Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Svchost.exe trojan


Kenml

Recommended Posts

We need to create an OTL Report

 

1. Please download OTL

http://oldtimer.geekstogo.com/OTL.exe

 

2. Save it to your desktop.

3. Double click on the icon on your desktop.

4. Click the "Scan All Users" checkbox.

5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.

6. Copy and Paste the following into the textbox.

 

 

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

winlogon.exe

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

 

7. Push "scan"

8. Two reports will open, copy and paste them in a reply here:

• OTListIt.txt <-- Will be opened

• Extra.txt <-- Will be minimized

use the attachment manager and attach this txt files

Link to comment
Share on other sites

otl script

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, or win 7, right-click on the file and choose Run As Administrator).

• Copy all the lines

below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose

Copy):

 

:otl

O4 - HKLM..\Run: [CTxfiHlp] File not found

O4 - HKLM..\Run: [CtxfiReg] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

:commants

[purity]

[EMPTYFLASH]

[emptytemp]

[start explorer]

[Reboot]

• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.

• Close any browser(s) windows that may be open.

• Using your mouse, click on the red-lettered button Run Fix.

• Once you see a message box "Fix complete! Click OK to open the fix log."

Click the OK button

• The log will open in Notepad (your default text editor).

• Save the log. Post a copy of that log in your next reply.

Link to comment
Share on other sites

Hi marksug, Your instructions are very easy to follow and everything went as listed.

Thanks again for your support.

Here's the text file.

 

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CTxfiHlp deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CtxfiReg deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Error: Unable to interpret <:commants> in the current context!

Error: Unable to interpret <[purity]> in the current context!

Error: Unable to interpret <[EMPTYFLASH]> in the current context!

Error: Unable to interpret <[emptytemp]> in the current context!

Error: Unable to interpret <[start explorer]> in the current context!

Error: Unable to interpret <[Reboot]> in the current context!

 

OTL by OldTimer - Version 3.2.15.0 log created on 10112010_120739

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites

can you try it again?

 

:otl

O4 - HKLM..\Run: [CTxfiHlp] File not found

O4 - HKLM..\Run: [CtxfiReg] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

:files

:commants

[purity]

[EMPTYFLASH]

[emptytemp]

[start explorer]

[Reboot]

• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.

• Close any browser(s) windows that may be open.

• Using your mouse, click on the red-lettered button Run Fix.

• Once you see a message box "Fix complete! Click OK to open the fix log."

Click the OK button

• The log will open in Notepad (your default text editor).

• Save the log. Post a copy of that log in your next reply.

 

Edit/Delete Message

Link to comment
Share on other sites

Hi markusg, Fired off OTL again. Here's what came up.

 

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CTxfiHlp not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CtxfiReg not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== FILES ==========

Error: Unable to interpret <:commants> in the current context!

Error: Unable to interpret <[purity]> in the current context!

Error: Unable to interpret <[EMPTYFLASH]> in the current context!

Error: Unable to interpret <[emptytemp]> in the current context!

Error: Unable to interpret <[start explorer]> in the current context!

Error: Unable to interpret <[Reboot]> in the current context!

 

OTL by OldTimer - Version 3.2.15.0 log created on 10122010_095613

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites

please upgrade to bitdefender 2011, update and scan, tell us the results

 

Well your support and great review of the Bitdefender got me. I bought it and have just completed the install. Doing a deep scan now. Will send you the results when it is finished in another 5:13 minutes.

BTW I just renewed my Security Shield subscription a couple of months ago. It is now uninstalled.

 

Regards

 

Ken Alger

Link to comment
Share on other sites

please upgrade to bitdefender 2011, update and scan, tell us the results

 

OK, here's the results.

 

Scanned items: 1323247

Infected items: 56

Suspect items: 0 (no suspected items have been detected)

Resolved items: 53

Unresolved items: 3

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...