LandzDown Forum

oads of warnings and pop ups have taken over my desk top. Warning says that I have Trojan.W32.looksky.

AVG found about 60 tracking cookies (medium risk) My desktop is red w/ a privacy logo and warnging. Spyware everywhere. Please help! Here is my HiJackLOg:

Logfile of HijackThis v1.99.1
Scan saved at 22:27:41, on 2007-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
E:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Anti Virus Kapersky\AV Temp\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {E988D7C9-45D1-433B-991B-127FE1CEB3A4} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {045864CD-B021-4CC0-99C3-CB60FBF65871} - C:\WINDOWS\wmpconf.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Anti Virus Kapersky\AV Temp\Kaspersky Anti-Virus Personal\kavsvc.exe

Thnx!

Now the pop ups won´t let me scan with my Kaspersky anti virus program. This will just get worst I´m afraid. Is this the death of my comp?

No, No not the death of your puter!  Have patience and the more learned ones will come to your rescue!

Tjenare, VirusHater!

It has has not been that long since your last visit.  I sure wish you would stop by just to say "Hi" instead of with such a nasty infection.  We will do our best to help, but then you really need to consider some additional protection and updating for that machine.  Let's see how well what I am suggesting will get the process started. 


MVH,

Corrine

Please print or copy these instructions to your desktop as you will be working from safe mode during much of the time.

Please do the following: 

• Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop. 
  
• Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix). 
  Please Note: 
  
  
  • If an error message is displayed when running SDFix, see the instructions in SDFix_ReadMe (http://downloads.andymanchesta.com/RemovalTools/SDFix_ReadMe.htm).
    
  • If you are unale to run in Safe Mode, please download SafeBootKeyRepair (http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe).  Save it to your desktop.  Double-Click to run it and follow the provided instruction.
• Please download ATF Cleaner by Atribune from http://www.atribune.org/content/view/40/2/ (http://www.atribune.org/content/view/40/2/) .  Save it to your Desktop.
  
• Go to http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE  and download the free version of SUPERAntiSpyware and install it.
  
  After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Please do NOT allow SUPERAntiSpyware to Protect your Home Page settings.
  
  Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).
  
  Start-up Options:  *Start SUPERAntiSpyware when Windows starts
  Automatic Updates:  *Check for program updates when the application starts.
  Start-up Scanning:  *Check for updates before scanning on startup.
  
  Then select Close. Don't scan just yet though.

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  

Run ATF Cleaner[LIST=1]

• Double-click ATF-Cleaner.exe to run the program.
  
• Click Select All found at the bottom of the list.
  
• Click the Empty Selected button.
  
• Click Exit on the Main menu to close the program.
  

Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  
• Press any Key and it will restart the PC.
  
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt here as a reply along with a fresh HijackThis log
  

Run SUPERAntiSpyware

• Open SUPERAntiSpyware and click the Scan your Computer button. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive)
  
• Check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.
  
  -- SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  -- Make sure that they all have a check next to them and click next.
  -- If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).
  
  
• Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log.
  
• Save the log to your desktop, and copy/paste the text from the log back here.

Post a reply with the following: 

• Report.txt from SDFix
  
• SUPERAntiSpyware log
  
• A fresh HijackThis log