Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Massive Virus/Malware/Trojan attack on my laptop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Massive Virus/Malware/Trojan attack on my laptop

Unread postby TowerPower » May 4th, 2011, 11:09 am

Hello,

I encountered strange behaviour on my Acer Aspire 1650, Windows XP Home, SP3 laptop. After a few runs of a current AntiVir I managed to get rid of all viruses, malware, trojans... messages. I still encounter problems with browser behaviour. From time to time I will be led from any link e.g. in a Google hit list to an ebay shop, sex page or similar. The AntiVir log mentioned the Webpage.Gen.2 malware... When AntiVir removed stuff afterwards on shutdown dialogs appeared that certain programs cannot be INITIALIZED. On the last successful run SVCHOST was last that shoed problems. As I saw SVCHOST as well on the process list consume a lot resources I suspect something could be wrong there. I guess there is still some nasty stuff on my computer that neither AntiVir nor Stinger can find.

Thanks a lot for your help!
Lothar

.
DDS (Ver_11-03-05.01) - FAT32x86
Run by sim at 17:01:46,17 on 04.05.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.384 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Programme\Fortinet\FortiClient\scheduler.exe
C:\Programme\Fortinet\FortiClient\FCDBLog.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Fortinet\FortiClient\FortiTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Arcade\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\Programme\Acer\eRecovery\Monitor.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Programme\OpenVPN\bin\openvpn-gui.exe
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\Messenger\msmsgs.exe
C:\Tomcat 5.5\bin\tomcat5w.exe
C:\Programme\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Interwise\Participant\pull.exe
C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Dokumente und Einstellungen\sim\Eigene Dateien\Downloads\HiJackThis204.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\Programme\T-Mobile\web'n'walk Manager\WTGU.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\programme\avira\antivir desktop\avcenter.exe
C:\Dokumente und Einstellungen\sim\Eigene Dateien\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\appconf32.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: altog<a>ther: {4210ad85-0138-3884-4d54-57696c4a6f6e} - Shdocvw.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PcSync] c:\programme\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\programme\arcade\PCMService.exe"
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [ATIPTA] c:\programme\ati technologies\ati control panel\atiptaxx.exe
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [LManager] c:\programme\launch manager\QtZgAcer.EXE
mRun: [eRecoveryService] c:\programme\acer\erecovery\Monitor.exe
mRun: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NSLauncher] c:\programme\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [SSBkgdUpdate] "c:\programme\gemeinsame dateien\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF3 Registry Controller] "c:\programme\scansoft\omnipage15.0\pdfconverter3\\RegistryController.exe"
mRun: [openvpn-gui] c:\programme\openvpn\bin\openvpn-gui.exe
mRun: [CloneCDTray] "c:\programme\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [ISUSPM Startup] c:\progra~1\gemein~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\programme\gemeinsame dateien\installshield\updateservice\issch.exe" -start
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [DataCardMonitor] c:\programme\t-mobile\web'n'walk manager\DataCardMonitor.exe
mRun: [SunJavaUpdateSched] c:\programme\java\jre6\bin\jusched.exe
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [LogitechQuickCamRibbon] "c:\programme\logitech\logitech webcam software\LWS.exe" /hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\monito~1.lnk - c:\tomcat 5.5\bin\tomcat5w.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\scanne~1.lnk - c:\programme\scanwizard 5\ScannerFinder.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\pushcl~1.lnk - c:\programme\interwise\participant\pull.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\wtgu.lnk - c:\programme\t-mobile\web'n'walk manager\WTGU.exe
IE: Open with Scansoft PDF Converter 3.0 - c:\programme\scansoft\omnipage15.0\pdfconverter3\IEShellExt.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: bmnet.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial-de.webex.com/client/v ... eatgpc.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 200.200.179.91 NPI0F2121
Hosts: 200.200.179.148 serverpc
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokume~1\sim\anwend~1\mozilla\firefox\profiles\acpjj9mi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\programme\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\programme\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-1-13 11608]
R1 FortiShield;Fortinet Fortishield;c:\windows\system32\drivers\fortishield.sys [2008-11-28 31776]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\avira\antivir desktop\sched.exe [2010-1-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-1-13 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-13 61960]
R2 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [2008-11-28 97824]
R2 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr.sys [2008-11-28 24992]
R3 Fortidrv2;FortiNet Fortidrv Service;c:\windows\system32\drivers\fortidrv.sys [2008-11-28 22176]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S2 srv340;srv340;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\drivers\ftvnic.sys [2008-11-28 14496]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [2006-2-21 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [2006-2-21 23296]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\gemein~1\marmik~1\minfrais\MIINPazX.SYS [2007-2-10 17152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-2-17 30336]
S3 Tomcat5;Apache Tomcat;c:\tomcat 5.5\bin\tomcat5.exe [2006-9-12 53248]
S3 USB100;USB 10/100 Network Adapter;c:\windows\system32\drivers\USB100.sys [2006-11-13 25535]
.
=============== Created Last 30 ================
.
2011-05-01 13:40:41 -------- d-----w- c:\windows\system32\kock
2011-04-29 14:50:48 -------- d-sh--w- C:\FOUND.000
.
==================== Find3M ====================
.
2011-04-29 13:01:56 90112 ----a-w- c:\windows\DUMP85ba.tmp
2011-04-02 20:23:14 1409 ----a-w- c:\windows\QTFont.for
2011-02-09 12:53:26 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 12:53:26 186880 ----a-w- c:\windows\system32\encdec.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8025GAS rev.KA023A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C725D9]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86c78970]; MOV EAX, [0x86c789ec]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86D1AAB8]
3 CLASSPNP[0xF74F2FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000096[0x86D219E8]
5 ACPI[0xF7368620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86D21D98]
\Driver\atapi[0x86CEA830] -> IRP_MJ_CREATE -> 0x86C725D9
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskTOSHIBA_MK8025GAS_______________________KA023A__#5&34163727&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86C7241F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:03:45,59 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 17.02.2006 20:01:55
System Uptime: 04.05.2011 16:31:26 (1 hours ago)
.
Motherboard: Acer, Inc. | | Crane II
Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1728/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 36 GiB total, 8,531 GiB free.
D: is FIXED (FAT32) - 36 GiB total, 27,036 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Fortinet virtual adapter
Device ID: ROOT\NET\0001
Manufacturer: Fortinet
Name: Fortinet virtual adapter
PNP Device ID: ROOT\NET\0001
Service: ft_vnic
.
==== System Restore Points ===================
.
RP399: 03.04.2011 00:01:14 - Systemprüfpunkt
RP400: 04.04.2011 22:04:34 - Systemprüfpunkt
RP401: 08.04.2011 04:35:03 - Systemprüfpunkt
RP402: 09.04.2011 14:26:59 - Systemprüfpunkt
RP403: 10.04.2011 17:34:48 - Systemprüfpunkt
RP404: 11.04.2011 22:08:13 - Systemprüfpunkt
RP405: 15.04.2011 22:00:00 - Systemprüfpunkt
RP406: 19.04.2011 22:32:13 - Systemprüfpunkt
RP407: 21.04.2011 19:48:23 - Systemprüfpunkt
RP408: 28.04.2011 06:52:37 - Systemprüfpunkt
RP409: 29.04.2011 17:22:10 - Systemprüfpunkt
RP410: 01.05.2011 15:03:50 - Systemprüfpunkt
RP411: 02.05.2011 22:16:33 - Systemprüfpunkt
.
==== Installed Programs ======================
.
7-Zip 4.65
ABBYY FineReader OCR Engine
Acer eManager for Notebook
Acer eNetManagement
Acer ePowerManagement
Acer GridVista
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8 - Deutsch
Apache Tomcat 5.5 (remove only)
Arcade 3.0
ATI - Dienstprogramm zur Deinstallation der Software
ATI Control Panel
ATI Display Driver
Avid Xpress Pro
Avira AntiVir Personal - Free Antivirus
AVS Media Player 3.1
AVS4YOU Software Navigator 1.3
CloneCD
Conexant AC-Link Audio
Enterprise Architect 4.00
ExamDiff Pro 4.0
ExamDiff Pro 5.0 (32-bit)
FileZilla (remove only)
FortiClient
Free Audio CD Burner version 1.4.7
Free Mp3 Wma Converter V 1.8.0
GanttProject
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB976002-v5)
HP Color LaserJet 2820/2830/2840 2.0
HP Image Zone 4.7
hppFaxUtility
hppIOFiles
hppManuals2800
hppscan2800
hppTooCool
Intel(R) PROSet/Wireless Software
Interwise Participant
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Mega Codec Pack 6.8.4
Launch Manager
Learn2 Player (Uninstall Only)
Logitech Webcam Software
Logitech Webcam Software-Treiberpaket
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
mMHouse
Mozilla Firefox (3.6.16)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
MySQL Administrator 1.1
MySQL Query Browser 1.1
MySQL Server 5.0
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Notepad++
NTI Backup NOW! 4
NTI CD & DVD-Maker
OpenVPN 2.0.9-gui-1.0.3
Paint Shop Pro 4.12 Shareware
PowerProducer
QFolder
QuickTime
RealPlayer Basic
Scan
ScanSoft OmniPage 15.0
ScanSoft PDF Converter 3.0
ScanSoft PDF Create! 3.0
ScanWizard 5
Sentinel System Driver 5.42.1 (32-bit)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 10 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows Media Player 9 (KB911565)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476687)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479628)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485376)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950759)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953838)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB963027)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969897)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165-v2)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
Sicherheitsupdate für Windows XP (KB982802)
Skype Toolbars
Skype™ 5.1
SoftV92 Data Fax Modem with SmartCP
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TextPad 4.7
TIxx21
TotalAudioConverter
Uniblue RegistryBooster 2
Uninstall 1.0.0.1
Update für Windows Internet Explorer 8 (KB971930)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Viewpoint Media Player
VLC media player 1.1.7
WD Diagnostics
web'n'walk Manager
WebEx
WebFldrs XP
Wichtiges Update für Windows Media Player 11 (KB959772)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR Archivierer
WinSCP 3.8.2
.
==== End Of File ===========================
You do not have the required permissions to view the files attached to this post.
TowerPower
Active Member
 
Posts: 4
Joined: May 4th, 2011, 10:50 am
Advertisement
Register to Remove

Re: Massive Virus/Malware/Trojan attack on my laptop

Unread postby Alander » May 6th, 2011, 12:55 am

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Massive Virus/Malware/Trojan attack on my laptop

Unread postby TowerPower » May 6th, 2011, 3:35 am

Hello Alander,
thanks a lot for your willingness to help me with my problem.
Lothar
TowerPower
Active Member
 
Posts: 4
Joined: May 4th, 2011, 10:50 am

Re: Massive Virus/Malware/Trojan attack on my laptop

Unread postby Alander » May 6th, 2011, 4:36 am

Hi Lothar

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Massive Virus/Malware/Trojan attack on my laptop

Unread postby TowerPower » May 9th, 2011, 4:18 am

Hi Alander!
I did exactly as you asked. Gmer reported a rootkit. See Gmer.txt file attached.
Thanks,
Lothar
You do not have the required permissions to view the files attached to this post.
TowerPower
Active Member
 
Posts: 4
Joined: May 4th, 2011, 10:50 am

Re: Massive Virus/Malware/Trojan attack on my laptop

Unread postby Alander » May 9th, 2011, 10:16 am

Hi :)
Business computer

I have examined your log & I believe this to be a computer used for business, be it personal or corporate.


If I could point you in the direction of the rules, which state under Posting for help for business machines
This forum was set up specifically to help home users, our volunteer helpers choose not to work on machines used for other purposes
On this forum the Administrators are the sole arbiters of what constitutes Home use.
We reserve the right to close any topic that in our opinion is from a computer used for other purposes.
All decisions are final, and are not open to discussion or negotiation.

If this is indeed a business computer:

  • If it is a corporate computer, it is suggested that you take this issue to your IT department.
  • If this is a personal computer used for business (personal or corporate), it is suggested that you take this issue to your IT department, or your local PC repair store.

Please clarify if your computer is a business computer.

Thank you for your understanding.

Rootkit

Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
Why are rootkits dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups


Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Massive Virus/Malware/Trojan attack on my laptop

Unread postby TowerPower » May 9th, 2011, 11:40 am

This is a private computer at home that I use for business rarely from time to time. However, I do not have to ask for your further help, as I will reformat and reinstall the whole computer instead of trying to clean it... as advised.

Thanks a lot for your help,
Lothar
TowerPower
Active Member
 
Posts: 4
Joined: May 4th, 2011, 10:50 am

Re: Massive Virus/Malware/Trojan attack on my laptop

Unread postby Cypher » May 10th, 2011, 5:03 am

As this issue will be resolved with a reformat, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware