Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AntiVirus Software - Trojan [Closed]

Started by NerfNinja , May 08 2010 04:55 AM

  • This topic is locked This topic is locked

#16
hammerman
Posted 09 May 2010 - 01:58 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Congratulations, your computer appears clean :)

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
-- Step 2 --

Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.

  • Right-click on My Computer and select Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files.
  • Now uncheck the Turn off System Restore, click Apply then OK.
A new Restore Point has now been created containing backup files for your computer that are clean. You can create additional Restore Points at any time. Click here for instructions.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

Advertisements

#17
hammerman
Posted 14 May 2010 - 12:39 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#18
hammerman
Posted 21 May 2010 - 11:57 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
User returned.

Can you please let me know the results of the Avast scan.

Let's get some fresh logs. Please follow these steps.

-- Step 1 --
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
  • 0

#19
NerfNinja
Posted 22 May 2010 - 08:17 AM

NerfNinja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 22/05/2010 11:58:06 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Kathee Herson\My Documents\viral protection
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,012.00 Mb Total Physical Memory | 288.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.94 Gb Total Space | 65.04 Gb Free Space | 61.40% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 622.32 Gb Free Space | 66.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATHEE
Current User Name: Kathee Herson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Documents and Settings\Kathee Herson\My Documents\viral protection\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kathee Herson\My Documents\viral protection\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (n558) -- C:\WINDOWS\system32\drivers\n558.sys ()
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.au/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...nampie7&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://slirsredirect...inampab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 21:44:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 09:08:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/16 13:01:10 | 000,000,000 | ---D | M]

[2008/12/08 08:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathee Herson\Application Data\Mozilla\Extensions
[2010/05/22 19:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathee Herson\Application Data\Mozilla\Firefox\Profiles\rnq23iqc.default\extensions
[2010/04/30 12:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathee Herson\Application Data\Mozilla\Firefox\Profiles\rnq23iqc.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/05/22 19:54:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 00:09:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/09 00:09:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/15 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kathee Herson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathee Herson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/09 03:29:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 19:52:18 | 000,000,080 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/12 15:21:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 00:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/23 00:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/22 23:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/16 13:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/05/16 11:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathee Herson\My Documents\ForceField Shared Files
[2010/05/16 11:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathee Herson\Application Data\CheckPoint
[2010/05/16 11:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/16 11:53:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/16 11:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/15 18:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathee Herson\My Documents\Shay
[2010/05/09 00:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/09 00:09:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/09 00:09:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/09 00:09:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/09 00:09:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/09 00:09:50 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/08 22:52:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/08 20:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010/05/08 08:54:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2007/04/02 14:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 09:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\Documents and Settings\Kathee Herson\My Documents\*.tmp files -> C:\Documents and Settings\Kathee Herson\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 00:05:24 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/22 19:15:13 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Kathee Herson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/22 12:02:17 | 000,000,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/05/22 12:01:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/22 12:01:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 12:01:08 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/22 00:06:50 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/05/22 00:06:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kathee Herson\ntuser.ini
[2010/05/22 00:06:46 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Kathee Herson\NTUSER.DAT
[2010/05/22 00:06:33 | 007,480,456 | -H-- | M] () -- C:\Documents and Settings\Kathee Herson\Local Settings\Application Data\IconCache.db
[2010/05/21 19:21:05 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/21 19:21:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/21 19:21:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/21 02:15:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SpyHunter Scanner.job
[2010/05/16 13:48:54 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\Kathee Herson\Desktop\Shortcut to Expansion Drive (D).lnk
[2010/05/16 11:55:08 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/16 11:45:38 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/05/09 00:09:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/09 00:09:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/09 00:09:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/09 00:09:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/09 00:09:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 10:31:06 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Kathee Herson\My Documents\budget.xls
[1 C:\Documents and Settings\Kathee Herson\My Documents\*.tmp files -> C:\Documents and Settings\Kathee Herson\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 00:05:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/16 13:48:54 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Kathee Herson\Desktop\Shortcut to Expansion Drive (D).lnk
[2010/05/16 11:55:08 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/16 11:45:38 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/23 10:29:56 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Kathee Herson\My Documents\budget.xls
[2009/05/21 12:23:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/03/20 10:13:42 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/08 10:58:51 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SGA_Wormhole.ini
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/26 18:37:50 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/26 18:37:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/26 18:37:35 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/26 18:37:35 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/26 18:37:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/26 18:37:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/26 18:37:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/19 19:01:14 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/10/19 19:01:13 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/10/18 07:53:51 | 000,232,752 | ---- | C] () -- C:\WINDOWS\DISUPORT.DLL
[2008/10/18 07:53:51 | 000,136,368 | ---- | C] () -- C:\WINDOWS\JIFFMT.DLL
[2008/10/18 07:53:51 | 000,092,928 | ---- | C] () -- C:\WINDOWS\ALCIMAGE.DLL
[2008/10/18 07:53:51 | 000,013,961 | ---- | C] () -- C:\WINDOWS\BMPFMT.DLL
[2008/09/20 12:36:55 | 000,000,330 | ---- | C] () -- C:\WINDOWS\dst_suns.ini
[2008/09/20 08:42:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/09 04:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 18:12:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/15 13:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 15:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/10/01 16:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/05/09 17:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2006/03/11 07:15:44 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/29 08:45:26 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 19:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 19:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 19:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 19:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 19:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 19:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/07/09 03:29:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/21 19:21:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/07/09 03:29:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/20 12:43:18 | 006,175,702 | ---- | M] () -- C:\ds_log_1.txt
[2010/05/22 12:01:08 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/09 03:29:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/08 16:18:07 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/07/09 03:29:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/15 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/15 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/22 12:01:07 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2008/07/09 04:44:38 | 000,000,076 | ---- | M] () -- C:\Preload.aaa
[2008/07/09 03:41:30 | 000,000,542 | ---- | M] () -- C:\RHDSetup.log
[2010/02/25 21:49:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/02/25 23:16:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/02/25 23:39:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/02/26 00:04:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/02/26 23:14:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/02/27 20:18:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/02/28 21:57:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/03/04 08:35:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/03/05 08:28:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/03/06 22:00:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/01/23 14:25:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/30 11:21:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/30 21:30:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/31 02:05:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/02/02 21:09:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/02/04 07:58:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/02/04 19:17:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/02/06 08:30:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/02/10 08:05:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/02/23 10:54:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/02/25 21:49:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/02/25 23:16:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/02/25 23:39:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/02/26 00:04:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/02/26 23:14:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/02/27 20:18:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/02/28 21:57:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/03/04 08:35:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/03/05 08:28:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/03/06 22:00:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/01/23 14:25:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/01/30 11:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/30 21:30:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/31 02:05:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/02/02 21:09:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/02/04 07:57:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/02/04 19:17:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/02/06 08:30:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/02/10 08:05:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/02/23 10:54:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[1999/11/11 17:17:54 | 000,000,049 | ---- | M] () -- C:\XPH.TAG

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/08 20:21:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/08 20:21:24 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/08 20:21:24 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/15 02:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/15 02:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/15 02:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/15 02:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/15 02:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/15 02:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/15 02:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 23:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
< End of report >

I could not find the extra.txt sorry it was not with this one for some reason
  • 0

#20
hammerman
Posted 22 May 2010 - 11:10 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Do you have the GMER log and the results of the Avast scan?
  • 0

#21
NerfNinja
Posted 23 May 2010 - 03:58 AM

NerfNinja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
There was to threat found with the AVAST scan and when I did the GMER scan last night my computer froze up so I am about to do it again now. Sorry for the delay and thanks again for your help.
  • 0

#22
hammerman
Posted 25 May 2010 - 12:31 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
hi,

Any luck with the GMER log?
  • 0

#23
hammerman
Posted 06 June 2010 - 05:01 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#24
hammerman
Posted 20 July 2010 - 12:28 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
User returned.

Please give me an update on the problems you are having and post some fresh logs.

-- Step 1 --

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
  • 0

#25
NerfNinja
Posted 20 July 2010 - 01:38 AM

NerfNinja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
My MBAM was not letting me run a scan and a program "haali media splitter" and "FFDShow" was auto running so I uninstalled Windows Media Player and I seems to have solved the problem.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4329

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

20/07/2010 5:30:19 PM
mbam-log-2010-07-20 (17-30-19).txt

Scan type: Quick scan
Objects scanned: 128143
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#26
hammerman
Posted 20 July 2010 - 12:44 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Are you having any more problems?
  • 0

#27
hammerman
Posted 24 July 2010 - 12:51 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP