Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Problem

Unread postby thepunisher » December 6th, 2008, 5:33 pm

I just installed WinRar and now I get this pop up message every few mins saying "intervalhehehe"
when I go to google or yahoo, it sends me to a site stating,

"Alert : Your computer have been attacked by spyware or viruses!Please download AntiSpyware to fix."


here is my logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:42 PM, on 12/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Users\punisher\Desktop\WinRAR.exe
C:\Users\punisher\AppData\Local\Temp\IXP000.TMP\explore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 61.157.217.210 http://www.yahoo.com
O1 - Hosts: 61.157.217.210 http://www.google.com
O1 - Hosts: 61.157.217.210 http://www.google.co.uk
O1 - Hosts: 61.157.217.210 http://www.myspace.com
O1 - Hosts: 61.157.217.210 http://www.youtube.com
O1 - Hosts: 61.157.217.210 http://www.facebook.com
O1 - Hosts: 61.157.217.210 http://www.antispy.com
O1 - Hosts: 61.157.217.210 http://www.yahoo.com
O1 - Hosts: 61.157.217.210 http://www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 http://www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 http://www.msn.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.gg.com
O1 - Hosts: 123.251.143.110 http://www.ghfhj.com
O1 - Hosts: 123.251.143.110 http://www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 http://www.1.com
O1 - Hosts: 123.251.143.110 http://www.3.com
O1 - Hosts: 123.251.143.110 http://www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 http://www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 http://www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 http://www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 http://www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 http://www.live.com
O1 - Hosts: 123.251.143.110 http://www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 http://www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 http://www.asdhhfasdfd.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [googletalk] C:\Users\punisher\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10735 bytes


uninstall list

Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AVG Free 8.0
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DisplayFusion 2.2.0
Enhanced Multimedia Keyboard Solution
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPTCSSetup
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.14.17.1
LightScribeTemplateLabeler
Linksys Wireless-G PCI Network Adapter with SpeedBooster Driver - WMP54GS
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
muvee autoProducer 6.1
My HP Games
Power2Go
PowerDirector
PowerDirector
Python 2.5.2
QuickPar 0.9
Realtek High Definition Audio Driver
SPORE Creature Creator Trial Edition
TeamViewer 3
Visual C++ 8.0 Runtime Setup Package (x64)
WinRAR archiver

thank you very much..
thepunisher
Active Member
 
Posts: 1
Joined: December 6th, 2008, 5:25 pm
Advertisement
Register to Remove

Re: Malware Problem

Unread postby suebaby41 » December 21st, 2008, 5:18 pm

Welcome to the Malware removal Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized.
Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
User avatar
suebaby41
MRU Master
MRU Master
 
Posts: 2053
Joined: February 8th, 2005, 7:38 pm

Re: Malware Problem

Unread postby NonSuch » December 27th, 2008, 2:46 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware