WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Alpha Virus

2 posters

descriptionAlpha Virus EmptyAlpha Virus26th March 2010, 6:52 pm

more_horiz
I am trying to remove this virus and registered at your site but it wont even let me install the Java update.

descriptionAlpha Virus EmptyRe: Alpha Virus26th March 2010, 7:29 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Alpha Virus DXwU4
Alpha Virus VvYDg

descriptionAlpha Virus EmptyRe: Alpha Virus26th March 2010, 8:03 pm

more_horiz
The extras.txt was not created.


OTL logfile created on: 3/26/2010 3:58:25 PM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\shep.miller\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 14.09 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive D: | 40.35 Gb Total Space | 29.92 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 34.18 Gb Total Space | 12.08 Gb Free Space | 35.33% Space Free | Partition Type: NTFS
Drive P: | 97.98 Gb Total Space | 14.88 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
Drive S: | 97.98 Gb Total Space | 14.88 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
Drive U: | 34.18 Gb Total Space | 14.09 Gb Free Space | 41.23% Space Free | Partition Type: *NT5CSC

Computer Name: KITCO5
Current User Name: shep.miller
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\shep.miller\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\shep.miller\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Templar) -- C:\Program Files\Paragent\Templar\Templar.exe ()
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
SRV - (klnagent) -- C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe (Kaspersky Lab)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ncprwsnt) -- C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE (NCP Engineering GmbH)
SRV - (rwsrsu) -- C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe ()
SRV - (ncpclcfg) -- C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe (NCP engineering GmbH)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (NcpSec) -- C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE ()


========== Driver Services (SafeList) ==========

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ncpvaxp) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (NcpFiltMP) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (NcpFilt) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NcpBudget] C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpMonitor] C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe ()
O4 - HKLM..\Run: [ntautkts] C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ntautkts] C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhoneManager.lnk = C:\Program Files\Avaya\IP Office\Phone Manager\PhoneManager.exe (Avaya Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264447808036 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://192.168.1.253:50000/SysCamInst.cab (AudioClient Control)
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} http://72.218.132.44:81/MP4DVR.cab (ERViewerOCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 100.0.0.10 100.0.0.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kfo.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/19 09:38:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- u:\My Data Sources
[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- u:\My Videos
[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- u:\My Pictures
[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- u:\My Music
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Outlook
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\New Folder
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\My PSP8 Files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Light Tech
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\KITCO
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Favorites
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Desktop
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Cyberlink
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Avayanew
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- u:\Avaya
[2010/03/26 15:52:00 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shep.miller\Desktop\OTL.exe
[2010/03/26 14:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/26 14:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/26 13:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shep.miller\Application Data\Sun
[2010/03/26 13:52:11 | 016,258,848 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\shep.miller\Desktop\jre-6u18-windows-i586.exe
[2010/03/26 12:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/26 12:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/25 20:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh
[2010/03/09 17:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Paragent
[2010/01/25 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/06 14:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xerox
[2008/08/19 09:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/19 09:38:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/19 09:38:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/26 15:52:06 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shep.miller\Desktop\OTL.exe
[2010/03/26 15:08:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/26 15:06:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/26 14:58:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/26 14:58:45 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\shep.miller\NTUSER.DAT
[2010/03/26 14:58:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\shep.miller\ntuser.ini
[2010/03/26 14:57:38 | 000,000,703 | ---- | M] () -- u:\reader.ini
[2010/03/26 14:57:08 | 000,053,733 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/26 14:57:07 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/26 14:52:02 | 003,230,670 | -H-- | M] () -- C:\Documents and Settings\shep.miller\Local Settings\Application Data\IconCache.db
[2010/03/26 13:52:11 | 016,258,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\shep.miller\Desktop\jre-6u18-windows-i586.exe
[2010/03/26 13:06:58 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 13:06:58 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/26 13:06:58 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 12:41:26 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\shep.miller\Desktop\Spybot - Search & Destroy.lnk
[2010/03/26 06:58:21 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\shep.miller\Desktop\Microsoft Office Outlook 2003.lnk
[2010/03/22 14:30:50 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\shep.miller\Desktop\Microsoft Office Excel 2003.lnk
[2010/03/17 11:02:20 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v65).ini
[2010/03/16 11:26:52 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v64).ini
[2010/03/11 15:42:00 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v63).ini
[2010/03/09 12:36:10 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v62).ini
[2010/03/09 12:32:59 | 000,002,416 | RHS- | M] () -- C:\Documents and Settings\shep.miller\ntuser.pol
[2010/02/26 15:00:43 | 000,000,703 | ---- | M] () -- u:\reader (shep.miller v61).ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 044,095,075 | ---- | C] () -- u:\Accounting Policy Statements (4).doc
[2099/01/01 12:00:00 | 007,092,341 | ---- | C] () -- u:\Newsletter_Jan_2008.pdf
[2099/01/01 12:00:00 | 001,842,813 | ---- | C] () -- u:\Accounting Policy Statements.pdf
[2099/01/01 12:00:00 | 000,138,639 | ---- | C] () -- u:\kitco electronicletterhead.pdf
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader.ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v65).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v64).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v63).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v62).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v61).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v60).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v59).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v58).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v57).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v56).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v55).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v54).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v53).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v52).ini
[2099/01/01 12:00:00 | 000,000,703 | ---- | C] () -- u:\reader (shep.miller v51).ini
[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- u:\reader (shep.miller v50).ini
[2010/03/26 12:41:26 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\shep.miller\Desktop\Spybot - Search & Destroy.lnk
[2009/08/30 14:32:34 | 000,008,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/19 10:13:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.shep.miller.ini
[2009/07/29 17:22:15 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\shep.miller\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/19 14:37:54 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/08/19 14:34:04 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2008/08/19 14:34:04 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2008/08/19 14:33:27 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2008/08/19 14:33:26 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\SBtrv32.dll
[2008/08/19 14:31:28 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008/08/19 10:53:13 | 000,000,997 | ---- | C] () -- C:\WINDOWS\maxnet.ini
[2008/08/19 10:48:11 | 000,000,562 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/19 10:17:36 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/19 10:17:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/19 10:17:35 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/19 10:17:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/19 09:53:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/08/19 09:53:30 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/06/18 13:36:38 | 000,000,394 | ---- | C] () -- C:\WINDOWS\maxrdc.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
< End of report >

descriptionAlpha Virus EmptyRe: Alpha Virus26th March 2010, 8:10 pm

more_horiz
Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ntautkts] C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe ()
    O4 - HKCU..\Run: [ntautkts] C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe ()
    [2010/03/25 20:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Alpha Virus DXwU4
Alpha Virus VvYDg

descriptionAlpha Virus EmptyOTL Run Fix ran successfully6th April 2010, 3:25 pm

more_horiz
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ntautkts deleted successfully.
C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ntautkts deleted successfully.
File C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh\oyixsftav.exe not found.
C:\Documents and Settings\shep.miller\Local Settings\Application Data\nduljh folder moved successfully.

OTL by OldTimer - Version 3.1.37.3 log created on 04062010_112400

descriptionAlpha Virus EmptyRe: Alpha Virus6th April 2010, 4:42 pm

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Alpha Virus DXwU4
Alpha Virus VvYDg

descriptionAlpha Virus EmptyRe: Alpha Virus7th April 2010, 3:33 pm

more_horiz
That seems to have worked, Thank You very much, I will extol the virtues of your site to all who may need to use it.
GRC :smile2:

descriptionAlpha Virus EmptyRe: Alpha Virus7th April 2010, 7:30 pm

more_horiz
Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Alpha Virus DXwU4
Alpha Virus VvYDg

descriptionAlpha Virus EmptyRe: Alpha Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum