My computer is sick - feat. 8 steps+logs

[Dan89]

Bit of history first-
My computer has been infected for a few months, generally with smaller viruses that barely bothered me, but recently I've noticed a number of trojans and decided to get something done. Just yesterday I got word that through my msn I was sending links to porn sites- a sure sign that my computer's pretty darn infected, despite never falling for any traps or giving my password away (through the scanning I discovered keyloggers that I, with my limited knowledge, have decided to blame).

I have attached the Malwarebytes Antimalware, SUPERAntiSpyware and hijackthis scan logs, but I feel this is also important:
After completing step 5 (The SUPERAntiSpyware) and restarting my computer, I was prompted to open in Safe mode. After I didn't hit any key and it started regularly, before reaching the login screen it froze on a blue screen telling me that registry files (if I remember correctly... you guys would know this screen better than I) were infected and that I had to restart my computer and should start in another mode.
I restarted and then decided to start from the 'Last Known Good Configuration.'
I then continued steps 6 through 8 (Java was fine, didn't require an update) and here I am.

Dan.

 

[touch]

Hello Dan89

You still have some infections. However, it looks like you have 3 antivirus programs running ->

"Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
Not more."

If you have purchased Sophos, you should ->
Remove/uninstall from "add/remove programs" in controlpanel.
Avast and AVG8.

Reboot, attach new hijackthis log

 

[Dan89]

Thanks for the response.

I was unaware that I had Avast running- I went to 'Add or Remove Programs' and couldn't find it on the list.
I've had Sophos installed for the last 2-3 years (since I had the computer), however the 'sophos protection update has failed' for the last 2 years- which is why I got AVG a while back (without uninstalling Sophos).
When I double click on the Sophos icon, it is unable to connect to server.

Before I do anything-
How do you recommend I completely remove Avast?
Should I remove Sophos and keep AVG as my antivirus program?

Thanks.

 

[touch]

My recommendation would be that you remove AVG, Avast and Sophos, and then install Avira.

Download Avira´s installations file:
Avira
Don´t install it, yet

Then run this Avast uninstaller:
http://www.avast.com/eng/avast-uninstall-utility.html

Uninstall Sophos:
"At the Windows taskbar, select Start|Run
browse to the folder C:\Program Files\Sophos SWEEP for NT
double-click 'setup.exe'
at the very end of the path in the Run window, type a space followed by -remove
(e.g. "C:\Program Files\Sophos SWEEP for NT\setup.exe" -remove)
follow the instructions on the screen."

Run the AVGRemove Tool

Install Avira. Update it, run a complete scan.

After you have done the steps above ->

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.

Close all other browser windows.
Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

 

[Dan89]

Hey
Small issue, I don't have the 'Sophos SWEEP for NT' folder.
This'd probably have some effect downloading updates and why it wouldn't update.
Do you recommend any other ways of removing it?

 

[touch]

Yes, we remove Sophos manually later, using combofix.

 

[Dan89]

So after downloading the Avira installation file, would you recommend I install it before or after executing Combofix?

I've removed AVG and avast!, so I'll run Combofix after your next response.

Thanks for the help.

 

[touch]

Install Avira now, run a complete systemscan. Then run combofix

 

[Dan89]

Here's my Combofix log and my new Hijackthis log.

 

[touch]

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\xwohrbde.tmp
c:\windows\system32\drivers\savonaccesscontrol.sys
c:\windows\system32\drivers\savonaccessfilter.sys
c:\docume~1\DARTHM~1\LOCALS~1\Temp\naecd.sys
c:\windows\System32\avast!Antivirus.exe
Folder::
c:\program files\Sophos
Driver::
SAVOnAccessControl
SAVOnAccessFilter
naecd
avast!Antivirus

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[Dan89]

Combofix log attached.

Thanks a million man, my usb port works again with my usb drives and ipod

 

[touch]

That´s good news :grinthumb

Combolog looks clean. Please attach fresh hijackthis log.

 

[Dan89]

Attached

 

[touch]

Have hijacktis to fix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

And you´re done.

Now to the big question - How are things running ?

 

[Dan89]

A little faster- my computer has been filled up for a year or more so it's obviously not as fast as when I first got it, but the most noticeable (and awesome) difference is my usb port now works- for some reason the webcam would work, however usb drives and my ipod couldn't connect for the past few months and it's just been a pain in the *** with assessments and such.
The computer just feels cleaner, too

Thanks for your help man, you've saved me hours upon hours of mental anguish

 

[touch]

I´m glad to hear I´ve saved you for mental anguish

Now your computer problems are solved, it is time for the clean-up procedure
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

Please download http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
http://www.spywareinfoforum.com/index.php?showtopic=60955


Keep safe :wave: