[busdrvr64]

I cant get gmer to run.

[Advertisements]

I ran the gmer as requested. I left to prepare for folks to come over. Came back, gmer finished and closed itself. I dont know where log is.

[busdrvr64]

I ran the gmer as requested. I left to prepare for folks to come over. Came back, gmer finished and closed itself. I dont know where log is.

[Rorschach112]

rename gmer to svchost.com and run it in safe mode

works ?

[busdrvr64]

my desktop is now dragging very bdly unless I reboot

[busdrvr64]

Woke up this morn, still have it.

[Rorschach112]

rename gmer to svchost.com and run it in safe mode

works ?

[busdrvr64]

I ran gmer in safe mode 2x and nothing to report. No log

[busdrvr64]

Now when I use google search, everything says :bad search or old record:. Now what do I do?

[Rorschach112]

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[busdrvr64]

Did TFC. Going to do MBAM right now.

[busdrvr64]

Here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4165

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

6/2/2010 8:54:31 PM
mbam-log-2010-06-02 (20-54-31).txt

Scan type: Quick scan
Objects scanned: 114633
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Trojan.Dropper) -> Not selected for removal.

Memory Modules Infected:
C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sound card driver (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Microsoft Shared\DAO\NEWUSER-PC\svchost.exe (Trojan.Dropper) -> Not selected for removal.
C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.

[busdrvr64]

Here is the other. I believe what is here is a key logger I have on my pc.
ASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 3, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 02, 2010 18:33:27
Records in database: 4196936
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 133359
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:34:19


File name / Threat / Threats count
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.l 1
C:\Users\new user\Music\microsoft.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.l 1

Selected area has been scanned.

[Rorschach112]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe
  C:\Users\new user\Music\microsoft.exe
  C:\ijl11pro.DLL /s
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[busdrvr64]

Do I have to include these 2?
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe
C:\Users\new user\Music\microsoft.exe

This is for the key logger.

[Rorschach112]

if you know what those files are then you don't need to include them