Question:

Trojans & Antivirus XP 2008 (Hijack This log)?

by  |  earlier

0 LIKES UnLike

Hi all, I really hope someone can help me. My PC got a rather nasty infection that somehow switches off my Windows Firewall itself and then installed Antivirus XP 2008 without me even giving any permission for any of this to happen. It still fascinates me... I thought I was rid of it after running Adaware and Malwarebyte's Anti-Malware AND AVG, but today it's back. It turned my firewall off again, when I switched it on, AVG told me about 2 trojan infections - the Trojan Horse Downloader.Keenval.O and now this stupid Antivirus XP thing popping up again and a blue wallpaper. Below is my Hijack This log:

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\soundman.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\GetRight\getright.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\drivers\svchost.ex...

C:\DOCUME~1\Liz\LOCALS~1\Temp\nggncegj...

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentV... Settings,ProxyServer = http=127.0.0.1:54545

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplu...

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [SoundMan] soundman.exe

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb...

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSC... /auto

O4 - HKLM\..\Run: [lphce33j0e72n] C:\WINDOWS\system32\lphce33j0e72n.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync]

 Tags:

   Report

3 ANSWERS


  1. download sdfix here:

    http://www.downloads.andymanchesta.com/R...

    Install sdfix... reboot into safe mode.

    Click Start button and select Run

    In the Open box type C:\sdfix\runthis.bat

    when it's done, reboot into normal mode

    When the system has finished, a notepad will pop up and let you know if it found anything and if it was successful in removing the infection.


  2. well i guess you can wipe your c:drive and install windows unless you have a recovery system  you can use that

  3. use manual removal instructions

    http://fix-computer-problem.com/rogue-an...

Question Stats

Latest activity: earlier.
This question has 3 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.
Unanswered Questions