Trojans! Need Help.

  1. 08-02-2009  #1
    Gourmandhast
    Gourmandhast is offline Newbie

    Trojans! Need Help.

    Hello,

    I am encountering multiple problems with my computer. The loading time slowed down, my computer takes a long time to start up. When I go on Google and type a search, I get redirected to a random site. My Security Center firewall is turned off. My control panel window loads slowly. I cannot access websites that frequently visited websites that require a user log in (facebook for example) and I can not access a website to view my college assignments. I can't access mail sites like Yahoo! Mail and Gmail either or my deviantart account. I get a message saying that there is no internet connection. I am not able to connect to MSN either. It tells me there's a problem with the Key Ports.

    I have tried Spybot S&D, I have found these infections
    Virtumonde.sci
    IRC.crt
    Microsoft.WindowsSecurityCenter_disable
    Virtumonde
    Virtumonde.generic

    My Google links are redirected by hxxp://clickfraudmanager

    I have ran Spyboy S&D several times and the malwares mentioned above always seem to pop up on it.

    Here is my HJT log
    ==================
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:48:58 PM, on 2/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Wintab32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ZPOINT32.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\HP_Owner\Desktop\OPEL\Moize\Misc\Yod'm 3D\Yodm3D.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\HP_Owner\My Documents\My Stationery\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Advertising Your Business with Yahoo! Search Marketing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {405FF734-0A1D-4F1E-BB44-95B3B1A05531} - C:\WINDOWS\system32\yayYSJDW.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcbXNGW.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    Here is my Uninstall List
    ==================
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge 1.0
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Common File Installer
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash CS3
    Adobe Flash CS3 Professional
    Adobe Flash Player 10 Plugin
    Adobe Flash Video Encoder
    Adobe Help Center 1.0
    Adobe Help Viewer CS3
    Adobe Illustrator CS2
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS2
    Adobe Reader 7.0.9
    Adobe Setup
    Adobe Shockwave Player 11
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Agere Systems PCI Soft Modem
    avast! Antivirus
    Canon CanoScan Toolbox 4.6
    CC_ccProxyMSI
    CC_ccStart
    ccCommon
    CDisplay 1.8
    Compatibility Pack for the 2007 Office system
    dBpoweramp Ogg Vorbis aoTuV Encoder
    dBpoweramp Ogg Vorbis Codec
    DivX Content Uploader
    DivX Web Player
    FinePix Studio
    FinePixViewer Resource
    FinePixViewer Ver.5.5
    Free YouTube to Mp3 Converter version 3.1
    Help and Support Additions
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB952287)
    HP Deskjet Preloaded Printer Drivers
    HP Image Zone 4.2.3
    HP Image Zone Plus 4.2.3
    HP Organize
    HP Photosmart Cameras 4.0
    HP PSC & OfficeJet 4.0
    HP Software Update
    HPIZ423
    Intel(R) Graphics Media Accelerator Driver
    IntelliMover Data Transfer Demo
    InterVideo DiscLabel
    InterVideo WinDVD Creator
    InterVideo WinDVD Player
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    KBD
    LiveReg (Symantec Corporation)
    LiveUpdate 3.0 (Symantec Corporation)
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Media Video 9 VCM
    Microsoft Works
    Mozilla Firefox (3.0.6)
    MSI to redistribute MS VS2005 CRT libraries
    MSRedist
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MyDSC2
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Personal Firewall
    Norton Personal Firewall (Symantec Corporation)
    Norton Security Center
    PC-Doctor for Windows
    PDF Settings
    Photosmart 320,370,7400,8100,8400 Series
    Picasa 3
    PS2
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QuarkXPress 7.2
    QuickTime
    RealPlayer
    RocketDock 1.3.5
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 8 (KB960714)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Sonic Express Labeler
    Sonic RecordNow!
    Sonic Update Manager
    SpeedFan (remove only)
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    Uninstall 1.0.0.1
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Updates from HP
    USB Tablet Driver
    Veoh Web Player Beta
    VideoLAN VLC media player 0.8.6c
    WavePad Uninstall
    Winamp
    Windows Internet Explorer 8 Beta 2
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Messenger
    Last edited by Gourmandhast; 08-02-2009 at 09:13 PM. Reason: More explaination

  3. 09-02-2009  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    NOTE: You only submitted an incomplete HijackThis LOG.

    In Control Panel > Add/Remove Program, uninstall the following obsolete/vulnerable versions of JAVA:

    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7



    * Please download Malwarebytes' Anti-Malware from HERE or HERE

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • Run the scan in SAFEMODE (tapping the F8 key on bootup), if necessary.
    • If an update is found, it will download and install the latest version.
    • If you encounter any problems while downloading the updates, manually download them from HERE and just double-click on mbam-rules.exe to install.
    • Once the program has loaded, select "Full Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked , and click Remove Selected.
    • When disinfection is completed , a log will open in Notepad and you may be prompted to Restart(See Extra Note).
    • A run log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
    • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
    • Please post any current revised observations.

    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
+ Reply to Thread
« I have a virus | Do I have a Virus - Info + My HJT log enclosed »