 Infected With Various Spyware, Need guidance on how to fully remove it |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 20 2008, 02:13 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 3 Joined: 19-January 08 Member No.: 184,630  |
On Friday evening my machine was infected by a virus which tried to install a program called "SpyRemovalPro" - I think I correctly removed it after it emerged. But then another similar program called "StorageProtector" tried to install without my permission onto my machine - I did stop it downloading and removed it in the same way as I did with "SpyRemovalPro". But now I'm receiving all sorts of messages like: "Important - Potential Errors found in the system During a scan of files at system startup, potential erros in the system registry were found. p-07-0100 irql: 1f SYSVER 0xff00024 NT_Kernel error 1256 KMODE_EXCEPTION_NOT_HANDLED" I also receive a pop-up balloon on the right hand side of my taskbar saying "A Critical Error can occur" Two unseen icons from before are now reappearing everytime I delete them from my desktop (Shortcuts for "Help and Support Center" and "Windows Update") Also, when I try to use my computer for a short while (e.g. 20 minutes), and run a few applications such as iTunes and Mozilla Firefox, it begins to crash and freeze and I have to try and restart or shut down. The actions I've taken so far to sort out the problem have done very little good - I've run Norton AntiVirus 2002 twice (once in normal and once in safe mode) and Ad-Aware 2007 (once in normal and once in safe mode). SUNDAY UPDATE http://www.bleepingcomputer.com/forums/topic126604.html I've followed the instructions that member boopme has given me - I have the result of the SuperAntiSpyware log he asked for: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/20/2008 at 06:00 PM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 02:02:51 Memory items scanned : 182 Memory threats detected : 0 Registry items scanned : 5564 Registry threats detected : 10 File items scanned : 65668 File threats detected : 7 Unclassified.Unknown Origin HKLM\Software\Microsoft\Internet Explorer\Toolbar#{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} Trojan.NetMon/DNSChange HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc Adware.ClickSpring/Yazzle C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE Adware.ClickSpring-Variant C:\PROGRAM FILES\ASKS~1\LSASS .EXE The results of carrying out those instructions has led to no removal of the spyware and continued emergence of messages described at the start of this post. Also, I am unable to connect to the internet at all. Whilst trying to connect, my computer says that it is "Acquiring a network address" - I don't know, but this started happening once the virus/spyware infected my machine. I also have a HiJackLog: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50:04, on 20/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\AdAware\aawservice.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS .EXE E:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe C:\Program Files\Logitech\ImageStudio\LogiTray .exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\VPro610.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storageprotector.com/clean/installe...C8AE115F6ED8513 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [30f3fcb6] rundll32.exe "C:\WINDOWS\system32\amdphqvv.dll",b O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?4b50da422e3741eb979d35bb55ea0e74 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?4b50da422e3741eb979d35bb55ea0e74 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} (DrsDnld Control) - http://www.mathtutor.ac.uk/integration/drs/DrsDnldProj1.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162507949030 O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.pvw.od2.com/common/musicmanage...nagerPlugin.CAB O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\AdAware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 8229 bytes Your help would be sincerely appreciated as always. |
 |
 
|
|
Jan 26 2008, 04:03 AM
Post
#2
|
|
 Malware Assassin Group: HJT Team Posts: 13,610 Joined: 13-July 06 Member No.: 75,975 |
Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems. Apologies for the late response,as i'm sure you can appreciate we are extremely busy. If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know. If you have not followed the info in the link below prior to posting your log then please do so now: Preparation Guide for use before posting a HijackThis Log: http://www.bleepingcomputer.com/forums/topic34773.html If you still require help,please post a new Hijackthis log into this topic in your next reply. Also post a detailed description of the issues you're experiencing. *Note* Post all reports/logs directly into this topic,not as attachments,thanks. -------------------- If I have helped you in any way, please consider a donation:
 Proud Member of ASAP (Alliance of Security Analysis Professionals). Proud Member of U-N-I-T-E (Unified Network of Instructors and Trusted Eliminators). |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 04:46 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.