Jump to content

I need your assistant! (I am infected?)


poemem

Recommended Posts

  • 1 month later...

Hello,

Please advise if you still have the same issues or if you have otherwise resolved them.

If not resolved, and you desire guided help here, do rerun the DDS program and post back copy of contents of DDS.txt file.

If we do not hear back from you in 4 days, this thread will be closed.

Link to post
Share on other sites

Here again the results (Before many days i have run Anti-Malware bytes in safe mode and i have erase what found)

This is the new log with dds program:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.0.0

Run by User at 17:40:38 on 2012-01-28

Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.1023.289 [GMT 2:00]

.

AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\tmp-si-firefox-808772.exe

C:\Program Files\Mozilla Firefox\firefox.exe

J:\Movie maker\h\Diafora\Mircs\MirCs\Optional\mirc.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.bing.com/?pc=AVBR

uStart Page = hxxp://www.bing.com/?pc=AVBR

mWinlogon: UIHost=c:\windows\system32\logonuiX.exe

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {33be3f48-0175-2dc0-07d7-35d86d033029} - Groove Folder Synchronization

BHO: Idea2 SidebarBrowserMonitor Class: {45ad732c-2ce2-4666-b366-b2214ad57a49} - c:\program files\desktop sidebar\sbhelp.dll

BHO: {53707962-6f74-2d53-2644-206d7942484f} - Spybot-S&D IE Protection

BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRunOnce: [Restore protected SaveIt-application 'Firefox'] "c:\program files\mozilla firefox\tmp-si-firefox-808772.exe" /exefile:"c:\program files\mozilla firefox\firefox.exe" /SRUCOMMAND:"" /SRURECOVER:""

mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

mExplorerRun: [application] c:\program files\aspmonitor\ASMonitor.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - c:\program files\desktop sidebar\sbhelp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

TCP: DhcpNameServer = 192.168.10.254

TCP: Interfaces\{1871A91E-DEA1-482A-AEFE-546F9FD46949} : DhcpNameServer = 192.168.10.254

TCP: Interfaces\{8CC0B407-1F69-4280-AA19-E4B415CF0655} : DhcpNameServer = 192.168.10.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\User\application data\mozilla\firefox\profiles\uprzioih.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mozilla firefox\components\qfaservices.dll

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\User\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.proxy.type - 0

FF - user.js: network.proxy.http -

FF - user.js: network.proxy.http_port - 0

FF - user.js: network.proxy.ssl -

FF - user.js: network.proxy.ssl_port - 0

FF - user.js: network.proxy.ftp -

FF - user.js: network.proxy.ftp_port - 0

FF - user.js: network.proxy.gopher -

FF - user.js: network.proxy.gopher_port - 0

FF - user.js: network.proxy.socks_version - 5

FF - user.js: network.proxy.socks -

FF - user.js: network.proxy.socks_port - 0

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]

R1 FDC1ANT;FDC1ANT;c:\windows\system32\drivers\FDC1ANT.SYS [2009-3-25 47855]

R1 FDCBNT;FDCBNT;c:\windows\system32\drivers\FDCBNT.SYS [2009-4-19 47470]

R1 HMFAxCore56d706f6725c732df006697fd5ec3381;HMFAxCore56d706f6725c732df006697fd5ec3381;c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys [2009-2-9 15872]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-3-10 101616]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-9-10 33824]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/02/05 14:12:35];c:\program files\cyberlink\powerdvd8\000.fcl [2009-1-20 87536]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-21 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-21 22216]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S0 Shadow;Shadow; [x]

S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys --> c:\windows\system32\drivers\epfwtdir.sys [?]

S2 CDMA Device Service;CDMA Device Service;c:\program files\samsung\usb drivers\26_via_driver2\x86\viaservice.exe --> c:\program files\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 klpsrvc;klpsrvc; [x]

S3 AIDA32Driver;AIDA32Driver;\??\k:\my documents\@diafora\3942\aida32.sys --> k:\my documents\@diafora\3942\aida32.sys [?]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-12-13 30312]

S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2009-3-18 219264]

S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2011-1-27 101520]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-12-13 20032]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 netr28u;11n Wireless USB Adapter Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-7-15 569344]

S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-9-15 13312]

S3 RapDrv;RapDrv;c:\windows\system32\drivers\RapDrv.sys [2009-1-10 104968]

S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2009-1-10 36644]

S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2009-1-10 24344]

S3 rt2870;11n Wireless USB Adapter LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-7-15 550144]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-3-27 23064]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-12-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-12-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-12-13 136808]

S3 usbanyka;USB Web Camera;c:\windows\system32\drivers\usbanyka.sys [2011-1-4 17536]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-7-26 17792]

S4 black;black;c:\windows\system32\drivers\blackdrv.sys [2009-1-10 229331]

S4 BlackICE;BlackICE;c:\program files\iss\blackice\blackd.exe [2009-1-10 1229430]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-1-4 1527900]

S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

.

=============== Created Last 30 ================

.

2012-01-28 14:21:03 1565665 -----tw- c:\program files\mozilla firefox\tmp-si-firefox-808772.exe

2012-01-22 12:11:15 156 ----a-w- c:\documents and settings\User\application data\Melt.bat

2012-01-14 22:15:27 -------- d-----w- C:\Microgaming

2012-01-14 22:15:27 -------- d-----w- c:\documents and settings\all users\application data\MGS

2012-01-06 10:57:58 -------- d-----w- C:\Casino

2012-01-05 16:24:44 1565665 -----tw- c:\program files\mozilla firefox\tmp-si-firefox-823543.exe

2012-01-05 16:22:53 -------- d-----w- c:\documents and settings\User\application data\Mozilla-Cache

2012-01-05 16:19:00 -------- d-----w- c:\program files\PartyGaming

2012-01-05 15:40:13 -------- d-----w- c:\documents and settings\User\application data\CasinoOnNet

2012-01-05 15:40:09 -------- d-----w- c:\program files\CasinoOnNet

2012-01-02 09:20:02 -------- d-----w- C:\~ErdUserProfile.$$$

2012-01-01 09:10:19 -------- d-----w- c:\program files\Shield

2012-01-01 09:09:42 -------- d-----w- c:\windows\system32\1052

2012-01-01 09:09:40 -------- d-----w- c:\documents and settings\User\local settings\application data\ApplicationHistory

.

==================== Find3M ====================

.

2012-01-27 23:41:02 73728 ----a-w- c:\windows\ALCFDRTM.VER

2012-01-05 16:27:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-21 13:41:04 88125328 ----a-w- C:\jdk-7u2-windows-i586.exe

2011-10-31 09:22:56 4659712 ----a-w- c:\windows\system32\Redemption.dll

2011-10-31 09:22:42 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2011-10-31 09:22:42 325552 ----a-w- c:\windows\MASetupCaller.dll

2011-10-31 09:22:42 30568 ----a-w- c:\windows\MusiccityDownload.exe

2011-10-31 09:22:36 821824 ----a-w- c:\windows\system32\dgderapi.dll

2011-10-31 09:22:36 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2011-10-31 09:22:36 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2008-03-09 05:25:10 236 ----a-w- c:\program files\common files\dx.reg

2011-03-14 14:48:16 73728 --sha-r- c:\windows\system32\drivers\nul.mfac\Anti-Copy.exe

2011-03-14 14:48:06 69632 --sha-r- c:\windows\system32\drivers\nul.mfac\Anti-Delete.exe

2011-03-14 14:48:12 94208 --sha-r- c:\windows\system32\drivers\nul.mfac\Anti-Run.exe

.

============= FINISH: 17:41:58.95 ===============

Link to post
Share on other sites

Hello poemem,

Would you please say what the main problem is?

and why this has Kaspersky anti-virus amd also ESET Smart Security ?

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Step 4

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

I was using some days, before many months kaspersky, now i have only the eset (maybe when i uinistall let me some folder/paths of kasperksy). I don't have a specific problem, i only want to know how i will be more protected.

I have done all you say. What you need to post now and how? Like the other results i post before?

Link to post
Share on other sites

Hope your login has administrator rights. You probably do not need a password (since there probably was not one before).

Please look on the Desktop. The OTL & Extras should probably be there.

IF not on the Desktop, they may be under folder c:\documents and settings\User

You can also use XP SEARCH on the XP Start menu to look for OTL.txt & Extras.txt & Checkup.txt

Link to post
Share on other sites

Yes, i think i have administrator rights. I can't find anywhere those files. When finish the scan says me can't file the files in desktop and asks me if want to create new. I press yes and nothing! I don't know why. If i leave blank password in the program that is asking, again is not continue :S

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for poemem only. If you are a casual viewer, do NOT try this on your system!

If you are not poemem and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Close & exit any programs that you started. This next procedure will do a restart of Windows at the end. Please have lots of patience.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    C:\WINDOWS\Tasks\At1.job
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d5e5c28-a2fe-11e0-97ae-0019e079426e}]
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

Hello again. I have run the program and i have add the lines you said and i have run fix. Computer reboots and here are the log:

Now what i msut do? Computer is cleaned by virus?

Placed log In-line ~ Moderator

All processes killed

========== PROCESSES ==========

========== FILES ==========

C:\RECYCLER\S-1-5-21-1644491937-776561741-1614895754-1003\Dc48 folder moved successfully.

C:\RECYCLER\S-1-5-21-1644491937-776561741-1614895754-1003\Dc33.brrip folder moved successfully.

C:\RECYCLER\S-1-5-21-1644491937-776561741-1614895754-1003 folder moved successfully.

C:\RECYCLER folder moved successfully.

recycler not found in H:\

recycler not found in J:\

C:\WINDOWS\Tasks\At1.job moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d5e5c28-a2fe-11e0-97ae-0019e079426e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d5e5c28-a2fe-11e0-97ae-0019e079426e}\ not found.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: Administrator.X-91DF8DD4D0234

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Guest

User: HelpAssistant

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: User

->Temp folder emptied: 83232651 bytes

->Temporary Internet Files folder emptied: 49093067 bytes

->Java cache emptied: 10413057 bytes

->FireFox cache emptied: 466843279 bytes

->Google Chrome cache emptied: 557424 bytes

->Opera cache emptied: 19912211 bytes

->Flash cache emptied: 2475 bytes

User: SUPPORT_388945a0

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 1655808 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4895500 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 375452027 bytes

Total Files Cleaned = 965.00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: Administrator.X-91DF8DD4D0234

User: All Users

User: Default User

User: Guest

User: HelpAssistant

User: LocalService

User: NetworkService

User: User

->Flash cache emptied: 0 bytes

User: SUPPORT_388945a0

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01302012_160641

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF2F84.tmp not found!

File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.Word\~WRF{D66B3651-A44D-4AC1-B21D-A360FDFDB028}.tmp not found!

File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.Word\~WRS{1B552050-9CBC-485F-B071-00B4ACDB5DCF}.tmp not found!

File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.Word\~WRS{BE669A34-763A-4CCE-B0E1-ED53C18A8CF1}.tmp not found!

File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.Word\~WRS{C466E152-57C5-4292-B0C4-3F4886A6FA87}.tmp not found!

File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.Word\~WRS{D634AD62-D588-4410-B57F-6A6C0A2BFE31}.tmp not found!

Registry entries deleted on Reboot...

Edited by Maurice Naggar
Log put In-line
Link to post
Share on other sites

No, we are not finsihed yet. We only started with some reports. and a cleaning of temporary files and one un-wanted setting.

There is a lot more to do.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post

  • the contents of checkup.txt Use NOTEPAD to open the log, then COPY all lines, next use PASTE to put all lines in your POST

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.30

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Smart Security

Autorun Virus Remover 2.3

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 12

Java 7

Java SE Development Kit 7

Adobe Flash Player 11.1.102.55

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox 7.0.1 Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

``````````End of Log````````````

Link to post
Share on other sites

Firefox browser is out of date. Start FF >> Help >> About

Follow the prompts and allow it to update to latest release version.

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader via Control Panel >> Add or Remove Programs.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586-s.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 30 from Sun Microsystems Inc.

Tell me, How is your system now :excl:

Link to post
Share on other sites

If you have not purchased a license for MBAM, let me suggest you do so to get benefit of the live-monitor Protection Module. The low one-time fee is good for life.

Download OTC to your desktop and run it

We are finished here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.