Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby deltalima » September 15th, 2010, 3:28 am

Hi georgiemitchell01,

have downloaded avast


Please install Avast and run a full system scan and post the results in your next reply, also post the log from RKU

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top
Advertisement
Register to Remove

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 15th, 2010, 8:07 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x88543000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7065600 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x81C00000 PnpManager 3805184 bytes
0x81C00000 RAW 3805184 bytes
0x81C00000 WMIxWDM 3805184 bytes
0x8EB71000 C:\Windows\system32\DRIVERS\LV302V32.SYS 2682880 bytes (Logitech Inc., Logitech Webcam Software Driver)
0x8D200000 Win32k 2093056 bytes
0x8D200000 C:\Windows\System32\win32k.sys 2093056 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89415000 C:\Windows\system32\drivers\RTKVHDA.sys 2011136 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x81ABF000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x8064B000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x88441000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xA1D22000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x896CF000 C:\Windows\System32\drivers\tcpip.sys 856064 bytes (Microsoft Corporation, TCP/IP Driver)
0x88F4B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x88113000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xA0B02000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x81A55000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA169A000 C:\Windows\system32\drivers\HTTP.sys 417792 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80266000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8808A000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xA1B05000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x807B6000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8965B000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x88F0B000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x880D6000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8021A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x89BB2000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA1BC7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x81BC7000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x81A1F000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x81FA1000 ACPI_HAL 212992 bytes
0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88E66000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x89629000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8075F000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x89053000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88416000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80620000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x88060000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8902E000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x84FDB000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80434000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA1B91000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88ED1000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x84FA9000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8900D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA1622000 C:\Windows\system32\drivers\mrxdav.sys 126976 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x80790000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA1604000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8EA96000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA0A44000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x87893000 C:\Windows\system32\DRIVERS\Rtlh86.sys 106496 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0xA1641000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x896B6000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8801F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x89B9B000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x88EF4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x89AF4000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9FCDA000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x89613000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x89400000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0xA0A30000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x896A2000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8804D000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x88403000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA0AEF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x89BED000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x87815000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA1BB5000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x89AE2000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0x84FCA000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8074F000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8EA00000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80415000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x858C4000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x8D471000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x81A10000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80609000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x84E71000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x88EAA000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x80425000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9F410000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x87834000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x89605000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88E18000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80400000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x87885000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x89130000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x87878000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x88EB9000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x87827000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8020D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x88E0C000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8908B000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x88042000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x88037000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x89080000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x88009000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x890A1000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x88014000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x87842000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8780A000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x878FB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x878DD000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x878E7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x85DB4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x80600000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x85C27000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x84E80000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8025D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x85C30000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9F400000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x85C6F000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80204000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807AE000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80255000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x85D30000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x80459000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x85D80000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x85D88000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x80618000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA0C18000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8799F000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8040E000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x87998000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xA1B7D000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x85DCC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x85DC6000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x07A70000 Hidden Image-->SystemStatus.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 126976 bytes
0x07A20000 Hidden Image-->PCHealthSecurityPillar.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 200704 bytes
0x03E20000 Hidden Image-->MessagingInterface.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 28672 bytes
0x07AF0000 Hidden Image-->Interop.MLDeskBand.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 28672 bytes
0x08590000 Hidden Image-->RemotingClient.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 28672 bytes
0x03E30000 Hidden Image-->MessagingMessages.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 36864 bytes
0x07A00000 Hidden Image-->Content.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 36864 bytes
0x08560000 Hidden Image-->Interop.RulesEngineLib.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 36864 bytes
0x07750000 Hidden Image-->MessagingClients.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 45056 bytes
0x07AD0000 Hidden Image-->MarketPillar.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 45056 bytes
0x07AC0000 Hidden Image-->HowToPillar.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 45056 bytes
0x07B00000 Hidden Image-->Content.XmlSerializers.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 45056 bytes
0x012B0000 Hidden Image-->InterfaceServices.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 53248 bytes
0x03E10000 Hidden Image-->MessagingServer.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 53248 bytes
0x03400000 Hidden Image-->HPAdvisor.Common.Windows.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 61440 bytes
0x07AA0000 Hidden Image-->PCAlertsPillar.dll [ EPROCESS 0xA1E5D3E0 ] PID: 2780, 69632 bytes
0x00AC0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x8356D9D8 ] PID: 2840, 94208 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0009119E, Type: Inline - RelativeJump 0x81C9119E-->81C911A5 [ntkrnlpa.exe]
[4040]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7766EB00-->00000000 [firefox.exe]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am
Top

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 15th, 2010, 8:51 am

*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: Wednesday, September 15, 2010 8:37:35 AM
* VPS: 100915-0, 09/15/2010
*

Infected files: 0
Total files: 138751
Total folders: 13076
Total size: 29.8 GB

*
* Scan stopped: Wednesday, September 15, 2010 8:50:03 AM
* Run-time was 12 minute(s), 28 second(s)
*
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am
Top

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 15th, 2010, 9:02 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4620

Windows 6.0.6000
Internet Explorer 7.0.6000.16546

9/15/2010 9:00:40 AM
mbam-log-2010-09-15 (09-00-40).txt

Scan type: Quick scan
Objects scanned: 128670
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am
Top

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 15th, 2010, 9:05 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Compaq-Presario
System Product Name: GX617AA-ABA SR5310F
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 133):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x80434000 \SystemRoot\system32\drivers\pci.sys
0x80425000 \SystemRoot\system32\drivers\volmgr.sys
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x8040E000 \SystemRoot\system32\drivers\intelide.sys
0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AE000 \SystemRoot\system32\drivers\atapi.sys
0x80790000 \SystemRoot\system32\drivers\ataport.SYS
0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8064B000 \SystemRoot\system32\drivers\ndis.sys
0x80620000 \SystemRoot\system32\drivers\msrpc.sys
0x81BC7000 \SystemRoot\system32\drivers\NETIO.SYS
0x81ABF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x81A55000 \SystemRoot\System32\Drivers\ksecdd.sys
0x81A1F000 \SystemRoot\system32\drivers\volsnap.sys
0x80618000 \SystemRoot\System32\Drivers\spldr.sys
0x80609000 \SystemRoot\System32\drivers\partmgr.sys
0x81A10000 \SystemRoot\System32\Drivers\mup.sys
0x84FDB000 \SystemRoot\System32\drivers\ecache.sys
0x84FCA000 \SystemRoot\system32\drivers\disk.sys
0x84FA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80600000 \SystemRoot\system32\drivers\crcdisk.sys
0x87842000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x85C6F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87834000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88543000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x88113000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x87827000 \SystemRoot\System32\drivers\watchdog.sys
0x87815000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87893000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8780A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x880D6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87885000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8808A000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x88060000 \SystemRoot\system32\DRIVERS\ks.sys
0x88441000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0x88F4B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x87878000 \SystemRoot\system32\drivers\modem.sys
0x8804D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88042000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88037000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8801F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88416000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88F0B000 \SystemRoot\system32\DRIVERS\storport.sys
0x88014000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x88EF4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x88009000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x88ED1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x84E71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x88403000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88EAA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x85DCC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x878DD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88EB9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x88E66000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x858C4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x89415000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x89053000 \SystemRoot\system32\drivers\portcls.sys
0x8902E000 \SystemRoot\system32\drivers\drmk.sys
0x85C27000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87998000 \SystemRoot\System32\Drivers\Null.SYS
0x8799F000 \SystemRoot\System32\Drivers\Beep.SYS
0x88E0C000 \SystemRoot\System32\drivers\vga.sys
0x8900D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x85D80000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x85D88000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89080000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88E18000 \SystemRoot\System32\Drivers\Npfs.SYS
0x85C30000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x896CF000 \SystemRoot\System32\drivers\tcpip.sys
0x896B6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89400000 \SystemRoot\system32\DRIVERS\tdx.sys
0x896A2000 \SystemRoot\system32\DRIVERS\smb.sys
0x8965B000 \SystemRoot\system32\drivers\afd.sys
0x89629000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89613000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89605000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89BED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89BB2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x878E7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x89B9B000 \SystemRoot\System32\Drivers\dfsc.sys
0x89130000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8908B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x85D30000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x89AF4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x85DC6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D200000 \SystemRoot\System32\win32k.sys
0x878FB000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EB71000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0x89AE2000 \SystemRoot\system32\drivers\usbaudio.sys
0x8D471000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9F400000 \SystemRoot\System32\TSDDD.dll
0x9F410000 \SystemRoot\System32\cdd.dll
0x8EA96000 \SystemRoot\system32\drivers\luafv.sys
0xA0B02000 \SystemRoot\system32\drivers\spsys.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA0AEF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA169A000 \SystemRoot\system32\drivers\HTTP.sys
0xA0A44000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1641000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0A30000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1622000 \SystemRoot\system32\drivers\mrxdav.sys
0xA1604000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1BC7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA1BB5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA1B91000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1B05000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1B7D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1D22000 \SystemRoot\system32\drivers\peauth.sys
0x85DB4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x890A1000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0C18000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9FCDA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB0379000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0xABC04000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA96D7000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB03CE000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x87919000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x77640000 \WINDOWS\System32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
464 C:\WINDOWS\System32\smss.exe
532 csrss.exe
580 C:\WINDOWS\System32\wininit.exe
592 csrss.exe
624 C:\WINDOWS\System32\services.exe
636 C:\WINDOWS\System32\lsass.exe
648 C:\WINDOWS\System32\lsm.exe
724 C:\WINDOWS\System32\winlogon.exe
848 C:\WINDOWS\System32\svchost.exe
904 C:\WINDOWS\System32\svchost.exe
952 C:\WINDOWS\System32\svchost.exe
1020 C:\WINDOWS\System32\svchost.exe
1100 C:\WINDOWS\System32\svchost.exe
1124 C:\WINDOWS\System32\svchost.exe
1200 C:\WINDOWS\System32\audiodg.exe
1268 C:\WINDOWS\System32\SLsvc.exe
1308 C:\WINDOWS\System32\svchost.exe
1408 C:\WINDOWS\System32\svchost.exe
1652 C:\WINDOWS\System32\spoolsv.exe
1676 C:\WINDOWS\System32\svchost.exe
1896 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1940 C:\WINDOWS\System32\svchost.exe
1968 C:\WINDOWS\System32\svchost.exe
320 C:\WINDOWS\System32\svchost.exe
540 C:\WINDOWS\System32\SearchIndexer.exe
1192 C:\WINDOWS\System32\drivers\XAudio.exe
696 C:\WINDOWS\System32\taskeng.exe
2160 C:\WINDOWS\System32\dwm.exe
2172 C:\WINDOWS\System32\taskeng.exe
2252 C:\WINDOWS\explorer.exe
2540 C:\Program Files\Windows Defender\MSASCui.exe
2556 C:\hp\support\hpsysdrv.exe
2608 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
2632 C:\WINDOWS\RtHDVCpl.exe
2696 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2740 C:\WINDOWS\System32\hkcmd.exe
2748 C:\WINDOWS\System32\igfxpers.exe
2756 C:\Program Files\Windows Sidebar\sidebar.exe
2780 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2796 C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
3168 C:\WINDOWS\System32\schtasks.exe
3180 C:\WINDOWS\System32\igfxsrvc.exe
3804 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2840 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1136 C:\WINDOWS\System32\taskeng.exe
2692 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
2980 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3232 C:\Program Files\Mozilla Firefox\firefox.exe
1828 taskeng.exe
3316 C:\WINDOWS\System32\SearchProtocolHost.exe
3064 C:\WINDOWS\System32\SearchFilterHost.exe
264 C:\Users\gg\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`e3667e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725025GLA380, Rev: GM2OA57A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB9456


Done!
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am
Top

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby deltalima » September 15th, 2010, 9:34 am

Hi georgiemitchell01,

That's good, all clean. The reinstall removed the infection.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Make sure Vista is updated to Service pack 2 and Internet Explorer to version 8

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby jmw3 » September 16th, 2010, 9:46 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 243 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index