Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Printable Version | Subscribe | Add to Favourites   Post new thread Poll:
Author: Subject: Suspicious activity
LSemmens
Undercover MOD
********


Avatar


Posts: 32767
Registered: 19-11-2004
Location: Riverton, South Australia
Theme: Windows XP Silver
Member Is Offline

Mood: Gone crazy, Back soo

[*] Post 405964 posted on 19-3-2010 at 03:59 Reply With Quote
Suspicious activity



I'm uncertain if I have some hidden keylogger installed as occasionally my system freezes for a second or so. Your "check here before posting logs" page, Pancake, may need updating for W7 64 bit, too.

All I can offer is a HJT log at the moment, My modem should be firewalled. (Billion 7401)

Attachment: hijackthis.log (6.25kb)
This file has been downloaded 208 times
View User's Profile View All Posts By User
Pancake
Custom User Title
*******


Avatar


Posts: 537
Registered: 17-4-2006
Location: Victoria Australia
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 405999 posted on 19-3-2010 at 21:48 Reply With Quote


The bid problem here is that there is next to nothing in the way of malware removers for 64bit.With major infection users are reverting back to 32 bit...Lets see if we can spot anything.




Download OTL to your desktop.http://oldtimer.geekstogo.com/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check.
Under Custom Scan copy and paste the text from the code box.

Code:


netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\System32\antiwpa.dll
%systemroot%\SYSTEM32\wpa.dll
%systemroot%\setup\scripts\biestart.exe
%systemroot%\system32\drivers\royal.sys
%systemroot%\system32\oobe\AntiWPA_Crypt.dll
%TEMP%\antiwpa_crypt.dll
%TEMP%\antiwpa.dll /s
%PROGRAMFILES%\antiwpa.dll /s
%systemroot%\system32\crypt.dll
%TEMP%\crypt.dll
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.




Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy the contents of these files and post them with your next reply.If the text is to big,zip it up or post it in two or three parts.
View User's Profile View All Posts By User
LSemmens
Undercover MOD
********


Avatar


Posts: 32767
Registered: 19-11-2004
Location: Riverton, South Australia
Theme: Windows XP Silver
Member Is Offline

Mood: Gone crazy, Back soo

[*] Post 406017 posted on 20-3-2010 at 13:07 Reply With Quote
extras.txt





Attachment: Extras.Txt (42.93kb)
This file has been downloaded 328 times
View User's Profile View All Posts By User
Post new thread Poll:

Guest Notice
You are a guest, as a guest you can only see a maximum of 3 posts per thread.

If you want to see the rest, please click here to register.