gen. I deleted the files rebooted, ran a boot scan virus scan, and went back into safe mode and ran the virus scans again and came up clean. So I, plugged back into the network, rebooted into normal mode happy to go on my way, and nope not happening.
On my computer I have my profile and the admin profile, both with admin abilities. When going into my "normal" profile, Gir, I can do nothing, cant right click, can't even reboot. I hit the restart button, and log into the admin account, I can do stuff on that user except use MOST of the internet. When I say most of the internet, I can go to google or myspace, but thats about it, when I tried going to any website that was "spyware removal" or virus protection, I get an failed to connect page. When I'm at google and type something in the search bar say "avast" it will come up with the correct search results but when clicking on the link i'm redirected.
So I restart into safe mode with network commands thinking maybe I wasn't up-to-date with the internet being weird. Well when in safe mode, I can go anywhere without any problems. So I'm stumped usually I can work my way out of these things, but not this time.
So I'm using the laptop to do all of this posting everything as I want to keep unplugged from the network as much as I possibly can, since we have a mini-lan here.
I created a new profile so that I could be able to run at least a hijack this, which I hope doesn't mess up the whole problem since I can't get into my primary user account. So here goes...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:25 AM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - http://games.myspace.com/Gameshell/Game ... meHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://myspace.oberon-media.com/gameshe ... er_v10.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
--
End of file - 3478 bytes
Thanks for any help or suggestions
