I ran My anti virus symantec ver 10 and it is up to date. it found and cleand 6 viruses. Ran Mallware bytes at the beginning found nothing but then I ran a virus check in safe mode and it got shut down near the beginning.
I ran a virus scan while connecting it an an external hard drive and viruses were found I think it is because there is no access to hidden files.
after this I ran sfc scannow. Then I went through the stages that were in the post of cleanning the computer.
in all was ok mallware bytes found 6 itemes but when I ran OTL it got stuck and was not responding. it was stuck on hkmsv on the bottom for over half an hour. Now it says not responding.
i added my mabam log and the ark.text files
Here is my mabam log
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
31/01/2010 23:13:39
mbam-log-2010-01-31 (23-13-39).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 247057
Time elapsed: 47 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-31 22:17:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwlcrpow.sys
---- System - GMER 1.0.15 ----
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EE91116D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EE910FC2
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- EOF - GMER 1.0.15 ----