Multiple viruses + Hijack this log attached

[Snake64_009]

Ok so somehow I have some viruses now and also teatimer WAS (before I ran antispyware programs) askign me to allow BHO's repeatedly which I denied.

I ran through the guide. Firstly after running msconfig cleanup I now get this message everytime I boot into windows:

C:\WINDOWS\System32\joqkjsvq.dll
The specified module could not be found.

And this is what AVG caught in the virus vault:

Virus found Win32\Heur in C:\System Volume Information\_restore......
Trojan horse Generic10.COZ in C:\System Volume Information\_restore......

My HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 01:58:16, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

The remaidner is in the notepad. It is too long to post here.

 

[Redmo0n]

Remove

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {85A611CA-CA0F-469B-8220-B70221A545BB} - (no file)

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL


Then go through Osiris guide

http://www.techist.com/forums/f51/spyware-removal-guide-osiris-165828/

 

[Osiris]

How is this coming along?

 

[Snake64_009]

Ok firstly

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {85A611CA-CA0F-469B-8220-B70221A545BB} - (no file)


have reappeared.

Secondly I got 2 more warnings from AVG for trojan horses. Thirdly Teatimer is constanly blocking a reuqest for Global Browser something.

Now I will run through the guide again and post my results.

And what do I do about this:

C:\WINDOWS\System32\joqkjsvq.dll
The specified module could not be found.

which comes up everytime I boot.

 

[Snake64_009]

Right I have followed the guide again.

Firstly AVG 8.0 has these in the virus vault:

Virus found Win32\Heur in C:\System Volume Information\_restore......
Trojan horse Generic10.COZ in C:\System Volume Information\_restore......
Trojan horse Generic10.LEX in C:\System Volume Information\_restore......

And here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 21:37:57, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe


The rest is attached.

 

[Osiris]

Before we do anything else, uninstall Spybot, thats junk and you need to disable system restore, its infected. Then run ccleaner and Cleanup! and then post a new log.

 

[Snake64_009]

Ok here is the new log

 

[Osiris]

remove these entries

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {85A611CA-CA0F-469B-8220-B70221A545BB} - (no file)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)


then post a new log. Does AVG still pick up anything?

 

[Snake64_009]

Ok I did that and I got an error:

An unexpected error has occured at procedure: modBackup_MakeBackup ( the 020 file AppInit file)

........

The new log is attached. AVG still has those 3 files listed above in the vurus vault. I will do another scan to see if it picks anything up.

 

[Osiris]

your log looks good. You still havn those issues?