MAL_OTORUN1

View previous topic View next topic Go down

MAL_OTORUN1

Post by megatails5 on Mon Mar 16, 2009 5:21 pm

Stupid malware apparently infecting my laptop, i may have got this through a download, but i've deleted the downloads, just not the virus. I've tried like every free virus program like AVG and so on. I heard you guys could sort it, could you???

Thanks a bunch, oh and by the way, this virus causes my laptop to come up with a restarting error message when i turn it on, its like 1 in 10 tries it will not do this. HELP!

megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MAL_OTORUN1

Post by Belahzur on Mon Mar 16, 2009 6:08 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

heres the thing you asked for, it sed i should zip the attach and put it on?

Post by megatails5 on Mon Mar 16, 2009 9:08 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Chris at 21:04:47.49 on 16/03/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1014.310 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chris\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: RuneHQ Browser Bar Toolbar: {82de967b-6db5-4ac2-8450-c732f8358a43} - c:\program files\runehq_browser_bar\tbRun1.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: RuneHQ Browser Bar Toolbar: {82de967b-6db5-4ac2-8450-c732f8358a43} - c:\program files\runehq_browser_bar\tbRun1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MediaBarFileManager] c:\program files\on demand distribution\od2 music manager\OD2MediaBar_VistaFileManager.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\s60u0twy.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-1-25 55264]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-14 206096]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

=============== Created Last 30 ================

2009-03-16 17:11 --d----- c:\programdata\Google Updater
2009-03-15 21:30 a-d----- c:\programdata\TEMP
2009-03-15 21:30 --d----- c:\program files\common files\PC Tools
2009-03-15 21:30 --d----- c:\users\chris\appdata\roaming\PC Tools
2009-03-15 21:30 --d----- c:\programdata\PC Tools
2009-03-15 21:30 --d----- c:\program files\Spyware Doctor
2009-03-15 21:30 --d----- c:\progra~2\PC Tools
2009-03-15 20:45 --d----- c:\users\chris\appdata\roaming\Spotify
2009-03-15 20:12 --d-h--- C:\$AVG8.VAULT$
2009-03-15 19:49 --d----- c:\program files\AVG
2009-03-15 19:49 --d----- c:\programdata\avg8
2009-03-15 19:49 --d----- c:\programdata\avg7
2009-03-15 19:49 --d----- c:\progra~2\avg8
2009-03-15 17:36 --d----- c:\users\chris\.housecall6.6
2009-02-20 23:35 --d----- c:\programdata\PlayFirst
2009-02-20 23:35 --d----- c:\program files\Dream Chronicles
2009-02-19 12:23 --d----- c:\users\chris\appdata\roaming\PeerNetworking
2009-02-19 11:31 --d----- c:\program files\Project64 1.6

==================== Find3M ====================

2009-03-16 20:59 1,668 a------- c:\users\chris\appdata\roaming\wklnhst.dat
2009-02-22 16:01 34 a------- c:\users\chris\jagex_runescape_preferences.dat
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-15 06:11 827,392 a------- c:\windows\system32\wininet.dll
2008-12-20 15:41 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-20 15:41 51,200 a------- c:\windows\inf\infpub.dat
2008-12-20 15:41 86,016 a------- c:\windows\inf\infstor.dat
2008-11-01 00:41 231,424 a------- c:\users\chris\appdata\roaming\consoleclassixsetup.exe
2008-06-11 08:15 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-21 18:49 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-19 10:44 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-19 10:44 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-19 10:44 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-08-22 11:22 321 ---sh--- c:\windows\system32\1511585171.sys

============= FINISH: 21:05:20.53 ===============

megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

oh yes...

Post by megatails5 on Mon Mar 16, 2009 9:11 pm

oh yeah, and i did a restore pc, to before i downloaded the content, so if it is gone, it is solved, ok thanks, try and reply ASAP, i want it fixed tonight please

megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MAL_OTORUN1

Post by Belahzur on Mon Mar 16, 2009 9:12 pm

It might be gone, but we'll do one final scan with MBAM to check.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Results...

Post by megatails5 on Mon Mar 16, 2009 9:24 pm

Malwarebytes' Anti-Malware 1.34
Database version: 1856
Windows 6.0.6001 Service Pack 1

16/03/2009 21:23:44
mbam-log-2009-03-16 (21-23-44).txt

Scan type: Quick Scan
Objects scanned: 58708
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runehq browser bar toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MAL_OTORUN1

Post by Belahzur on Mon Mar 16, 2009 9:41 pm

Looks okay, I'd say your okay.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Thanks

Post by megatails5 on Mon Mar 16, 2009 9:45 pm

thanks sooooo much, i never could have doen it without your help. I will spread the word of Geekpolice to all of my friends and i've joined your group on facebook
i will restart my pc now, if the result is no stupid error screen, i will give you the best feedback i can!

megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum