Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

need serious help here infected with up to 39 viruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

need serious help here infected with up to 39 viruses

Unread postby shaneyz » December 21st, 2010, 9:24 pm

sorry went out of town and topic got closed hijackthis is no longer responsive am trying to redownload

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:23:56 PM, on 12/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponsBar.dll (file missing)
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OpenCandyReminder] "C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\OpenCandy\OpenCandy_0E57AAF66FFA4EAEA1D799CCEA9A3B6D\OCReminder.exe" /RUNSTARTUP
O4 - HKUS\S-1-5-21-3974549689-3108957088-865617653-1007\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-3974549689-3108957088-865617653-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3974549689-3108957088-865617653-1007\..\Run: [OpenCandyReminder] "C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\OpenCandy\OpenCandy_0E57AAF66FFA4EAEA1D799CCEA9A3B6D\OCReminder.exe" /RUNSTARTUP (User '?')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

--
End of file - 12394 bytes
shaneyz
Active Member
 
Posts: 11
Joined: November 17th, 2010, 11:33 am
Advertisement
Register to Remove

Re: need serious help here infected with up to 39 viruses

Unread postby shaneyz » December 21st, 2010, 9:28 pm

was asked to run security check but when i do get this message autolt error line -1: error: variable must be of type "Object"
shaneyz
Active Member
 
Posts: 11
Joined: November 17th, 2010, 11:33 am

Re: need serious help here infected with up to 39 viruses

Unread postby shaneyz » December 21st, 2010, 9:33 pm

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 7.0.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````
shaneyz
Active Member
 
Posts: 11
Joined: November 17th, 2010, 11:33 am

Re: need serious help here infected with up to 39 viruses

Unread postby shaneyz » December 21st, 2010, 9:41 pm

dirlook has been deprecated in favor of system look
shaneyz
Active Member
 
Posts: 11
Joined: November 17th, 2010, 11:33 am

Re: need serious help here infected with up to 39 viruses

Unread postby shaneyz » December 21st, 2010, 10:34 pm

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\BitTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\FrostWire\FrostWire.exe deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\BitTorrent not found.
C:\Program Files\FrostWire folder moved successfully.
C:\Program Files\LimeWire\root\magnet10 folder moved successfully.
C:\Program Files\LimeWire\root folder moved successfully.
C:\Program Files\LimeWire\lib\avg folder moved successfully.
C:\Program Files\LimeWire\lib folder moved successfully.
C:\Program Files\LimeWire folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\xml\data folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\xml folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\themes folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\overlays folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\image_cache folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus\torrents folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus\tmp folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus\plugins folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus\net folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus\logs\save folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus\logs folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus\dht folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus\active folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\azureus folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\FrostWire folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\OpenCandy\OpenCandy_120A78CFC35D43239D80FC4549048F51 folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\OpenCandy\OpenCandy_0E57AAF66FFA4EAEA1D799CCEA9A3B6D folder moved successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\OpenCandy folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 26531 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 26531 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Administrator
->Temp folder emptied: 3993207185 bytes
->Temporary Internet Files folder emptied: 21404403 bytes
->Java cache emptied: 2693795 bytes
->FireFox cache emptied: 93433265 bytes
->Google Chrome cache emptied: 8930300 bytes
->Flash cache emptied: 113266 bytes

User: HP_Administrator.YOUR-4DACD0EA75
->Temp folder emptied: 82948876 bytes
->Temporary Internet Files folder emptied: 2571247 bytes
->Java cache emptied: 966502 bytes
->FireFox cache emptied: 106097998 bytes
->Flash cache emptied: 11582 bytes

User: HP_Administrator.YOUR-4DACD0EA75.000
->Temp folder emptied: 2559748847 bytes
->Temporary Internet Files folder emptied: 19331381 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64476592 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10056 bytes

User: IE

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 255779705 bytes
->Java cache emptied: 18756 bytes
->FireFox cache emptied: 3493915 bytes
->Flash cache emptied: 88141 bytes

User: NetworkService
->Temp folder emptied: 133182 bytes
->Temporary Internet Files folder emptied: 316275536 bytes
->Java cache emptied: 4307 bytes
->Google Chrome cache emptied: 6768729 bytes
->Flash cache emptied: 78483 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2136403 bytes
%systemroot%\System32 .tmp files removed: 591889 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3603061 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26531 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 895781 bytes

Total Files Cleaned = 7,196.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12212010_204854

Files moved on Reboot...
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Temp\IadHide5.dll moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
shaneyz
Active Member
 
Posts: 11
Joined: November 17th, 2010, 11:33 am

Re: need serious help here infected with up to 39 viruses

Unread postby shaneyz » December 21st, 2010, 10:42 pm

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-21 21:41:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 SAMSUNG_SP2004C rev.VM100-49
Running: gdtx9ve9.exe; Driver: C:\DOCUME~1\HP_ADM~1.000\LOCALS~1\Temp\kwxyafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEB9ABCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEB9ABBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEB9AC160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEB9AC08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEB9AB782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEB9ABC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEB9AB6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEB9AB726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEB9ABDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEB9AC22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEB9ABD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEB9ABEE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEB9B8BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEB9B89D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEB9B8B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP EB9B8B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP EB9B89D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP EB9B45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP EB9B5FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP EB9B8BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5A5B360, 0x20574D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1132] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0140000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1132] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0141000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1132] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 013F000C
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AA000A
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A9000C
.text C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01EA000A
.text C:\WINDOWS\System32\svchost.exe[1208] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E9000A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1604] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\Explorer.EXE[1820] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\Explorer.EXE[1820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\Explorer.EXE[1820] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2436] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 862833B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 862833B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 862833B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 862833B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 862833B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 862833B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 862833B2

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskSAMSUNG_SP2004C_________________________VM100-49#30534737314a4c54304134363435202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 390721712 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----
shaneyz
Active Member
 
Posts: 11
Joined: November 17th, 2010, 11:33 am

Re: need serious help here infected with up to 39 viruses

Unread postby Cypher » December 23rd, 2010, 7:23 am

You have replied to your own topic, and as a result we must close this topic.

May I draw your attention to THIS topic, which you should have read before posting for help.

THIS is the section that tells you why you should not reply to your own topic.

This topic will now be closed

If you still require help, please open a new thread in the Malware Removal forum, post the logs asked for in the first topic I linked to and wait for assistance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 313 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware