Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

re-installation after remote access trojan desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

re-installation after remote access trojan desktop

Unread postby Helmut13 » October 14th, 2012, 5:20 am

Hello,

I had a remote acces trojan on my home network (one desktop and two laptops)

viewtopic.php?f=12&t=60498

I reinstalled the desktop completely new. As I had to copy my documents and so on I want to check if the trojan is really not present anymore.

Here are my logs of my desktop PC:

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Helmut at 11:11:06 on 2012-10-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.605 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{BC345F6E-9F23-47B9-AE66-964AF52B67CA} : NameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\helmut\application data\mozilla\firefox\profiles\7jn99jlg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-9 36552]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-9 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-9 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-9 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2012-10-9 31920]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-10-9 84256]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-10-9 108320]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-9 83792]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-10-9 216072]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2012-10-9 4463864]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-13 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-10-12 115168]
.
=============== Created Last 30 ================
.
2012-10-14 08:08:40 -------- d-sh--w- d:\helmut\IETldCache
2012-10-13 17:43:11 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-13 17:42:28 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-10-13 17:42:02 -------- d-----w- c:\windows\ie8updates
2012-10-13 17:41:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-10-13 17:41:45 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-13 17:41:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-13 17:41:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-13 17:41:45 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-10-13 17:41:45 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-10-13 17:41:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-13 17:40:11 -------- dc-h--w- c:\windows\ie8
2012-10-13 17:34:13 -------- d-----w- c:\windows\system32\KB905474
2012-10-13 16:11:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 16:11:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 14:36:38 -------- d-s---w- d:\helmut\UserData
2012-10-13 12:18:31 -------- d-----w- d:\helmut\local settings\application data\Mozilla
2012-10-13 12:16:37 -------- d-----w- d:\helmut\local settings\application data\Temp
2012-10-13 12:16:37 -------- d-----w- d:\helmut\local settings\application data\Adobe
2012-10-13 12:12:04 -------- d-----w- d:\helmut\application data\Avira
2012-10-13 11:56:30 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-10-13 11:56:17 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-10-13 11:55:43 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-10-13 11:55:25 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-10-13 11:55:09 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-10-13 11:53:54 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-10-13 11:53:22 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-10-13 11:53:22 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-10-13 11:53:01 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-10-13 11:53:00 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-10-13 11:53:00 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-10-13 11:53:00 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-10-13 11:53:00 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-10-13 11:53:00 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-10-13 11:52:59 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-10-13 11:52:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-10-13 11:51:45 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-10-13 11:51:36 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-10-13 11:51:26 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-10-13 11:50:37 293376 ------w- c:\windows\system32\browserchoice.exe
2012-10-13 11:50:13 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-10-13 11:49:42 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-10-13 11:49:39 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-10-13 11:48:26 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-10-13 11:48:14 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-10-13 11:48:14 2192640 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-10-13 11:48:14 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-10-13 11:48:13 2069120 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-10-13 11:48:13 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-10-13 11:46:51 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-10-13 11:46:44 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-10-13 11:46:37 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-10-13 11:46:37 3072 ------w- c:\windows\system32\iacenc.dll
2012-10-13 11:46:17 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-10-13 11:46:08 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-10-13 11:46:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-10-13 11:46:05 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-10-13 08:57:17 -------- d-----w- c:\windows\system32\PreInstall
2012-10-13 08:31:55 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-10-12 18:00:21 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJScan
2012-10-12 17:06:01 65024 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP86.DLL
2012-10-12 17:06:01 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD86.DLL
2012-10-12 17:06:00 161792 ----a-w- c:\windows\system32\CNMLM86.DLL
2012-10-12 16:34:28 212480 ----a-w- c:\windows\PCDLIB32.DLL
2012-10-12 16:34:09 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-10-12 16:34:06 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-10-12 16:34:01 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-10-12 16:34:01 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-10-12 16:33:59 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-10-12 16:33:47 -------- d-----w- c:\program files\common files\CANON
2012-10-12 16:32:33 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-10-12 16:32:33 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-10-12 16:32:09 98304 ----a-w- c:\windows\system32\CNQ2413I.DLL
2012-10-12 16:32:09 585728 ----a-w- c:\windows\system32\CNQ2413L.DLL
2012-10-12 16:32:09 188416 ----a-w- c:\windows\system32\CNQ2413O.DLL
2012-10-12 16:32:08 1339392 ----a-w- c:\windows\system32\CNQ2413C.DLL
2012-10-12 16:31:40 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-10-12 16:31:40 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-10-12 16:31:10 -------- d-----w- c:\program files\Canon
2012-10-12 16:24:07 -------- d-----w- c:\program files\MSECache
2012-10-12 16:22:16 -------- d-----w- c:\program files\VideoLAN
2012-10-12 16:16:54 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-10-12 16:12:02 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2012-10-12 16:12:02 17920 ----a-w- c:\windows\system32\mdimon.dll
2012-10-12 16:09:57 -------- d-----w- c:\windows\SHELLNEW
2012-10-12 15:57:49 -------- d-----w- c:\program files\Dell
2012-10-12 15:57:35 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-10-12 15:57:35 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-10-12 15:57:35 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-10-12 15:57:35 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-10-12 15:57:35 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-10-12 15:57:35 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-10-12 15:57:34 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-10-12 15:54:26 -------- d-----w- C:\DellMPv3.1.1
2012-10-12 15:51:03 -------- d-----w- C:\Dell Management Packs
2012-10-12 15:37:11 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2012-10-12 15:37:11 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-10-12 15:37:09 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2012-10-12 15:37:09 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2012-10-12 15:37:06 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2012-10-12 15:37:06 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2012-10-12 15:37:04 56576 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2012-10-12 15:37:04 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2012-10-12 15:37:01 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
2012-10-12 15:37:01 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2012-10-12 14:55:45 -------- d-----w- c:\windows\Downloaded Installations
2012-10-12 14:55:14 132608 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2012-10-12 14:55:14 132608 ----a-r- c:\windows\system32\drivers\b57xp32.sys
2012-10-12 14:55:10 -------- d-----w- c:\program files\Broadcom
.
==================== Find3M ====================
.
2012-10-02 13:03:04 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-10-02 13:02:34 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-10-02 13:02:34 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-10-02 13:02:32 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-09-24 07:58:11 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-13 08:58:17 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-07 15:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
.
============= FINISH: 11:15:48,92 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/9/2012 7:59:28 PM
System Uptime: 10/14/2012 9:04:49 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 66.5 GiB free.
D: is FIXED (NTFS) - 346 GiB total, 282.224 GiB free.
E: is FIXED (NTFS) - 293 GiB total, 260.485 GiB free.
F: is FIXED (NTFS) - 293 GiB total, 284.438 GiB free.
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 932 GiB total, 776.229 GiB free.
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 10/9/2012 8:01:57 PM - System Checkpoint
RP2: 10/9/2012 8:44:48 PM - Installed Windows XP Service Pack 3.
RP3: 10/9/2012 8:59:22 PM - Online Armor Installation
RP4: 10/12/2012 4:55:09 PM - Installed Broadcom Gigabit Integrated Controller
RP5: 10/12/2012 5:36:25 PM - Installed SoundMAX
RP6: 10/12/2012 5:36:30 PM - Installed SoundMAX
RP7: 10/12/2012 5:57:47 PM - Installed Chipset Software Installer
RP8: 10/12/2012 6:08:23 PM - Microsoft Office Professional Edition 2003 wird installiert
RP9: 10/12/2012 6:24:12 PM - Compatibility Pack für 2007 Office System wird installiert
RP10: 10/12/2012 6:34:26 PM - Installiert PhotoStudio
RP11: 10/13/2012 10:57:11 AM - Software Distribution Service 3.0
RP12: 10/13/2012 7:25:19 PM - Software Distribution Service 3.0
RP13: 10/14/2012 9:14:30 AM - Installed Windows XP WgaNotify.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
ArcSoft PhotoStudio 5.5
Avira Free Antivirus
Broadcom Gigabit Integrated Controller
Canon iP4300
Canon MP Navigator EX 2.0
Canon Setup Utility 2.3
Canon Utilities My Printer
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
Compatibility Pack für 2007 Office System
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Graphics Media Accelerator Driver
Malwarebytes Anti-Malware Version 1.65.0.1400
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.1 (x86 de)
Mozilla Maintenance Service
Online Armor 6.0
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982665)
SoundMAX
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VLC media player 2.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/12/2012 4:56:21 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

Thank you
Helmut13
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm
Advertisement
Register to Remove

Re: re-installation after remote access trojan desktop

Unread postby askey127 » October 15th, 2012, 5:43 am

Hi Helmut,
Looks like you did a good job. I am not expecting any problems.
These three scans should tell us what we need to know.
(The DDS logs look good).
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware
As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using this procedure:
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab. Choose Check for Updates.
  • Restart Malwarebytes Anti-Malware after the Update if you have to.
  • After the update has been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Make sure all items are checked. Then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.
    The same new log can also be found via the Logs tab when the application is re-started.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
This allows MBAM to remove additional items that could not be removed while Windows is running.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, and post as a reply. Use separate replies if more convenient.
(The OTL logs may show some items under a heading labeled Zero Access. This does NOT mean there is any infection.)
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • Last Scan log from Antivir
  • MalwareBytes log
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: re-installation after remote access trojan desktop

Unread postby askey127 » October 19th, 2012, 6:48 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 307 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware