[SweetTech]

Okay.

[Advertisements]

ALRIGHT! The virus scan finally finished about a few hours ago... but here's the text file.

C:\Documents and Settings\David McKee\My Documents\HSS-1.41-install-webroot-239-conduit2.exe a variant of Win32/HotSpotShield application
C:\Documents and Settings\David McKee\My Documents\noadware.exe multiple threats
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f.rar probably a variant of Win32/Agent.NLXQFGU trojan
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f\Keygen.exe probably a variant of Win32/Agent.NLXQFGU trojan
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\ZBrush v3.1 + Keygen\ZBrush v3.1 + Keygen.rar probably a variant of Win32/Agent.ESEKOBQ trojan
C:\Documents and Settings\David McKee\My Documents\dom\city of gold reineke (unreleased live record).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\David McKee\My Documents\dom\city of gold reineke new single.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\David McKee\My Documents\dom\flight of valor.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\David McKee\My Documents\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
C:\Documents and Settings\David McKee\My Documents\Incomplete\T-5088466-1 2 3 4[256k quality].snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan
C:\Program Files\SoftDepo.com\Free Audio Converter\sgsg.exe probably a variant of Win32/Agent.MWUSWQQ trojan

[Dreamcube017]

ALRIGHT! The virus scan finally finished about a few hours ago... but here's the text file.

C:\Documents and Settings\David McKee\My Documents\HSS-1.41-install-webroot-239-conduit2.exe a variant of Win32/HotSpotShield application
C:\Documents and Settings\David McKee\My Documents\noadware.exe multiple threats
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f.rar probably a variant of Win32/Agent.NLXQFGU trojan
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f\Keygen.exe probably a variant of Win32/Agent.NLXQFGU trojan
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\ZBrush v3.1 + Keygen\ZBrush v3.1 + Keygen.rar probably a variant of Win32/Agent.ESEKOBQ trojan
C:\Documents and Settings\David McKee\My Documents\dom\city of gold reineke (unreleased live record).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\David McKee\My Documents\dom\city of gold reineke new single.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\David McKee\My Documents\dom\flight of valor.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\David McKee\My Documents\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
C:\Documents and Settings\David McKee\My Documents\Incomplete\T-5088466-1 2 3 4[256k quality].snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan
C:\Program Files\SoftDepo.com\Free Audio Converter\sgsg.exe probably a variant of Win32/Agent.MWUSWQQ trojan

[Dreamcube017]

Here are the SecurityCheck notes.

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
AVG Free 9.0
ESET Online Scanner v3
Adobe After Effects CS3 Presets
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 21
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
ESET ESET Online Scanner OnlineScannerApp.exe
````````````````````````````````
DNS Vulnerability Check:
nslookup.exe missing!
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[Dreamcube017]

Oh, an odd thing happened. I'm not exactly sure when though.

I started my computer and my sound driver has stopped working. I tried reinstalling it, but that doesn't do any good. Do you have any ideas on how I can get this working again? It's a RealTek sound driver.

SOLVED
I completly uninstalled and reinstalled the driver and now it's working.

Edited by Dreamcube017, 19 August 2010 - 02:50 AM.

[SweetTech]

Hello,

Your logs are looking good. Just need to run an OTL fix to remove some infected files.

OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  
  

  :Services
  :OTL
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\Documents and Settings\David McKee\My Documents\HSS-1.41-install-webroot-239-conduit2.exe
  C:\Documents and Settings\David McKee\My Documents\noadware.exe
  C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f.rar
  C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f\Keygen.exe
  C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f\
  C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\ZBrush v3.1 + Keygen\ZBrush v3.1 + Keygen.rar
  C:\Documents and Settings\David McKee\My Documents\dom\city of gold reineke (unreleased live record).mp3
  C:\Documents and Settings\David McKee\My Documents\dom\city of gold reineke new single.mp3
  C:\Documents and Settings\David McKee\My Documents\dom\flight of valor.mp3
  C:\Documents and Settings\David McKee\My Documents\Hotspot Shield\bin\openvpnas.exe
  C:\Documents and Settings\David McKee\My Documents\Incomplete\T-5088466-1 2 3 4[256k quality].snd
  C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll
  C:\Program Files\SoftDepo.com\Free Audio Converter\sgsg.exe
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

[Dreamcube017]

Hm. Where do I get OTL from>? I have OTS, but not OTL.

[SweetTech]

It'd help if I provided you with the link to download it.

• Download OTL to your desktop.

Edited by SweetTech, 19 August 2010 - 10:25 AM.

[Dreamcube017]

Alright. Here's the OTL log.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\Documents and Settings\DC17\Desktop\cmd.bat deleted successfully.
F:\Documents and Settings\DC17\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\David McKee\My Documents\HSS-1.41-install-webroot-239-conduit2.exe moved successfully.
C:\Documents and Settings\David McKee\My Documents\noadware.exe moved successfully.
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f.rar moved successfully.
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f\Keygen.exe moved successfully.
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\Spectrasonics.Omnisphere.VSTi.AU.RTAS.v1.04f.PC.MAC.UPDATE.Incl.Keygen-AiR\a-o104f folder moved successfully.
C:\Documents and Settings\David McKee\My Documents\Azureus Downloads\ZBrush v3.1 + Keygen\ZBrush v3.1 + Keygen.rar moved successfully.
C:\Documents and Settings\David McKee\My Documents\dom\city of gold reineke (unreleased live record).mp3 moved successfully.
C:\Documents and Settings\David McKee\My Documents\dom\city of gold reineke new single.mp3 moved successfully.
C:\Documents and Settings\David McKee\My Documents\dom\flight of valor.mp3 moved successfully.
C:\Documents and Settings\David McKee\My Documents\Hotspot Shield\bin\openvpnas.exe moved successfully.
C:\Documents and Settings\David McKee\My Documents\Incomplete\T-5088466-1 2 3 4[256k quality].snd moved successfully.
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll moved successfully.
C:\Program Files\SoftDepo.com\Free Audio Converter\sgsg.exe moved successfully.
========== COMMANDS ==========
F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: DC17
->Temp folder emptied: 1235005661 bytes
->Temporary Internet Files folder emptied: 181057 bytes
->Java cache emptied: 139871 bytes
->FireFox cache emptied: 79436863 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1048 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1168 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 48460440 bytes

Total Files Cleaned = 1,300.00 mb


[EMPTYFLASH]

User: All Users

User: DC17
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08192010_123017

Files\Folders moved on Reboot...
File\Folder F:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_944.dat not found!

Registry entries deleted on Reboot...

[SweetTech]

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.


Clean-Up Time

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

• Reopen on your desktop.
• Click on
• You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
  
• Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
  
  • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
    
    • NoScript - for blocking ads and other potential website attacks
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

[Dreamcube017]

Thanks again for helping me out. Things are nearly back to normal. A few system settings got a bit jumbled, but I fixed those up.

[SweetTech]

Your more than welcome. I'm glad I was able to be of assistance.

Take Care.

Cheers,
SweetTech.

[SweetTech]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.