[hadi92]

Hello! I been looking online for a process called O1al5GOA.exe but found no informations about it. I think my computer is infected in some malware related to this process and possibly more others. I've been struggling with internet being abused and slowed down because of this, and my anvitvirus ( Avast 5.0) would detect no harms so far. I've scanned my PC with Malware Antibytes, and it detected alot of infected objects:
C:\Documents and Settings\ul\Desktop\ASD.Internet Download Manager 5.19 Build 4.By.Caiser\patch\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\cs4\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
However the symptoms of slow internet is still there, and sometimes i get Popups coming out of nowhere. And another process: hki1188.exe keeps showing errors and drains my CPU usage.
I hope anyone can help me as soon as possible because i have valuable informations stored on my computer and i do not wish for a keylogger to send them to an unknown area.
I attached my OTL logfile booted in SafeMade+Networking because it was too long to sit in here, is that normal to have a 30 page logfile or am i in big trouble ?
And thx alot for any help

Attached Files

•  OTL.Txt   690.54KB   52 downloads

[Advertisements]

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\windows\tasks\at*.job
  %systemroot%\prefetch\*.*
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[Rorschach112]

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\windows\tasks\at*.job
  %systemroot%\prefetch\*.*
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[hadi92]

Hello thx alot for the fast reply.
Im sorry to say but my internet explorers dont work anymore, and all antivirus programs and antispyware were self uninstalled and im unable to install any new antivurs because the installation auto-cancels as soon as i open the file. And today I was booting in normal mode but the explorer.exe process wont start so basicaly i cant see my desktop and everything stoped working and my data is probably corrupted by now . Even booting in safe mode, the computer auto restart when i press the Safe Mode button. I think the only option i got left is to format the hard disk and install a fresh copy of windows. But thx so much for the help descriptions and sorry to waste your time! and if u got time to direct me on how to avoid getting those malwares and any free programs that can be useful to get protection from those i would be grateful. Thx alot!

[Rorschach112]

• Please read my guide on how to prevent malware and about safe computing here