Help... please malware = bad

[C.S.]

well i messed up my computer for well hopefully the last time. this time i did it real good and i cant see to restore the easy way to make my desktop change pictures and i cant quite seem to make trend micro work on fire fox or on IE. well of cource i couldent have done it unless i was doing some thing i wasnt supposed to. i down loaded something and well it ran... well here is my hijack this list if you need that. i can get around my computer prety easy so hopefully some one can help.


Logfile of HijackThis v1.99.1
Scan saved at 12:21:26 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jared Currie\Desktop\HijackThis-1.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[C.S.]

so yeha that thing i dled is great so far i have 31 viruses and a hundred and two infected objects.... wow i messed it up good. this is useing kaspersky. so far the only scaner that is working

 

[01001010]

That HJT file is way to small. Make sure you posted a full logfile.

 

[C.S.]

things have been removed now that i look at it i do not see alot of things i should see one off the top of my head is java related things... that is the full scan and file i redid the scan again. i do remove certian things like kazza. though but i wouldent remove things for java...

 

[thebigdintx]

try starting your computer in safe mode, and running all your antivirus/antispyware applications while in safe mode......don't know if "C:\WINDOWS\system32\lsass.exe" has anything to do with the sasser worm...you may want to research that possibility.

 

[MiniVanMan]

lsass.exe is a critical Windows security program. It is not affiliated with the Sasser virus.

To the OP, you're HJT log is way too small as another poster said. Either you have a virus that's disabling all your standard processes, or you deleted too much from your log. Definitely reboot into SafeMode, and start recovery there. I'm not a huge fan of SafeMode as many, many hostile programs out there can now operate within SafeMode, but it's the best start. Run all your anti-virus, Ewido, Adaware, Spybot's, etc. Knock out as much as you can. Then reboot, run HJT, but don't delete anything and post the log.

Plus if you can get IE to work, let me know if you've actually been hijacked. You can also get that information in your IE Tools Internet Options.

 

[C.S.]

well so far i kasper waht ever has said i have 39 viruses it i think was just letting me know if you will... i have attached that file log here for you may be it will help its named crack.exe... i have already tried the samfe mode trick with trend micro it is not working.


the list of things gone wrong atm normaly i can get viruses but i have met my match with this package. gotta love the trojin dler

*edit* i cannot post the virus list if you think it will help i cna email the list to you.

i am going to go back to a restor eariler and ill try this again

*edit* the restor gave me back some of the little things but i feel there is still a problem... im going to do one more kasper scan to see

 

[C.S.]

well thank you i guess i jsut freaked... i have gotten a virus program to work and i manualy went threw and removed the threats any one recomend a program to use for malware and spyware? btw ie never was taken over it just messed with all sorts of setting it manafested itself mainly in my java folder and my temp folder. but now the files are gone and same goes for the ones assoiated wiht it.