Jump to content

need some help


Recommended Posts

OTL logfile created on: 4/26/2010 8:42:54 AM - Run 3

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 38.00% Memory free

920.00 Mb Paging File | 663.00 Mb Available in Paging File | 72.00% Paging File free

Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.28 Gb Total Space | 87.87 Gb Free Space | 60.90% Space Free | Partition Type: NTFS

Drive D: | 4.76 Gb Total Space | 2.23 Gb Free Space | 46.95% Space Free | Partition Type: FAT32

Drive E: | 211.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JACOBSEN

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)

PRC - C:\WINDOWS\zHotkey.exe ()

PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)

PRC - C:\Program Files\Common Files\AOL\1256655564\EE\AOLHostManager.exe (America Online, Inc.)

PRC - C:\Program Files\Common Files\AOL\1256655564\EE\AOLServiceHost.exe (America Online, Inc.)

PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)

PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)

PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft

Link to post
Share on other sites

Ok Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/04/23 01:16:23 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\syssvc.exe
    [2010/04/20 09:35:18 | 000,014,110 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4l2MhhmX3C
    [2010/04/06 08:22:20 | 000,015,220 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\K6sEH5Ir2Is


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

================================Online scan=================================

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

========== OTL ==========

C:\Documents and Settings\NetworkService\Local Settings\Application Data\syssvc.exe moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Application Data\4l2MhhmX3C moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Application Data\K6sEH5Ir2Is moved successfully.

OTL by OldTimer - Version 3.2.2.0 log created on 04272010_183201

Link to post
Share on other sites

Please click here to download VRT by Kaspersky.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Autoscan: stopped 20 minutes ago (events: 5, objects: 820, time: 04:17:02)

5/3/2010 2:41:58 PM Task started

5/3/2010 2:42:25 PM Detected: Rootkit.Win32.TDSS.d Unknown application

5/3/2010 2:42:25 PM Cannot be backed up: Rootkit.Win32.TDSS.d Unknown application

5/3/2010 2:51:35 PM Detected: Rootkit.Win32.TDSS.d System Memory

5/3/2010 6:59:01 PM Task stopped

Disinfect active threats: completed 16 minutes ago (events: 8, objects: 3039, time: 00:03:56)

5/3/2010 6:59:01 PM Task started

5/3/2010 6:59:01 PM Detected: Rootkit.Win32.TDSS.d System Memory

5/3/2010 6:59:04 PM Untreated: Rootkit.Win32.TDSS.d System Memory Cannot be disinfected

5/3/2010 6:59:04 PM Untreated: Rootkit.Win32.TDSS.d System Memory Cannot be disinfected

5/3/2010 7:00:50 PM Detected: Rootkit.Win32.TDSS.d Unknown application

5/3/2010 7:00:50 PM Cannot be backed up: Rootkit.Win32.TDSS.d Unknown application

5/3/2010 7:02:55 PM Processing error E Read error

5/3/2010 7:02:57 PM Task completed

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.