Log Reports...RE: Computer Runs slowly and freezes up.

[mthomas6377]

I originally posted in "Other" forum and per Broni I performed all the steps in the malware removal process and attached to this post are the appropriate logs that were requested.

SuperAntispyware Log
Malwarebytes' Anti-Malware Log
and
HijackThis Log


[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in your next reply along with a NEW HijackThis log.

.
----------

Create An Uninstall List

• Start HijackThis
  
• Click on the Open the Misc Tools section
  
• Click on the Open Uninstall Manager button.
  
• Click on the Save list button and specify where you would like to save this file and click Save.
  • When you press Save button a notepad will open with the contents of that file.
• Copy and paste that list in your reply.

.
----------

Next post add
SDFix log
New HijackThis log
Uninsatll list

Also let me know how the PC is running now.

[mthomas6377]

evilfantasy,

The logs as requested are attached. 

The PC does seem to be running better files are opening up more quickly the mouse still is a little hesitant sometimes but it recovers a lot faster than before. 



[recovering disk space -- attachment deleted by admin]

[evilfantasy]

How many antivirus do you have installed? It looks like at least two, maybe three. You need to pick one and uninstall the others. Running more then one will just lead to problems.

AT&T Internet Security Suite
AT&T Internet Security Wizard 1.5.11
Authentium AntiVirus SDK - 2
Radialpoint Security Services
RapidPlayer v3.0 ActiveX Control
RealPlayer
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip

[evilfantasy]

Go to Add or Remove Programs and uninstall:

• Enhanced search
• Help Features
• Help Finder
• IE Win-enhancer
• J2SE Runtime Environment 5.0 Update 10
• Zupdate

.
----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC and run the tool again to ensure everything has been removed.

.
----------

Run this Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [Media-Search] "C:\Program Files\msnet\v9\msnet.EXE" /H
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Á³#  L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\jloivs.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code: [Select]

@ECHO OFF
sc stop NOBICYT
sc delete NOBICYT
sc stop BOONTY
sc delete BOONTY
exit

In Notepad select

File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservices.bat from the Desktop.

----------

Download OTMoveIt2 by OldTimer

• Save it to your desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

[/list]

Code: [Select]

[kill explorer]
C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
C:\PROGRA~1\NORTON~1\navapw32.exe
c:\program files\winfavorites\WinFavorites.exe1
C:\Program Files\msnet\v9\msnet.EXE
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\jloivs.exe
C:\PROGRA~1\SYMNET~1\SNDWarn.exe
C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
EmptyTemp
[start explorer]

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

.
----------

After the computer has been restarted run a new HijackThis scan and post the log

Also let me know how everything is now.

[mthomas6377]

Evilfantasy,

I was in the process of my next assignment but I have a couple of questions before I continue.  As far as the antivirus, I would just like to keep the ATT the others I tried to uninstall but could not find some of them in "Add/Remove Programs" The ones I could not find were
Authentium Antivirus SDK-2
Radialpoint Security Services
RPS (All of them)

Then, I went to remove the programs you listed in your last post and received an error when I tried to do Zupdate.  The message was "Can not locate bdedata2.dll Component"

I was not sure if I should continue any farther since I received the error message so I wanted to check with you first.

Thank You

[evilfantasy]

Just do all of the steps you can and we will deal with what you couldn't do later.

[mthomas6377]

Evilfantasy,

Per your request I performed all the steps that I was able to perform and attached are the logs that you requested.

Thank You

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

The "Can not locate bdedata2.dll Component" error is because Kazaa was not properly removed, or it was removed but it left some bad files behind.

First go to add/remove programs and uninstall b3d Projector

Next you need to download LSP Fix to your Desktop. Using KazaaBegone may disrupt your Internet connection.

You may lose Internet access after removing Kazaa. To be prepared for this print and read this Guide

Download KazaaBegone to the Desktop.
Right click on the Desktop and choose New > Folder.
Drag and drop the KazaaBegone.zip into the new folder.
Unzip the contents of KazaaBegone in the new folder.

Run KazaaBegone

• Double click KazaaBegone.exe from within the new folder.
  
• Select Search & destroy all installed components
  
• Click Go
  
• Answer Yes to the warning.
  
• Close KazaaBegone when it completes.
  
• Empty the Recycle Bin.

.
----------

There are still entries in the HijackThis log that need to be dealt with.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in your next reply along with a NEW HijackThis log.

[mthomas6377]

Evilfantasy,

the logs you requested are attached.  Also, the computer seems to be running a lot slower than before now. 

Thank you


[recovering disk space -- attachment deleted by admin]

[evilfantasy]

We're doing a lot of scans and cleaning files, the speed should pick back up after a few restarts.

SDFix got another one but there are still more.

Download Combofix by sUBs from one of the below links.

• Link #1
  
• Link #2

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, and any antispyware real time protection before performing a scan.
  
  • Click this link to see a list of security programs that should be disabled and how to disable them.
    
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  
• Double click combofix.exe & follow the prompts.
• Choose Yes to accept the Disclaimers.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then the Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix and installing the Recover Console.

Remember to re-enable your antivirus and antispyware protection.

----------

Next post add
Combofix log

[mthomas6377]

Evilfantasy,

attached is the Combofix Log you requested.

Thank You

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

• Click Start , then Run
  
• Type notepad.exe in the Run Box.
  

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
C:\Program Files\Common Files\Authentium
C:\Program Files\CA

File::
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\ABC\\abc.exe"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

[mthomas6377]

Evilfantasy,

The new Combofix log as requested is attached.

Thank You

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Good job!

That took care of a lot, including the other two antivirus that were installed.

We will do some cleanup and then an online scan to see what might have been missed. I think we're getting close now.

---------

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

.
The above procedure will:

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Delete temporary files

Go to:

• Start
• Run
• type: CLEANMGR.EXE
  
• Press Enter.

When prompted select the C: drive and click OK.
Check the boxes for:

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

.
Click OK

----------

Use the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

.

[mthomas6377]

Evilfantasy,

I am thankful to you for helping me out and glad to hear that you see progress.

Attached is the Kaspersky Online Scanner Report. 

Thank You

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

This scanner works with Internet Explorer only

Go to the BitDefender Online Scanner
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report


 
When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save


 
This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
 
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
 
Add the bdscan.txt as an attachment in the next post.

If the log is too big to attach use the below site to host the file.

Upload the file to Savefile.com
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.

[mthomas6377]

Evilfantasy,

Here is the bdscan as you requested.

Thanks

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

OK please run a new Kaspersky scan now and post the log.

[mthomas6377]

Evilfantasy,

Here is the new Kaspersky log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Thursday, July 31, 2008
 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Wednesday, July 30, 2008 18:33:58
 Records in database: 1030144
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\

Scan statistics:
   Files scanned: 73333
   Threat name: 12
   Infected objects: 14
   Suspicious objects: 0
   Duration of the scan: 05:52:23


File name / Threat name / Threats count
C:\Documents and Settings\Michelle Thomas\Application Data\vmntoolbar\vmntoolbar_151.zip   Infected: not-a-virus:AdWare.Win32.MegaSearch.j   1
C:\Documents and Settings\Michelle Thomas\Incomplete\T-328472-02 - sun eyed girl _192kbps_ 29.wma   Infected: Trojan-Downloader.WMA.Wimad.d   1
C:\Documents and Settings\Michelle Thomas\Shared\(1) evernescence 16.wma   Infected: Trojan-Downloader.WMA.Wimad.d   1
C:\Documents and Settings\Michelle Thomas\Shared\beck sun eyed girl.wm   Infected: Trojan-Downloader.WMA.Wimad.m   1
C:\Program Files\vmntoolbar\VMNTOO~11.old   Infected: not-a-virus:AdWare.Win32.MegaSearch.j   1
C:\WINDOWS\system32\bdeinsta3.dll   Infected: not-a-virus:AdWare.Win32.Altnet.a   1
C:\WINDOWS\system32\cashbar.dll   Infected: Trojan-Dropper.Win32.Small.so   1
C:\WINDOWS\system32\cexwxfst.sys   Infected: Trojan-Clicker.Win32.VB.bip   1
C:\WINDOWS\system32\SS001.dll   Infected: Trojan-Dropper.Win32.Mudrop.w   1
C:\WINDOWS\system32\sxwand.sys   Infected: Trojan.Win32.DNSChanger.fgv   1
C:\WINDOWS\system32\tmpxr_184699820684.bk   Infected: Trojan.Win32.Agent.vvx   1
C:\WINDOWS\system32\wfallsfreems.exe   Infected: not-a-virus:AdWare.Win32.SaveNow.e   1
C:\WINDOWS\system32\wfallsfreems.exe   Infected: not-a-virus:AdWare.Win32.SaveNow.bl   1
C:\WINDOWS\system32\yaxcnxd.sys   Infected: Trojan.Win32.DNSChanger.fiw   1

The selected area was scanned.


Thank You

[evilfantasy]

Download

OTMoveIt2 by OldTimer

• Save it to your desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

[kill explorer]
C:\Documents and Settings\Michelle Thomas\Application Data\vmntoolbar\vmntoolbar_151.zip
C:\Documents and Settings\Michelle Thomas\Incomplete\T-328472-02 - sun eyed girl _192kbps_ 29.wma
C:\Documents and Settings\Michelle Thomas\Shared\(1) evernescence 16.wma
C:\Documents and Settings\Michelle Thomas\Shared\beck sun eyed girl.wm
C:\Program Files\vmntoolbar\VMNTOO~11.old
C:\WINDOWS\system32\bdeinsta3.dll
C:\WINDOWS\system32\cashbar.dll
C:\WINDOWS\system32\cexwxfst.sys
C:\WINDOWS\system32\SS001.dll
C:\WINDOWS\system32\sxwand.sys
C:\WINDOWS\system32\tmpxr_184699820684.bk
C:\WINDOWS\system32\wfallsfreems.exe
C:\WINDOWS\system32\wfallsfreems.exe
C:\WINDOWS\system32\yaxcnxd.sys
EmptyTemp
[start explorer]

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

[/list]

[mthomas6377]

Evilfantasy,

The log you requested.


Explorer killed successfully
C:\Documents and Settings\Michelle Thomas\Application Data\vmntoolbar\vmntoolbar_151.zip moved successfully.
C:\Documents and Settings\Michelle Thomas\Incomplete\T-328472-02 - sun eyed girl _192kbps_ 29.wma moved successfully.
C:\Documents and Settings\Michelle Thomas\Shared\(1) evernescence 16.wma moved successfully.
C:\Documents and Settings\Michelle Thomas\Shared\beck sun eyed girl.wm moved successfully.
C:\Program Files\vmntoolbar\VMNTOO~11.old moved successfully.
C:\WINDOWS\system32\bdeinsta3.dll NOT unregistered.
C:\WINDOWS\system32\bdeinsta3.dll moved successfully.
C:\WINDOWS\system32\cashbar.dll unregistered successfully.
C:\WINDOWS\system32\cashbar.dll moved successfully.
C:\WINDOWS\system32\cexwxfst.sys moved successfully.
C:\WINDOWS\system32\SS001.dll unregistered successfully.
C:\WINDOWS\system32\SS001.dll moved successfully.
C:\WINDOWS\system32\sxwand.sys moved successfully.
C:\WINDOWS\system32\tmpxr_184699820684.bk moved successfully.
C:\WINDOWS\system32\wfallsfreems.exe moved successfully.
File/Folder C:\WINDOWS\system32\wfallsfreems.exe not found.
C:\WINDOWS\system32\yaxcnxd.sys moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp10D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp115.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp126.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp127.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmpD8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DF8411.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DFFC3F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DFFC4C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\History\History.IE5\MSHist012008073120080801\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\HQEB7EJ6\all[2].htm scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_173152

[evilfantasy]

Looks good. The next log won't be needed.

I think you are finally malware free

Final steps. Let me know if you have any questions.

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.

If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Use only trusted security software like the programs listed on this page. Trusted security tools & resources

[mthomas6377]

Evilfantasy,

Thank you sooooo much for getting me to this point but I do have a question.

After I created the New restore point you say to

Go to Start > Run and type Cleanmgr
Click OK

When I do this I do not get an option to Click More Options tab

Instead I get a pop up box that says:

Select the Drive you want to clean up:

What do I do here?

Thank You

[evilfantasy]

No problem. It's a little different for XP Home.

Disable the System Restore Utility to prevent re-infection from an old one

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.

Now re-enable System Restore

To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.

[mthomas6377]

Evilfantasy,

Thank You I disabled and re-enabled the system restore per your instructions.  So if I need to go back to a clean working state I will have my Restore point that I created.  Hopefully I won't need it though....But I will definitely utilize all your suggestions to keep my computer clean from the bad stuff. 

I will definitely recommend this site to all my friends and I think you all do a wonderful thing here in helping all of us out who would not know any better.

Thank You

[evilfantasy]

No problem. Glad we got you cleaned up!

Safe surfing.............

[drmsucks]

@mthomas: Now back to the original problem - is your computer running faster?

[mthomas6377]

My computer is running faster indeed....I still need to use the compressed air to clean out the inside....That is definite, but Internet explorer moves faster from website to website and just an overall great improvement on speed. 

I have another issue but I will post a new thread for this one.

Thank You