Got it fixed myself, thanks anyways
Hello everyone, I need some help please. When I try to access the internet, I recieve 302 error messages in my browser or I am sent to some random webpage. When I click CNTRL ALT DLT I get an error message that the task manager has been disabled by the adminstator.
I ran some programs and have the log files below.
Thanks in advance for any help.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/22/2009 at 09:04 PM
Application Version : 4.32.1000
Core Rules Database Version : 4379
Trace Rules Database Version: 1978
Scan type : Complete Scan
Total Scan Time : 03:21:05
Memory items scanned : 377
Memory threats detected : 0
Registry items scanned : 6867
Registry threats detected : 24
File items scanned : 202159
File threats detected : 19
Rootkit.Agent/Gen-DiskFake
HKLM\System\ControlSet001\Services\ndisdrv
C:\WINDOWS\SYSTEM32\NDISDRV.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_ndisdrv
HKLM\System\ControlSet001\Services\winsts
C:\WINDOWS\SYSTEM32\WINSTS.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_winsts
HKLM\System\ControlSet002\Services\ndisdrv
HKLM\System\ControlSet002\Enum\Root\LEGACY_ndisdrv
HKLM\System\ControlSet002\Services\winsts
HKLM\System\ControlSet002\Enum\Root\LEGACY_winsts
HKLM\System\ControlSet003\Services\ndisdrv
HKLM\System\ControlSet003\Enum\Root\LEGACY_ndisdrv
HKLM\System\ControlSet003\Services\winsts
HKLM\System\ControlSet003\Enum\Root\LEGACY_winsts
HKLM\System\ControlSet005\Services\ndisdrv
HKLM\System\ControlSet005\Enum\Root\LEGACY_ndisdrv
HKLM\System\ControlSet005\Services\winsts
HKLM\System\ControlSet005\Enum\Root\LEGACY_winsts
HKLM\System\ControlSet006\Services\ndisdrv
HKLM\System\ControlSet006\Enum\Root\LEGACY_ndisdrv
HKLM\System\ControlSet006\Services\winsts
HKLM\System\ControlSet006\Enum\Root\LEGACY_winsts
HKLM\System\CurrentControlSet\Services\ndisdrv
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ndisdrv
HKLM\System\CurrentControlSet\Services\winsts
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_winsts
Trojan.Agent/Gen
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk
C:\WINDOWS\SYSTEM32\RUMEPOPO.DLL.VIRUS
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AD2ACBBD-B800-46EA-85C4-848924B9BE7F}\RP3\A0005223.DLL
C:\WINDOWS\SYSTEM32\VAWOPIJO.EXE
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AD2ACBBD-B800-46EA-85C4-848924B9BE7F}\RP3\A0005224.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AD2ACBBD-B800-46EA-85C4-848924B9BE7F}\RP3\A0005229.DLL
Trojan.Agent/Gen-6TO4
C:\WINDOWS\SYSTEM32\6TO4V32.DLL
Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\system@admarketplace[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@enhance[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@revsci[1].txt
F:\Documents and Settings\NetworkService\Cookies\system@overture[1].txt
Trojan.Agent/Gen-WIWOW64
C:\WINDOWS\SYSTEM32\WMDTC.EXE
Trojan.Agent/Gen-FakeAlert[Calc]
F:\DOCUMENTS AND SETTINGS\MOM\START MENU\PROGRAMS\STARTUP\SCANDISK.DLL.VIRUS
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
12/22/2009 9:25:31 PM
mbam-log-2009-12-22 (21-25-31).txt
Scan type: Quick Scan
Objects scanned: 110706
Time elapsed: 4 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 12
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fastnetsrv (Backdoor.Refpron) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BtwSrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FASTNETSRV (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winlogon86.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d05fc09a-3459-4dcc-bdde-77b43dbc76a3}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,68.94.156.1 68.94.157.1 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\notepad.dll.virus (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FastNetSrv.exe.virus (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\SystemProfile\ntload.dll.virus (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:24 PM, on 12/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Internet\Avast\aswUpdSv.exe
C:\Internet\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Internet\Avast\ashMaiSv.exe
C:\Internet\Avast\ashWebSv.exe
C:\Internet\Avast\ashDisp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\mom\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Documents and Settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\mom\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qnntv.com/aspx/qnn/default.aspx
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\Internet\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\mom\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [pyomiwwxv] rundll32 "C:\WINDOWS\system32\rpcns4C.dll",Dbrtccocg
O4 - HKUS\S-1-5-21-329068152-813497703-1957994488-1004\..\Run: [SansaDispatch] C:\Documents and Settings\mom\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-813497703-1957994488-1004\..\Run: [Google Update] "C:\Documents and Settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'Default user')
O4 - S-1-5-21-329068152-813497703-1957994488-1004 Startup: toolbar.lnk = C:\Download\toolbar\toolbar.exe (User '?')
O4 - Startup: toolbar.lnk = C:\Download\toolbar\toolbar.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/move/06071909/qsp2ie06071909.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: \wisahiri.dll lorizuzu.dll c:\windows\system32\rumepopo.dll c:\windows\system32\kiyituhe.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: boweneyar - {0d3228ce-d891-4152-a99f-1614b23d4a54} - c:\windows\system32\wisahiri.dll (file missing)
O21 - SSODL: walufayij - {7a70e709-6cc5-4ba8-bf7b-e09adedde6ff} - c:\windows\system32\rumepopo.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {0d3228ce-d891-4152-a99f-1614b23d4a54} - c:\windows\system32\wisahiri.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {7a70e709-6cc5-4ba8-bf7b-e09adedde6ff} - c:\windows\system32\rumepopo.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Internet\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Internet\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Internet\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Internet\Avast\ashWebSv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
--
End of file - 6433 bytes
