Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

directdr.com re-direction virus? [Solved]

Started by Jade5 , May 28 2010 06:59 PM

This topic is locked

#1
Jade5

Posted 28 May 2010 - 06:59 PM

Member

Member
15 posts

Over the past couple of days I've noticed things starting to happen to my computer.
First it was random redirections to www.directdr.com and now it is pop ups, and other page re-directions from google.

Secondly my windows display has changed back to a classic view and it doesn't give me the option to change it back in the properties. I have to go into the Services and keep changing it because everytime I shut down my computer it goes back to the classic view.

Thirdly, my wireless connection has stopped working. It says it's connected but acquiring the address and doesn't move past there. Only my prepaid broadband is working at the moment.

Can someone PLEASE PLEASE help ASAP. It is really frustrating me.

Thanks.

#2
hammerman

Posted 29 May 2010 - 02:02 AM

Member 4k

Member
4,183 posts

Hello Jade5 and welcome to GeeksToGo

I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
Please do no attach logs or post them in Quote/Code boxes unless requested.
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
If in doubt about anything, please ask.

Please follow these steps.

-- Step 1 --

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

#3
Jade5

Posted 29 May 2010 - 02:59 AM

Member

Topic Starter
Member
15 posts

OTL logfile created on: 29/05/2010 18:36:02 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\student\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 9.60 Gb Free Space | 32.75% Space Free | Partition Type: NTFS
Drive D: | 119.75 Gb Total Space | 102.48 Gb Free Space | 85.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 22.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 119.75 Gb Total Space | 102.48 Gb Free Space | 85.58% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: B21003026-208
Current User Name: student
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\student\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel)
PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel)
PRC - C:\Program Files\usbdlm\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)
PRC - C:\Program Files\Novell\ZENworks\NalAgent.exe (Novell, Inc)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\WINDOWS\keyacc32.exe (Sassafras Software Inc.)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\TaskSwitch.exe ()
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\student\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\katrack.dll (Sassafras Software Inc.)
MOD - C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (NMSAccess) -- File not found
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (VMTools) -- C:\Program Files\VMware\VMware Tools\VMwareService.exe (VMware, Inc.)
SRV - (UNS) Intel® -- C:\Program Files\Intel\AMT\UNS.exe (Intel)
SRV - (atchksrv) Intel® -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel)
SRV - (USBDLM) -- C:\Program Files\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)
SRV - (ZFDWM) -- C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (NALNTSERVICE) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (KeyAccess) -- C:\WINDOWS\keyacc32.exe (Sassafras Software Inc.)
SRV - (AutoExNT) -- C:\WINDOWS\system32\AUTOEXNT.EXE ()

========== Driver Services (SafeList) ==========

DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (nipplpt2) -- C:\WINDOWS\system32\drivers\nipplpt.sys ()
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (b57w2k) Broadcom NetLink ™ -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (vmxnet) -- C:\WINDOWS\system32\drivers\vmxnet.sys (VMware, Inc.)
DRV - (hgfs) -- C:\WINDOWS\system32\drivers\hgfs.sys (VMware, Inc.)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (vmscsi) -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (BlankScr) -- C:\WINDOWS\system32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (genmcmnUSB) -- C:\WINDOWS\system32\drivers\gflmouhid.sys ()
DRV - (Eacfilt) -- C:\WINDOWS\system32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
DRV - (cpqdfw) -- C:\WINDOWS\system32\drivers\Cpqdfw.sys ()
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rmit.edu.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.rmit.edu.au"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/22 20:41:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/22 20:42:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/20 20:34:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/20 20:34:35 | 000,000,000 | ---D | M]

[2010/04/18 10:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Application Data\Mozilla\Extensions
[2010/04/25 10:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Application Data\Mozilla\Firefox\Profiles\qkxd2fb8.default\extensions
[2010/01/18 21:19:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\student\Application Data\Mozilla\Firefox\Profiles\qkxd2fb8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/18 10:45:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\student\Application Data\Mozilla\Firefox\Profiles\qkxd2fb8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/02 00:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Application Data\Mozilla\Firefox\Profiles\qkxd2fb8.default\extensions\ChoiceGuard@Microsoft
[2010/05/12 10:25:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/31 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2004/03/02 14:29:30 | 000,053,336 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13118.dll
[2005/04/05 04:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13122.dll
[2006/06/07 14:40:18 | 000,027,376 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
[2008/01/17 14:57:30 | 000,165,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll
[2007/06/28 10:22:50 | 000,652,568 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll

O1 HOSTS File: ([2009/10/16 15:49:40 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe (Sassafras Software Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe (Novell, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Check for Home Directory.lnk = C:\WINDOWS\system32\hdrive.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

#4
hammerman

Posted 29 May 2010 - 03:06 AM

Member 4k

Member
4,183 posts

Hi,

Looks like your log is cut off. If you are having problems posting the log, you can attach the file or upload the log to Mediafire and post the sharing link.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#5
Jade5

Posted 29 May 2010 - 03:48 AM

Member

Topic Starter
Member
15 posts

OTL.Txt 242.28KB 148 downloads

Extras.Txt 109.98KB 222 downloads

#6
hammerman

Posted 29 May 2010 - 06:36 AM

Member 4k

Member
4,183 posts

Hi,

Any luck with the GMER log?

#7
Jade5

Posted 29 May 2010 - 05:52 PM

Member

Topic Starter
Member
15 posts

The GMER isn't working. I've tried it twice and made sure no other programs are running and it comes up with an error and shuts down my computer.

#8
hammerman

Posted 30 May 2010 - 12:24 AM

Member 4k

Member
4,183 posts

Hi,

Please follow these steps.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2010/05/27 16:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\efqpndstw
[2010/05/27 15:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\exqsldlow
[2010/05/27 15:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\uipeqtouo
[2010/05/19 15:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\student\Local Settings\Application Data\qbjlnvuqm

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 2 --

Download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in the root directory (usually C:\).
Please post the contents of that log in your next reply.

#9
Jade5

Posted 30 May 2010 - 04:13 AM

Member

Topic Starter
Member
15 posts

Hey Hammerman,

My computer has just rebooted after the TDSSKiller program and the classic vie has changed back to XP and my wireless is working again. YAY!

Not sure if the random pop ups have been fixed yet or not.

I have attached both reports for you.

Let me know if I need to do anything else

Attached Files

TDSSKiller.2.3.1.0_30.05.2010_19.57.18_log.txt 56.16KB 180 downloads
Run_Fix_Report.txt 5.35KB 151 downloads

#10
hammerman

Posted 30 May 2010 - 11:12 AM

Member 4k

Member
4,183 posts

Hi,

Please follow these steps. Can you copy/paste the logs into your reply rather than attach them.

-- Step 1 --

Run Malwarebytes' Anti-Malware.

Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
Select the Scanner tab, select "Perform Quick Scan", then click Scan
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 2 --

Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
Click the "Download JRE" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")

-- Step 3 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

#11
Jade5

Posted 31 May 2010 - 03:06 AM

Member

Topic Starter
Member
15 posts

I've attached the Malware and OTL reports for you...

Malware_Log.txt 950bytes 172 downloads

OTL2.txt 139.94KB 179 downloads

#12
hammerman

Posted 31 May 2010 - 12:35 PM

Member 4k

Member
4,183 posts

Hi,

Please follow these steps.

-- Step 1 --

I notice that you are using more than one antivirus program. This is not necessary and will not give added protection. In fact, you may be more vulnerable to infection due to conflict between the programs and the extra resources required will inevitably slow down your computer. We recommend you use one antivirus program and regularly update it's virus definitions.

You currently have McAfee and AVG installed. Please uninstall one of these.

-- Step 2 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O33 - MountPoints2\{36b36db4-52a2-11df-8a32-00218678d74d}\Shell - "" = AutoRun
O33 - MountPoints2\{36b36db4-52a2-11df-8a32-00218678d74d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36b36db4-52a2-11df-8a32-00218678d74d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{78db2f23-50f1-11df-8a2a-00218678d74d}\Shell - "" = AutoRun
O33 - MountPoints2\{78db2f23-50f1-11df-8a2a-00218678d74d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78db2f23-50f1-11df-8a2a-00218678d74d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{78db2f24-50f1-11df-8a2a-00218678d74d}\Shell - "" = AutoRun
O33 - MountPoints2\{78db2f24-50f1-11df-8a2a-00218678d74d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78db2f24-50f1-11df-8a2a-00218678d74d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7a4676c6-4f40-11df-8a25-00218678d74d}\Shell - "" = AutoRun
O33 - MountPoints2\{7a4676c6-4f40-11df-8a25-00218678d74d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a4676c6-4f40-11df-8a25-00218678d74d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7a4676c9-4f40-11df-8a25-00218678d74d}\Shell - "" = AutoRun
O33 - MountPoints2\{7a4676c9-4f40-11df-8a25-00218678d74d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a4676c9-4f40-11df-8a25-00218678d74d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f4b56d0c-dd78-11db-8076-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f4b56d0c-dd78-11db-8076-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4b56d0c-dd78-11db-8076-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 3 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on Settings
In the scan settings, select the following:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan spyware, adware, diallers and other riskware
Scan Archives
Scan E-mail databases
Click Save
Now under ScanSelect My Computer
This will start the scanning of your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on View Report and then Save Report
Save the file to your desktop as a text file.
Copy and paste that information in your next post.

#13
Jade5

Posted 01 June 2010 - 02:54 AM

Member

Topic Starter
Member
15 posts

The Kaspersky webscanner doesn't download. It just says on the page and doesn't do anything.

Here is the OTL log...

OTL3.txt 14.65KB 151 downloads

#14
hammerman

Posted 01 June 2010 - 06:26 AM

Member 4k

Member
4,183 posts

Hi,

Let's try a different scanner.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic