Avast WEBforum
Other => Viruses and worms => Topic started by: DavidR on August 25, 2011, 02:01:56 AM
-
please help, attached the report files.
Thanks in advice!
Cheers, Arunas.
####
@ kliudzew
Please Reply in this topic and give an outline of what your problem is, so we can get a better understanding of the problem. Once you do the other topic post http://forum.avast.com/index.php?topic=53253.msg681195#msg681195 (http://forum.avast.com/index.php?topic=53253.msg681195#msg681195) will be deleted.
-
You will need to reinstall Avast on completion
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
PRC - [2011.08.24 23:24:21 | 000,382,464 | ---- | M] () -- C:\Windows\update.7.1\svchostdriver.exe
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011.08.24 23:24:21 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\Windows\update.7.1\svchostdriver.exe -- (ddservice)
IE - HKU\S-1-5-21-3958066275-1763255316-255783152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=RGxdm1708Aus&ptb=0FF7791D-AA71-4E67-8230-2F790EED16B5
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O31 - SafeBoot: AlternateShell - services32.exe
[2011.08.24 23:24:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
[2011.08.24 23:24:03 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011.08.24 23:01:26 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011.08.22 18:35:59 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011.08.22 18:32:32 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011.08.22 18:32:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0-lnk
[2011.08.22 18:32:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0
[2011.08.22 18:32:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-15-0-lnk
[2011.08.22 18:32:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-15-0
[2011.08.24 23:01:38 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011.08.24 23:01:38 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011.08.24 23:01:27 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011.08.24 23:01:39 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011.08.24 23:01:38 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011.08.24 23:01:38 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011.08.24 23:01:22 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011.08.24 23:01:16 | 000,000,135 | ---- | C] () -- C:\Windows\info1
[2011.08.22 18:18:30 | 001,213,440 | -H-- | M] () MD5=B8F3E2AEE9E0D7BCA1691165B5A2EBA1 -- C:\Windows\update.tray-15-0-lnk\svchost.exe
[2011.08.22 18:18:30 | 001,213,440 | -H-- | M] () MD5=B8F3E2AEE9E0D7BCA1691165B5A2EBA1 -- C:\Windows\update.tray-7-0-lnk\svchost.exe
:Reg
:Files
ipconfig /flushdns /c
C:\Windows\services32.exe
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Update and run Malwarebytes
-
Now all we need is kliudzew to join the party ;D