Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC bombarded with Virus' and Malware [Solved]

Started by Danielle F. , Jan 17 2009 11:43 AM

  • This topic is locked This topic is locked

#1
Danielle F.
Posted 17 January 2009 - 11:43 AM

Danielle F.

    New Member

  • Member
  • Pip
  • 9 posts
I am having multiple issues with pop-ups that will not go away, internet windows being opened containing advertisements, error messages, etc. I have tried McAfee Virus Scan, Spybot, Adaware, VundoFix, Malwarebytes, and every method listed in this post: http://www.geekstogo...ee-t223573.html

Error Message:
Windows - no disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

Nothing is working, I thought I had fixed the problem over a month ago, and now it is back.

Spybot says that my computer has infections, but does not do anything. It says it has deleted/repaired them,
but then I scan again and the test is the same everytime/ Spybot is useless.
These are the infections Spybot says my computer has: AdRevolver, BurstMedia, CasaleMedia, CoreMetrics,
Doubleclick, Fastclick, Hitbox, Mediaplex, Statcounter, Webtrends Live, Zedo, CoolWWWSearch, and
Virtumonde.

----------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:27 PM, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Photoshop 6\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189966745546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189966735156
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O23 - Service: McAfee Application Installer Cleanup (0204091229396049) (0204091229396049mcinstcleanup) - Unknown owner - C:\DOCUME~1\DANIELLE\LOCALS~1\Temp\020409~1.EXE (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - G:\Adobe Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Adobe Photoshop Elements 6\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9665 bytes

-------------------------------------------------------------------------------------------------------------------------------------

Virtumonde Be Gone Log

[01/16/2009, 15:55:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\DANIELLE\Desktop\VirtumundoBeGone.exe" )
[01/16/2009, 15:55:57] - Detected System Information:
[01/16/2009, 15:55:57] - Windows Version: 5.1.2600, Service Pack 2
[01/16/2009, 15:55:57] - Current Username: DANIELLE (Admin)
[01/16/2009, 15:55:57] - Windows is in NORMAL mode.
[01/16/2009, 15:55:57] - Searching for Browser Helper Objects:
[01/16/2009, 15:55:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/16/2009, 15:55:57] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[01/16/2009, 15:55:57] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/16/2009, 15:55:57] - BHO 4: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[01/16/2009, 15:55:57] - Finished Searching Browser Helper Objects
[01/16/2009, 15:55:57] - Finishing up...
[01/16/2009, 15:55:57] - Nothing found! Exiting...

-----------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 5.1.2600 Service Pack 2

1/16/2009 2:39:26 PM
mbam-log-2009-01-16 (14-39-26).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 135074
Time elapsed: 57 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jkkIXpND.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rqRllKef.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ltlmwcge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rmdobsai.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vibipc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yepxbi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrllkef (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cf767a6-e109-46c8-98b3-7e146b69e650} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7cf767a6-e109-46c8-98b3-7e146b69e650} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6a92dce-dc0b-4605-b553-9d70e3c67f6a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b6a92dce-dc0b-4605-b553-9d70e3c67f6a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6df4ba3-2070-4b53-80dd-fdf86cca887a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e6df4ba3-2070-4b53-80dd-fdf86cca887a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5d8b5794-da30-42ca-b384-1a639236c36e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkkixpnd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkixpnd -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\rqRllKef.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yepxbi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkkIXpND.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\DNpXIkkj.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ltlmwcge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rmdobsai.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vibipc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\DANIELLE\Local Settings\Temporary Internet Files\Content.IE5\EO8VVY3C\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\DANIELLE\Local Settings\Temporary Internet Files\Content.IE5\I1UPFB67\divx[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DANIELLE\Local Settings\Temporary Internet Files\Content.IE5\R3DGC28E\qoKUDN[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bxcsuixw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

Advertisements

#2
Essexboy
Posted 17 January 2009 - 11:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Danielle lets have a deeper look to see what is hiding

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All Users
  • Check the Radio button for Rootkit check YES
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
Danielle F.
Posted 17 January 2009 - 12:05 PM

Danielle F.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Log from OTScanIt, added as an attachment.

Attached Files


  • 0

#4
Essexboy
Posted 17 January 2009 - 12:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing that shows no sign of infection, could you let me know what problems you are currently experiencing

We will now do a deep search of your processes and files

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
Danielle F.
Posted 17 January 2009 - 01:01 PM

Danielle F.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I am currently trying to run the AVZ, but the error message:
Error Message:
Windows - no disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c
makes it very difficult, when it comes up the programs processes stop, and I press "cancel" or the
"x" at the top right corner and it keeps popping up again and again.
  • 0

#6
Essexboy
Posted 17 January 2009 - 01:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this looks like a system problem as opposed to malware. So I would like you to go to control panel and select device manager and let me know if you have any yellow exclamation marks showing. If so please let me know what they are.

Also do you have any USB devices plugged in ?
  • 0

#7
Danielle F.
Posted 17 January 2009 - 01:47 PM

Danielle F.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I am having issues doing what you asked, I opened the Device Manager and it
is not loading any of the devices present - it stays blank?
  • 0

#8
Danielle F.
Posted 17 January 2009 - 02:12 PM

Danielle F.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I restarted my computer and finally got the Device Manager to load, and there are no issues.
No exclamation points or anything. But that same error message keeps coming up, and
another one popped up something "the instruction 0xc..." but it closed to fast for me to write
it down.
  • 0

#9
Danielle F.
Posted 17 January 2009 - 04:18 PM

Danielle F.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It took a very long time to get AVZ to run, and the computer froze. So I
had to shut it down manually and reboot. I have attached the AVZ log file.

Attached Files


  • 0

#10
Essexboy
Posted 17 January 2009 - 04:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry for the delay in getting back on this but the wife needed her CSI fix

I will get a tech to look at this as it is looking more like a hardware problem. Back when I get a reply
  • 0

Advertisements

#11
Essexboy
Posted 17 January 2009 - 04:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting popups ??

I would like you to run a chkdisc whilst we are waiting to clear one possible area. Microsoft has a guided help for this here please follow it and post back with the results
  • 0

#12
Danielle F.
Posted 17 January 2009 - 07:23 PM

Danielle F.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
From what I can tell the Chkdsc found no errors? I have not gotten a pop-up this afternoon concerning browser windows, but I am still getting the No Disk Error repeatedly.
  • 0

#13
Essexboy
Posted 18 January 2009 - 06:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again, the techs have come up with a few possibilties which we will need to check

Firstly it may be that the system is trying to access your floppy disc drive, do you have one ?

To that end we will disable that option first There is a small programme that will allow you to turn it on or off here Please download this, run it and reboot let me know if that cures the problem
  • 0

#14
Danielle F.
Posted 18 January 2009 - 10:44 AM

Danielle F.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Last night I actually changed my drive letters/paths due to something else
I read on the error message. But, I have also downloaded the program
you advised. I disabled the floppy drives and rebooted. I do have one floppy
drive and 2 disc drives.

So far I have not seen the error message.
  • 0

#15
Essexboy
Posted 18 January 2009 - 10:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sounds cool - lets put that on the back burner for now then unless it re-appears :)

How is the rest of your system running now ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP