Alpha Virus

View previous topic View next topic Go down

Alpha Virus

Post by grc on Fri Mar 26, 2010 6:52 pm

I am trying to remove this virus and registered at your site but it wont even let me install the Java update.

grc
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-26
OS OS : xp
Points Points : 24527
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alpha Virus

Post by Belahzur on Fri Mar 26, 2010 7:29 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Alpha Virus

Post by grc on Fri Mar 26, 2010 8:03 pm

The extras.txt was not created.


OTL logfile created on: 3/26/2010 3:58:25 PM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\shep.miller\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 14.09 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive D: | 40.35 Gb Total Space | 29.92 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 34.18 Gb Total Space | 12.08 Gb Free Space | 35.33% Space Free | Partition Type: NTFS
Drive P: | 97.98 Gb Total Space | 14.88 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
Drive S: | 97.98 Gb Total Space | 14.88 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
Drive U: | 34.18 Gb Total Space | 14.09 Gb Free Space | 41.23% Space Free | Partition Type: *NT5CSC

Computer Name: KITCO5
Current User Name: shep.miller
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\shep.miller\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\shep.miller\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Templar) -- C:\Program Files\Paragent\Templar\Templar.exe ()
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
SRV - (klnagent) -- C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe (Kaspersky Lab)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ncprwsnt) -- C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE (NCP Engineering GmbH)
SRV - (rwsrsu) -- C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe ()
SRV - (ncpclcfg) -- C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe (NCP engineering GmbH)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (NcpSec) -- C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE ()


========== Driver Services (SafeList) ==========

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ncpvaxp) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (NcpFiltMP) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (NcpFilt) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NcpBudget] C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpMonitor] C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe ()
O4 - HKLM..\Run: [ntautkts] C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ntautkts] C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhoneManager.lnk = C:\Program Files\Avaya\IP Office\Phone Manager\PhoneManager.exe (Avaya Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} [You must be registered and logged in to see this link.] (AudioClient Control)
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} [You must be registered and logged in to see this link.] (ERViewerOCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 100.0.0.10 100.0.0.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kfo.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/19 09:38:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- u:\My Data Sources
[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- u:\My Videos
[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- u:\My Pictures
[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- u:\My Music
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Outlook
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\New Folder
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\My PSP8 Files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Light Tech
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\KITCO
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Favorites
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Desktop
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Cyberlink
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Avayanew
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Avaya
[2010/03/26 15:52:00 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shep.miller\Desktop\OTL.exe
[2010/03/26 14:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/26 14:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/26 13:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shep.miller\Application Data\Sun
[2010/03/26 13:52:11 | 016,258,848 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\shep.miller\Desktop\jre-6u18-windows-i586.exe
[2010/03/26 12:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/26 12:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/25 20:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh
[2010/03/09 17:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Paragent
[2010/01/25 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/06 14:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xerox
[2008/08/19 09:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/19 09:38:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/19 09:38:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/26 15:52:06 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shep.miller\Desktop\OTL.exe
[2010/03/26 15:08:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/26 15:06:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/26 14:58:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/26 14:58:45 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\shep.miller\NTUSER.DAT
[2010/03/26 14:58:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\shep.miller\ntuser.ini
[2010/03/26 14:57:38 | 000,000,703 | ---- | M] () -- u:\reader.ini
[2010/03/26 14:57:08 | 000,053,733 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/26 14:57:07 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/26 14:52:02 | 003,230,670 | -H-- | M] () -- C:\Documents and Settings\shep.miller\Local Settings\Application Data\IconCache.db
[2010/03/26 13:52:11 | 016,258,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\shep.miller\Desktop\jre-6u18-windows-i586.exe
[2010/03/26 13:06:58 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 13:06:58 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/26 13:06:58 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 12:41:26 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\shep.miller\Desktop\Spybot - Search & Destroy.lnk
[2010/03/26 06:58:21 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\shep.miller\Desktop\Microsoft Office Outlook 2003.lnk
[2010/03/22 14:30:50 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\shep.miller\Desktop\Microsoft Office Excel 2003.lnk
[2010/03/17 11:02:20 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v65).ini
[2010/03/16 11:26:52 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v64).ini
[2010/03/11 15:42:00 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v63).ini
[2010/03/09 12:36:10 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v62).ini
[2010/03/09 12:32:59 | 000,002,416 | RHS- | M] () -- C:\Documents and Settings\shep.miller\ntuser.pol
[2010/02/26 15:00:43 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v61).ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 044,095,075 | ---- | C] () -- u:\Accounting Policy Statements (4).doc
[2099/01/01 12:00:00 | 007,092,341 | ---- | C] () -- u:\Newsletter_Jan_2008.pdf
[2099/01/01 12:00:00 | 001,842,813 | ---- | C] () -- u:\Accounting Policy Statements.pdf
[2099/01/01 12:00:00 | 000,138,639 | ---- | C] () -- u:\kitco electronicletterhead.pdf
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader.ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v65).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v64).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v63).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v62).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v61).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v60).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v59).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v58).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v57).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v56).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v55).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v54).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v53).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v52).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v51).ini
[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- u:\reader (shep.miller v50).ini
[2010/03/26 12:41:26 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\shep.miller\Desktop\Spybot - Search & Destroy.lnk
[2009/08/30 14:32:34 | 000,008,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/19 10:13:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.shep.miller.ini
[2009/07/29 17:22:15 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\shep.miller\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/19 14:37:54 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/08/19 14:34:04 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2008/08/19 14:34:04 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2008/08/19 14:33:27 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2008/08/19 14:33:26 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\SBtrv32.dll
[2008/08/19 14:31:28 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008/08/19 10:53:13 | 000,000,997 | ---- | C] () -- C:\WINDOWS\maxnet.ini
[2008/08/19 10:48:11 | 000,000,562 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/19 10:17:36 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/19 10:17:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/19 10:17:35 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/19 10:17:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/19 09:53:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/08/19 09:53:30 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/06/18 13:36:38 | 000,000,394 | ---- | C] () -- C:\WINDOWS\maxrdc.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
< End of report >

grc
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-26
OS OS : xp
Points Points : 24527
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alpha Virus

Post by Belahzur on Fri Mar 26, 2010 8:10 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ntautkts] C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe ()
    O4 - HKCU..\Run: [ntautkts] C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe ()
    [2010/03/25 20:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

OTL Run Fix ran successfully

Post by grc on Tue Apr 06, 2010 3:25 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ntautkts deleted successfully.
C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ntautkts deleted successfully.
File C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe not found.
C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh folder moved successfully.

OTL by OldTimer - Version 3.1.37.3 log created on 04062010_112400

grc
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-26
OS OS : xp
Points Points : 24527
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alpha Virus

Post by Belahzur on Tue Apr 06, 2010 4:42 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Alpha Virus

Post by grc on Wed Apr 07, 2010 3:33 pm

That seems to have worked, Thank You very much, I will extol the virtues of your site to all who may need to use it.
GRC :smile2:

grc
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-26
OS OS : xp
Points Points : 24527
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alpha Virus

Post by Belahzur on Wed Apr 07, 2010 7:30 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum