Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Several Trojans and hidden problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Several Trojans and hidden problems

Unread postby peejee » September 21st, 2008, 4:58 am

Hi guys

Let me start off this with a little intro into my problem. I was watching a couple of videos on youtube and my cat jumped in my lap causing me to hit my mouse and accidentally clicked on a link somewhere, happened so quick that I don't even know what it was. A couple of seconds later a box popped up on the screen saying something about needing to install virus scanner because i had a virus, then my desktop changed to what looked like a spyware software would look like after a scan was complete. A few minutes later I got the blue screen, as I was trying to read it, it "blue screened" again doing this about 6 times before I just shut it off.

I unplugged my network cable and booted into safe mode I preformed a hijack this and there was nothing amiss about it. I went and uninstalled everything that I had installed within the last 2 weeks. Ran Ace Utilities to clean up the registry. Ran both Spybot and Adaware, and found Smitfraud (which explained the whole fake blue screens) and a couple of low end cookies. I ran both AVG and Avast, wanted to make sure that it caught it all, and found 3 trojans: win32: bravix drp, win32: small-mar trj, and win32: trojan-gen. I deleted the files rebooted, ran a boot scan virus scan, and went back into safe mode and ran the virus scans again and came up clean. So I, plugged back into the network, rebooted into normal mode happy to go on my way, and nope not happening.

On my computer I have my profile and the admin profile, both with admin abilities. When going into my "normal" profile, Gir, I can do nothing, cant right click, can't even reboot. I hit the restart button, and log into the admin account, I can do stuff on that user except use MOST of the internet. When I say most of the internet, I can go to google or myspace, but thats about it, when I tried going to any website that was "spyware removal" or virus protection, I get an failed to connect page. When I'm at google and type something in the search bar say "avast" it will come up with the correct search results but when clicking on the link i'm redirected.

So I restart into safe mode with network commands thinking maybe I wasn't up-to-date with the internet being weird. Well when in safe mode, I can go anywhere without any problems. So I'm stumped usually I can work my way out of these things, but not this time.

So I'm using the laptop to do all of this posting everything as I want to keep unplugged from the network as much as I possibly can, since we have a mini-lan here.

I created a new profile so that I could be able to run at least a hijack this, which I hope doesn't mess up the whole problem since I can't get into my primary user account. So here goes...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:25 AM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - http://games.myspace.com/Gameshell/Game ... meHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://myspace.oberon-media.com/gameshe ... er_v10.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

End of file - 3478 bytes

Thanks for any help or suggestions
Active Member
Posts: 1
Joined: September 21st, 2008, 4:03 am
Register to Remove

Re: Several Trojans and hidden problems

Unread postby Blade81 » September 26th, 2008, 12:46 pm


If you still need help with this please do following:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Several Trojans and hidden problems

Unread postby NonSuch » October 3rd, 2008, 4:38 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 27259
Joined: February 23rd, 2005, 7:08 am
Location: California

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware