svchost.exe trojan or malware need help removing

View previous topic View next topic Go down

svchost.exe trojan or malware need help removing

Post by crustysack on Sat 26 Nov 2011, 11:22 am

I went to google to search and was redirected to other sites, i ran a scan with NOD32 and had 2 svchost.exe lines that were suspected trojans in memory but could not be deleted/cleaned. I am now getting a blocked url address 3khtg6fwjtuwq.com/HA62X2- thats all I can read but its longer than that-(blocked by Nod32)that keeps popping up with an ip address of 63.223.106.17:80. I am running windows xp sp3. Firefox is also starting to crash at random. Please HELP. I am going to run the OTL and post

crustysack

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2009-05-14
Operating System : xp

View user profile

Back to top Go down

otl report

Post by crustysack on Sat 26 Nov 2011, 11:39 am

OTL logfile created on: 11/25/2011 7:36:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\scottyd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.99% Memory free
5.28 Gb Paging File | 5.03 Gb Available in Paging File | 95.20% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 250.38 Gb Free Space | 53.76% Space Free | Partition Type: NTFS

Computer Name: USER-49F3EC644D | User Name: scottyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 19:34:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scottyd\Desktop\OTL.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/09 14:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/04/09 14:17:56 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/04/09 14:29:20 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/09 14:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2010/01/04 17:57:57 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/15 10:03:40 | 000,095,592 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2009/04/09 14:21:12 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/04/09 14:18:02 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/04/09 14:10:30 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/11/06 13:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/25 08:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.151
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Profiles\6kq27rbz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\scottyd\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\scottyd\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\scottyd\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\scottyd\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/12 16:06:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 06:58:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/01 06:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/05/02 11:41:12 | 000,000,000 | ---D | M]

[2011/03/13 20:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\scottyd\Application Data\Mozilla\Extensions
[2011/05/09 16:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Profiles\6kq27rbz.default\extensions
[2011/03/19 13:10:30 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Profiles\6kq27rbz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/23 21:10:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Profiles\6kq27rbz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/19 10:27:07 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Profiles\6kq27rbz.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/02/20 16:38:20 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Profiles\6kq27rbz.default\extensions\runtime@panda3d.org
[2010/01/04 17:59:24 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Profiles\6kq27rbz.default\searchplugins\GoogleFeed.xml
[2011/11/13 06:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 16:35:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/13 06:58:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/06 18:34:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 06:58:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\scottyd\Local Settings\Application Data\Google\Chrome\Application\10.0.648.134\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\scottyd\Local Settings\Application Data\Google\Chrome\Application\10.0.648.134\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\scottyd\Local Settings\Application Data\Google\Chrome\Application\10.0.648.134\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\scottyd\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\scottyd\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\scottyd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\scottyd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_1\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1EE9D53-E9C1-4092-B4F7-0C2DE33468D0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\scottyd\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/25 11:06:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 19:34:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\scottyd\Desktop\OTL.exe
[2011/11/25 19:10:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\scottyd\Recent
[2011/11/25 07:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/11/24 14:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/23 07:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/11/23 02:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/11/22 20:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/22 20:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/22 20:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/22 19:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Application Data\VgggRZqqhYwk
[2011/11/22 19:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Application Data\kbbFF4pmG5sQ7dK
[2011/11/22 19:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Start Menu\Programs\AV Protection 2011
[2011/11/22 19:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Application Data\n99ggTXqqUCekBz
[2011/11/22 19:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Application Data\XrrrlOONtx
[2011/11/20 05:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\My Documents\new music
[2011/11/20 05:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\My Documents\scanned
[2011/11/20 05:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\My Documents\notes
[2011/11/20 05:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\ben
[2011/11/20 05:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\snow
[2011/11/20 05:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\ty
[2011/11/20 05:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\My Documents\aliie song
[2011/11/20 05:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\My Documents\notes2
[2011/11/19 17:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\loan2
[2011/11/19 15:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\loan
[2011/11/18 17:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/15 07:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\dianas iphonepics
[2011/11/13 20:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\iphone video
[2011/11/13 08:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\ebaypic
[2011/11/12 13:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Application Data\ElevatedDiagnostics
[2011/11/12 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/12 13:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/11/12 06:38:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/11/11 18:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011/11/11 18:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/11/11 17:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/11/11 17:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/11 17:30:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/11/06 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\gtoingarage
[2011/11/06 06:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\peter
[2011/11/06 06:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\new art
[2011/11/04 00:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scottyd\Desktop\fish line
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 19:39:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-746137067-842925246-1003UA.job
[2011/11/25 19:34:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scottyd\Desktop\OTL.exe
[2011/11/25 19:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 19:27:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/25 17:07:23 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-746137067-842925246-1003.job
[2011/11/25 17:07:23 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-746137067-842925246-1003.job
[2011/11/25 17:07:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/25 17:07:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 17:06:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/25 14:39:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-746137067-842925246-1003Core.job
[2011/11/24 14:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/24 12:20:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/23 07:41:45 | 000,007,129 | ---- | M] () -- C:\Documents and Settings\scottyd\Desktop\5-Elegant-Holiday-Centerpieces_article_line.jpg
[2011/11/23 07:39:59 | 000,026,729 | ---- | M] () -- C:\Documents and Settings\scottyd\Desktop\birch vase centerpieces.jpg
[2011/11/23 07:38:24 | 000,279,047 | ---- | M] () -- C:\Documents and Settings\scottyd\Desktop\CenterAttn_01.ashx.jpg
[2011/11/22 19:47:12 | 000,001,213 | ---- | M] () -- C:\Documents and Settings\scottyd\Application Data\ldr.ini
[2011/11/22 19:46:31 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\scottyd\Desktop\AV Protection 2011.lnk
[2011/11/18 22:39:53 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\scottyd\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 22:39:52 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\scottyd\Desktop\Google Chrome.lnk
[2011/11/18 17:41:01 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/11 18:06:26 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/11/11 17:44:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/11 17:38:48 | 000,433,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 17:38:48 | 000,067,856 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/11 17:32:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/11/06 18:32:28 | 000,010,776 | ---- | M] () -- C:\Documents and Settings\scottyd\My Documents\purdy nov.odt
[2011/10/28 07:30:49 | 000,021,621 | ---- | M] () -- C:\Documents and Settings\scottyd\My Documents\Ocean Lawn Sept hrs.odt
[2011/10/28 06:45:50 | 000,019,852 | ---- | M] () -- C:\Documents and Settings\scottyd\My Documents\ocean lawn october bill.odt
[2011/10/27 17:27:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/10/27 16:29:55 | 000,015,916 | ---- | M] () -- C:\Documents and Settings\scottyd\My Documents\ocean lawn sept product.odt
[2011/10/27 16:29:20 | 000,021,958 | ---- | M] () -- C:\Documents and Settings\scottyd\My Documents\Ocean Lawn Aug bill.odt
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 07:41:44 | 000,007,129 | ---- | C] () -- C:\Documents and Settings\scottyd\Desktop\5-Elegant-Holiday-Centerpieces_article_line.jpg
[2011/11/23 07:39:58 | 000,026,729 | ---- | C] () -- C:\Documents and Settings\scottyd\Desktop\birch vase centerpieces.jpg
[2011/11/23 07:38:22 | 000,279,047 | ---- | C] () -- C:\Documents and Settings\scottyd\Desktop\CenterAttn_01.ashx.jpg
[2011/11/22 22:16:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/22 19:46:31 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\scottyd\Desktop\AV Protection 2011.lnk
[2011/11/22 19:46:30 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\scottyd\Application Data\ldr.ini
[2011/11/20 05:33:15 | 000,012,965 | ---- | C] () -- C:\Documents and Settings\scottyd\My Documents\Life.odt
[2011/11/20 05:28:14 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\scottyd\My Documents\ocean lawn1.htm
[2011/11/20 05:28:14 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\scottyd\My Documents\ocean lawn.htm
[2011/11/18 17:41:01 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/13 20:14:27 | 137,887,797 | ---- | C] () -- C:\Documents and Settings\scottyd\Desktop\IMG_0773.MOV
[2011/11/11 18:06:26 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/11/11 17:44:39 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/06 18:32:28 | 000,010,776 | ---- | C] () -- C:\Documents and Settings\scottyd\My Documents\purdy nov.odt
[2011/10/27 16:29:54 | 000,015,916 | ---- | C] () -- C:\Documents and Settings\scottyd\My Documents\ocean lawn sept product.odt
[2011/10/27 16:28:39 | 000,019,852 | ---- | C] () -- C:\Documents and Settings\scottyd\My Documents\ocean lawn october bill.odt
[2011/10/27 14:30:32 | 000,021,621 | ---- | C] () -- C:\Documents and Settings\scottyd\My Documents\Ocean Lawn Sept hrs.odt
[2011/03/05 17:18:24 | 000,069,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/23 17:41:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/09/12 16:27:37 | 000,000,352 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/09/07 16:35:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/04 18:38:49 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\scottyd\Application Data\AutoGK.ini
[2009/08/23 10:09:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/05/12 17:23:51 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\scottyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/08 05:13:43 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2009/05/08 05:13:43 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2009/05/06 17:01:26 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/05 19:54:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2009/05/02 11:25:25 | 000,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/30 13:11:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/25 11:08:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/25 11:02:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/25 05:53:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/25 05:52:07 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 03:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 06:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 06:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 06:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 06:26:07 | 000,433,092 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 06:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 06:26:05 | 000,067,856 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 06:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 06:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 06:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 06:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

< End of report >

crustysack

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2009-05-14
Operating System : xp

View user profile

Back to top Go down

Re: svchost.exe trojan or malware need help removing

Post by crustysack on Sat 26 Nov 2011, 12:31 pm

now almost every time I click a link firefox crashes, and when I search in google all the results are shown but when I click one its blocked by Nod32 as being an established threat url- this trojan SUX - I have also run malware bytes quick and complete scan to no avail- the svchost.exe is embedded in "memory" and ESET in unable to clean it

crustysack

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2009-05-14
Operating System : xp

View user profile

Back to top Go down

Re: svchost.exe trojan or malware need help removing

Post by crustysack on Tue 29 Nov 2011, 10:15 pm

bump help please- thanks

crustysack

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2009-05-14
Operating System : xp

View user profile

Back to top Go down

Re: svchost.exe trojan or malware need help removing

Post by Belahzur on Thu 01 Dec 2011, 11:41 am

Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click Belahzur.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: svchost.exe trojan or malware need help removing

Post by crustysack on Thu 01 Dec 2011, 2:50 pm

nice very nice- this is the second time I have been here in 3 years and you were able to fix it thanks

crustysack

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2009-05-14
Operating System : xp

View user profile

Back to top Go down

Re: svchost.exe trojan or malware need help removing

Post by Belahzur on Fri 02 Dec 2011, 9:58 am

Please post the Combofix log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: svchost.exe trojan or malware need help removing

Post by Sponsored content Today at 6:23 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum