Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Wondering if anyone can help me with a possible trojan?

Started by Azzi , Aug 28 2009 12:06 PM

  • Please log in to reply

#1
Azzi
Posted 28 August 2009 - 12:06 PM

Azzi

    New Member

  • Member
  • Pip
  • 2 posts
I've gone through the cleaning guides but I'm still a bit lost and not sure what to do. Any help is greatly appeciated, I've tried asking many people and no one can really help.

About a week ago AVcare started popping up and saying something about viruses. I realized this wasn't a legit program and removed it. Since then my computer has been weird. Randomly it sounds like a radio station is playing when I have no programs open, it'll stay on for about 15-20 minutes then just stop. So I asked around and someone said to try Adware. I downloaded it and ran a scan, it found a trojan somewhere in my system32 but said it couldn't remove it. So I went to the file location and it isn't there. I then tried downloaded Malawarebytes, I download it and then extract the files from the setup but it doesn't open up. I've tried it in safe mode as well and still no luck.

Any suggestions? Thanks in advance.
  • 0

Advertisements

#2
kahdah
Posted 28 August 2009 - 12:18 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Azzi

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
Azzi
Posted 28 August 2009 - 12:52 PM

Azzi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Report 1


"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler (remove only)
"Dofus 1.27.0" = Dofus 1.27.0
"DofusBeta 1.27.0" = DofusBeta 1.27.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 1.99.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{B93D24B3-928D-4805-B379-4AA47CB3794E}" = NETGEAR WG511v2 wireless PC card
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"net" = Advertisement Service
"NVIDIA Drivers" = NVIDIA Drivers
"Rhapsody" = Rhapsody
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wakfu" = Wakfu
"WildTangent hplaptop Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2009 2:02:06 AM | Computer Name = sholly-PC | Source = ESENT | ID = 467
Description = Windows (1228) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexRecovery of table SystemIndex_Gthr is corrupted (0).

Error - 8/28/2009 2:08:06 AM | Computer Name = sholly-PC | Source = ESENT | ID = 467
Description = Windows (1228) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexRecovery of table SystemIndex_Gthr is corrupted (0).

Error - 8/28/2009 2:12:05 AM | Computer Name = sholly-PC | Source = ESENT | ID = 467
Description = Windows (1228) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexRecovery of table SystemIndex_Gthr is corrupted (0).

Error - 8/28/2009 2:16:58 AM | Computer Name = sholly-PC | Source = Software Licensing Service | ID = 8193
Description = License Activation Scheduler (SLUINotify.dll) failed with the following
error code: 0xC004D401

Error - 8/28/2009 12:21:04 PM | Computer Name = sholly-PC | Source = ESENT | ID = 467
Description = Windows (2072) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexRecovery of table SystemIndex_Gthr is corrupted (0).

Error - 8/28/2009 12:24:49 PM | Computer Name = sholly-PC | Source = ESENT | ID = 467
Description = Windows (2072) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexRecovery of table SystemIndex_Gthr is corrupted (0).

Error - 8/28/2009 12:28:23 PM | Computer Name = sholly-PC | Source = ESENT | ID = 467
Description = Windows (2072) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexRecovery of table SystemIndex_Gthr is corrupted (0).

Error - 8/28/2009 12:30:25 PM | Computer Name = sholly-PC | Source = ESENT | ID = 467
Description = Windows (2072) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexRecovery of table SystemIndex_Gthr is corrupted (0).

Error - 8/28/2009 1:53:00 PM | Computer Name = sholly-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc00000fd, fault offset 0x000455e7, process id 0x218, application
start time 0x01ca27f9af0a5da8.

Error - 8/28/2009 1:56:59 PM | Computer Name = sholly-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.40.0.0, time stamp 0x4a74a456,
faulting module mbam.exe, version 1.40.0.0, time stamp 0x4a74a456, exception code
0x80000003, fault offset 0x00002fd0, process id 0xc70, application start time 0x01ca2808efd2ffe8.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



Report 2


[2009/08/08 21:09:08 | 00,000,000 | ---D | C] -- C:\Users\s holly\AppData\Roaming\Logs
[2009/08/08 20:54:55 | 00,000,091 | ---- | C] () -- C:\Windows\System32\SKYNETnfreetta.dat
[2009/08/08 20:51:29 | 00,043,291 | ---- | C] () -- C:\Windows\System32\SKYNETpcepsbcc.dat
[2009/08/08 20:51:27 | 00,070,656 | ---- | C] () -- C:\Windows\System32\drivers\SKYNETxktprmoo.sys
[2009/08/05 03:15:58 | 00,107,265 | ---- | C] () -- C:\Users\s holly\Desktop\1249456364328.jpg
[2009/07/29 22:40:38 | 00,052,466 | ---- | C] () -- C:\Users\s holly\Desktop\TJ.jpg
[2007/02/27 16:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 20:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Files - Modified Within 30 Days ==========

[2009/08/28 14:30:15 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\s holly\Desktop\OTL.exe
[2009/08/28 14:25:52 | 00,041,946 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/08/28 14:25:52 | 00,041,946 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/08/28 14:25:38 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/28 14:25:38 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/28 14:25:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/28 14:25:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/28 14:25:03 | 10,051,74784 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/28 14:23:12 | 01,684,638 | -H-- | M] () -- C:\Users\s holly\AppData\Local\IconCache.db
[2009/08/28 13:56:11 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\gaming.lnk
[2009/08/28 12:10:59 | 00,073,369 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/28 12:10:38 | 40,225,915 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/26 22:28:33 | 14,851,9018 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/25 00:50:43 | 00,083,082 | ---- | M] () -- C:\Users\s holly\Desktop\snake.jpg
[2009/08/24 23:00:02 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/19 01:08:46 | 00,102,865 | ---- | M] () -- C:\Users\s holly\Desktop\wolf.jpg
[2009/08/18 02:12:13 | 00,668,978 | ---- | M] () -- C:\Users\s holly\Desktop\cakw.png
[2009/08/16 23:50:48 | 00,038,238 | ---- | M] () -- C:\Users\s holly\Desktop\1250481025284.jpg
[2009/08/16 14:07:59 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/08/16 14:07:58 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/16 14:07:58 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/08/16 02:12:25 | 00,086,907 | ---- | M] () -- C:\Users\s holly\Desktop\1250389030742.jpg
[2009/08/14 02:12:47 | 00,000,680 | ---- | M] () -- C:\Users\s holly\AppData\Local\d3d9caps.dat
[2009/08/12 13:53:59 | 00,001,755 | ---- | M] () -- C:\Users\s holly\Desktop\fhjfuhj.aup
[2009/08/11 12:59:15 | 00,070,656 | ---- | M] () -- C:\Windows\System32\drivers\SKYNETxktprmoo.sys
[2009/08/11 12:54:45 | 00,043,291 | ---- | M] () -- C:\Windows\System32\SKYNETpcepsbcc.dat
[2009/08/11 12:54:43 | 00,000,091 | ---- | M] () -- C:\Windows\System32\SKYNETnfreetta.dat
[2009/08/10 13:42:18 | 00,436,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/09 22:33:59 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\s holly\Desktop\spybotsd162.exe
[2009/08/09 01:26:56 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\s holly\Desktop\mabem.exe
[2009/08/05 03:15:48 | 00,107,265 | ---- | M] () -- C:\Users\s holly\Desktop\1249456364328.jpg
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/29 22:39:44 | 00,052,466 | ---- | M] () -- C:\Users\s holly\Desktop\TJ.jpg

========== LOP Check ==========

[2009/08/08 21:09:08 | 00,000,000 | ---D | M] -- C:\Users\s holly\AppData\Roaming
[2009/02/22 22:40:29 | 00,000,000 | ---D | M] -- C:\Users\s holly\AppData\Roaming\acccore
[2009/03/10 19:25:43 | 00,000,000 | ---D | M] -- C:\Users\s holly\AppData\Roaming\CyberLink
[2009/08/08 21:09:08 | 00,000,000 | ---D | M] -- C:\Users\s holly\AppData\Roaming\Logs
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\s holly\AppData\Roaming\Media Center Programs
[2009/08/24 23:00:02 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/08/28 14:25:25 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/28 14:23:41 | 00,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

#4
kahdah
Posted 29 August 2009 - 05:28 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Where are the rest of the logs.
Did you remove some information out?

Please repost them in entirety and I will need also the gmer log (the second program that I had you download).
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP