Trojan/Virus problem :(

Hey, I've been having troubles with my comp, and it keeps restarting when I'm on the net and using certain programs. I did all of procedures to check for spyware, trojans, viruses etc. Here are my logs

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

--- Thank you for your help, it'd be much appreciated.

 

Did you run Ewido per this thread?
Running Ewido Security Suite ...

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there!

Sysclean Package

Pattern.zip

Once you have these downloaded into the folder you just created, REBOOT INTO SAFE MODE!

Once in Safe Mode double click the file sysclean.com. When the system cleaner loads, click SCAN to start the scanner. After you complete the scan reboot and attach a fresh HJT log.

 

I can give you a big low-down on what I have done and what has happened:

Recently I got Broadband installed, but before I installed it I noticed my Anti-virus picked up a virus called "Javaapplication". It didn't delete it for some reason, so I went and got AVG instead. It picked up 2 viruses related to that, but I cannot recall what it said exactly, because my computer shut off as it was scanning. It seems that whenever I am on the internet my computer will shut itself down whenever it feels like.
Now I've run multiple scans on my AVG, which doesn't pick anything up anymore, I've run Spybot through a couple of times, I've run BulletProof Soft and Adware 6.0.,Spywareblaster. Nothing has rectified the problem =/

Although I did find a suspicious folder called "Sun" under C:\Documents and Settings\admin\application data
I know it's in relation to the Java applications that I have installed on the computer, but the virus name that I caught first made me suspicious. So I deleted it, and surely enough, the folder cam back, and then duplicated itself under the Adminstrator and all users folders. I deleted them again, and then ran the AVG again, and it didn't come back..

So with this little knowledge of not knowing exactly what was going on with my computer, I decided to uninstall the java and re-download it and re-install it. That seemed ok, but then when I opened up "Azureus" it shut down sooner or later. Azureus is based off of Java so I have come to suspect that the virus/trojan came from there. This has never happened to me before, but I guess there's all ways a first time. :/

I noticed that if I leave my computer disconnected from the internet, that it won't shut down. I then tested the computer to leave on overnight, while ABC running. It didn't shut down at all overnight. So I assume it has something to do with Azureus.

I then searched on google for a Trojan Remover and found the program "Anti-Trojan Shield". This proved effective as it detected a virus called "vr2.pxcpya64.exe" I deleted it, and thought that this may finally solve the problem. but to double check, I looked it up on google and went onto a couple of forums and it had a similar reference to my problem, except for the fact that my computer restarts whenever it feels like it.

The forum mentioned that if I had the following files in the System32 folder that I should delete them:

C:\WINDOWS\system32\pxcpya64.exe
C:\WINDOWS\system32\pxcpyi64.exe

So I did, and they haven't come back. By now I thought my computer was finally over all of this trouble, but I decided to test it again, so I ran Azureus and surely enough my computer restarted again!

I am so lost as to what to do now, I have no idea what it is, if AVG won't pick anything up, nor will the ATS. =(
Can you guys' please offer me some suggestions? I have no idea what to do. I do suspect my computer itself though, you know.
It's an Acer brand, and its brand new and all, but I discovered that my comuter didn't like Norton when I tried to install it, and it refused to start up, so I had to remove it. I'm wondering if perhaps my computer just hates Broadband, or if there is a trace of a trojan or virus still on here.

I've done the Ewido scan, panda scana, trent micor scan online, some other one I forgot what it was called, downloaded trojanhunter too.
I did the Hijackthis log too, so I really dunno what else to do =/

Either way, I'd love to know what the problem is. All help is much appreciated. Just be weary that I am not that good at computers so if you give me a list of things to do, then please be thorough in your explanations ^^;;

 

I noticed you had run the scans and things as requested, you saw it before I could edit it, go ahead and run the Trend Cleaner in my previous post. Attach this log with a fresh HJT log and we will go from there.

 

For some reason it wont let me download the second file you want me too. I downloaded the syscleaner into the TSC folder, but the other file wont download =/ ?

 

Works fine for me, try the links below...

Pattern File

Pattern File Website
(Choose the first one one the list if you have to use this one)

 

Wow, sorry about this. I finally got it to download, I rebooted in safe mode opended up the file and it came up with an error saying "pattern file "LPT$VPN.*" is missing, download a copy.

I found that perplexing as I downloaded both the files you told me to the folder on my desktop. But I ignored the error and clicked scan anyway. It was taking AGES to scan =_= and I think it was nearly done and then we had a power blackout for 2 hours. I'm annoyed. But I'm gonna leave it to scan on overnight, and I'll post the results tomorrow.

Thanks for your patience and help.

 

I forgot to add, extract the contents of the Pattern.zip and then run sysclean.com

Will be awaiting results!

 

Okay, I'm back. I did leave the scan on overnight, but when I came back to the comp it had restarted and was back in usual mode. I don't know if that happened after the scan finished, or coz my comp shut down.
But it does have a log in the file, and I did another hijackthis scan.

I'll attach the two logs. Please tell me if anything is wrong. =)

I might also add, that I get this error sometimes when I load up my comp. I don't know if it'll be any help, but yeah.

"Dr postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvienience.

Error Signature:

EventType : BEX P1 : drwtsn32.exe P2 : 5.1.2600.0 P3 : 3b7d84a2
P4 : dbghelp.dll P5 : 5.1.2600.2180 P6 : 4110969a P7 : 0001295d
P8 : c0000409 P9 : 00000000 "

Thanks.

 

Download LSP-Fix

After download is complete, Run LSP-Fix

Check the Box labeled "I know what I'm doing" and then click on the apptoport.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move apptoport.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

(Note: If the file apptoport.dll is already in the remove section, then just click FINISH.)


Please look in Add or Remove Programs for the following and Uninstall them if found:

BPS Spyware & Adware Remover

MessengerPlus! 3

Ewido

Trojan Hunter
(If you bought this, leave it)

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Bulletproofsoft.com ←–– Delete this whole folder if it exist!

C:\Program Files\MessengerPlus! 3 ←–– Delete this whole folder if it exist!

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Hey I just want to let you know that I have removed those programs, but when I went into HijackThis! I could only remove three of those problems. The following weren't on the list:

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

So I fixed what was there. Is it safe for me to continue on with the next steps you have advised?

Thanks

 

Here is my HJT log

Thanks ^^

 

Your HJT log is clean, are you having any further problems?

 

Not at the moment. You're serious, it's clean? =D

If you are sure, would you mind telling me what the problem was? Did I have a virus/trojan? And all those programs I unistalled before, are they safe to be re-installed? I use MSN a lot, and I do like msg plus, but if it was a serious cause I can do without. Just want some safety tips. And I'm going to try running Azurues, and see if it gives me any problems, because my computer would shut down after a while when it was running.

Thanks so much for all your help too!

 

You just had typical malware infections, I would stay clear of MessengerPlus! 3 or any version of this as it's a main cause for malware infections.

You should see this article on How to Protect yourself from malware!

Surf Safely!