Computer Hope

Software => Computer viruses and spyware => Topic started by: mthomas6377 on July 26, 2008, 08:13:07 PM

Title: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 26, 2008, 08:13:07 PM
I originally posted in "Other" forum and per Broni I performed all the steps in the malware removal process and attached to this post are the appropriate logs that were requested.

SuperAntispyware Log
Malwarebytes' Anti-Malware Log
and
HijackThis Log


[recovering disk space -- attachment deleted by admin]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 26, 2008, 09:34:48 PM
Download SDFix (http://download.bleepingcomputer.com/andymanchesta/SDFix.exe) by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights
Reboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
.
----------

Create An Uninstall List.
----------

Next post add
SDFix log
New HijackThis log
Uninsatll list

Also let me know how the PC is running now.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 26, 2008, 11:07:39 PM
evilfantasy,

The logs as requested are attached. 

The PC does seem to be running better files are opening up more quickly the mouse still is a little hesitant sometimes but it recovers a lot faster than before. 



[recovering disk space -- attachment deleted by admin]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 26, 2008, 11:31:51 PM
How many antivirus do you have installed? It looks like at least two, maybe three. You need to pick one and uninstall the others. Running more then one will just lead to problems.

AT&T Internet Security Suite
AT&T Internet Security Wizard 1.5.11
Authentium AntiVirus SDK - 2
Radialpoint Security Services
RapidPlayer v3.0 ActiveX Control
RealPlayer
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 27, 2008, 12:29:52 AM
Go to Add or Remove Programs and uninstall:
.
----------

Download the Norton Removal Tool (SymNRT) (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_2000XPVista/1169144666/1) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

.
----------

Run this Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [Media-Search] "C:\Program Files\msnet\v9\msnet.EXE" /H
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Á³#  L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\jloivs.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code: [Select]
@ECHO OFF
sc stop NOBICYT
sc delete NOBICYT
sc stop BOONTY
sc delete BOONTY
exitFile and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservices.bat from the Desktop.

----------

Download OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe)
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

[/list]
Code: [Select]
[kill explorer]
C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
C:\PROGRA~1\NORTON~1\navapw32.exe
c:\program files\winfavorites\WinFavorites.exe1
C:\Program Files\msnet\v9\msnet.EXE
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\jloivs.exe
C:\PROGRA~1\SYMNET~1\SNDWarn.exe
C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
EmptyTemp
[start explorer].
----------

After the computer has been restarted run a new HijackThis scan and post the log

Also let me know how everything is now.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 27, 2008, 07:29:41 AM
Evilfantasy,

I was in the process of my next assignment but I have a couple of questions before I continue.  As far as the antivirus, I would just like to keep the ATT the others I tried to uninstall but could not find some of them in "Add/Remove Programs" The ones I could not find were
Authentium Antivirus SDK-2
Radialpoint Security Services
RPS (All of them)

Then, I went to remove the programs you listed in your last post and received an error when I tried to do Zupdate.  The message was "Can not locate bdedata2.dll Component"

I was not sure if I should continue any farther since I received the error message so I wanted to check with you first.

Thank You
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 27, 2008, 04:11:13 PM
Just do all of the steps you can and we will deal with what you couldn't do later.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 27, 2008, 07:18:56 PM
Evilfantasy,

Per your request I performed all the steps that I was able to perform and attached are the logs that you requested.

Thank You

[recovering disk space -- attachment deleted by admin]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 27, 2008, 07:37:33 PM
The "Can not locate bdedata2.dll Component" error is because Kazaa was not properly removed, or it was removed but it left some bad files behind.

First go to add/remove programs and uninstall b3d Projector

Next you need to download LSP Fix (http://forum.securitycadets.com/index.php?showtopic=149) to your Desktop. Using KazaaBegone may disrupt your Internet connection.

You may lose Internet access after removing Kazaa. To be prepared for this print and read this Guide (http://forum.securitycadets.com/index.php?showtopic=149)

Download KazaaBegone (http://www.majorgeeks.com/download3446.html) to the Desktop.
Right click on the Desktop and choose New > Folder.
Drag and drop the KazaaBegone.zip into the new folder.
Unzip the contents of KazaaBegone in the new folder.

Run KazaaBegone
.
----------

There are still entries in the HijackThis log that need to be dealt with.

Download SDFix (http://download.bleepingcomputer.com/andymanchesta/SDFix.exe) by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

Reboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 28, 2008, 09:45:11 AM
Evilfantasy,

the logs you requested are attached.  Also, the computer seems to be running a lot slower than before now. 

Thank you


[recovering disk space -- attachment deleted by admin]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 28, 2008, 09:54:32 AM
We're doing a lot of scans and cleaning files, the speed should pick back up after a few restarts.

SDFix got another one but there are still more.

Download Combofix by sUBs from one of the below links.

Important! Combofix.exe MUST be saved to and ran from the Desktop.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then the Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall
If needed, see this  Combofix tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) with screenshots that will detail more thoroughly the downloading and running of Combofix and installing the Recover Console.

Remember to re-enable your antivirus and antispyware protection.

----------

Next post add
Combofix log
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 28, 2008, 11:00:49 AM
Evilfantasy,

attached is the Combofix Log you requested.

Thank You

[recovering disk space -- attachment deleted by admin]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 28, 2008, 11:39:30 AM
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll::

Folder::
C:\Program Files\Common Files\Authentium
C:\Program Files\CA

File::
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\ABC\\abc.exe"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript.gif)

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 28, 2008, 12:13:48 PM
Evilfantasy,

The new Combofix log as requested is attached.

Thank You

[recovering disk space -- attachment deleted by admin]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 28, 2008, 12:24:38 PM
Good job! :)

That took care of a lot, including the other two antivirus that were installed.

We will do some cleanup and then an online scan to see what might have been missed. I think we're getting close now.

---------

.
(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)
.
The above procedure will:.
----------

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Delete temporary files

Go to:
When prompted select the C: drive and click OK.
Check the boxes for:.
Click OK

----------

Use the  Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As(http://i154.photobucket.com/albums/s258/evilfantasy69/Kas-Savetxt.gif)

Copy and paste the Kaspersky Online Scanner Report in your next reply.

.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 29, 2008, 06:17:22 AM
Evilfantasy,

I am thankful to you for helping me out and glad to hear that you see progress.

Attached is the Kaspersky Online Scanner Report. 

Thank You

[recovering disk space -- attachment deleted by admin]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 29, 2008, 03:54:22 PM
This scanner works with Internet Explorer only

Go to the  BitDefender Online Scanner (http://www.bitdefender.com/scan8/ie.html)
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report

(http://i154.photobucket.com/albums/s258/evilfantasy69/Tutorials/bit.jpg)
 
When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save

(http://i154.photobucket.com/albums/s258/evilfantasy69/Tutorials/bit2.jpg)
 
This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
 
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
 
Add the bdscan.txt as an attachment in the next post.

If the log is too big to attach use the below site to host the file.

Upload the file to Savefile.com (http://savefile.com/upload.phpSelect/)
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 30, 2008, 12:49:58 PM
Evilfantasy,

Here is the bdscan as you requested.

Thanks

[recovering disk space -- attachment deleted by admin]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 30, 2008, 01:40:38 PM
OK please run a new Kaspersky scan now and post the log.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 31, 2008, 06:33:13 AM
Evilfantasy,

Here is the new Kaspersky log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Thursday, July 31, 2008
 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Wednesday, July 30, 2008 18:33:58
 Records in database: 1030144
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\

Scan statistics:
   Files scanned: 73333
   Threat name: 12
   Infected objects: 14
   Suspicious objects: 0
   Duration of the scan: 05:52:23


File name / Threat name / Threats count
C:\Documents and Settings\Michelle Thomas\Application Data\vmntoolbar\vmntoolbar_151.zip   Infected: not-a-virus:AdWare.Win32.MegaSearch.j   1
C:\Documents and Settings\Michelle Thomas\Incomplete\T-328472-02 - sun eyed girl _192kbps_ 29.wma   Infected: Trojan-Downloader.WMA.Wimad.d   1
C:\Documents and Settings\Michelle Thomas\Shared\(1) evernescence 16.wma   Infected: Trojan-Downloader.WMA.Wimad.d   1
C:\Documents and Settings\Michelle Thomas\Shared\beck sun eyed girl.wm   Infected: Trojan-Downloader.WMA.Wimad.m   1
C:\Program Files\vmntoolbar\VMNTOO~11.old   Infected: not-a-virus:AdWare.Win32.MegaSearch.j   1
C:\WINDOWS\system32\bdeinsta3.dll   Infected: not-a-virus:AdWare.Win32.Altnet.a   1
C:\WINDOWS\system32\cashbar.dll   Infected: Trojan-Dropper.Win32.Small.so   1
C:\WINDOWS\system32\cexwxfst.sys   Infected: Trojan-Clicker.Win32.VB.bip   1
C:\WINDOWS\system32\SS001.dll   Infected: Trojan-Dropper.Win32.Mudrop.w   1
C:\WINDOWS\system32\sxwand.sys   Infected: Trojan.Win32.DNSChanger.fgv   1
C:\WINDOWS\system32\tmpxr_184699820684.bk   Infected: Trojan.Win32.Agent.vvx   1
C:\WINDOWS\system32\wfallsfreems.exe   Infected: not-a-virus:AdWare.Win32.SaveNow.e   1
C:\WINDOWS\system32\wfallsfreems.exe   Infected: not-a-virus:AdWare.Win32.SaveNow.bl   1
C:\WINDOWS\system32\yaxcnxd.sys   Infected: Trojan.Win32.DNSChanger.fiw   1

The selected area was scanned.


Thank You
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 31, 2008, 11:23:39 AM
OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe)
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

Quote
[kill explorer]
C:\Documents and Settings\Michelle Thomas\Application Data\vmntoolbar\vmntoolbar_151.zip
C:\Documents and Settings\Michelle Thomas\Incomplete\T-328472-02 - sun eyed girl _192kbps_ 29.wma
C:\Documents and Settings\Michelle Thomas\Shared\(1) evernescence 16.wma
C:\Documents and Settings\Michelle Thomas\Shared\beck sun eyed girl.wm
C:\Program Files\vmntoolbar\VMNTOO~11.old
C:\WINDOWS\system32\bdeinsta3.dll
C:\WINDOWS\system32\cashbar.dll
C:\WINDOWS\system32\cexwxfst.sys
C:\WINDOWS\system32\SS001.dll
C:\WINDOWS\system32\sxwand.sys
C:\WINDOWS\system32\tmpxr_184699820684.bk
C:\WINDOWS\system32\wfallsfreems.exe
C:\WINDOWS\system32\wfallsfreems.exe
C:\WINDOWS\system32\yaxcnxd.sys
EmptyTemp
[start explorer]
[/list]
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 31, 2008, 03:37:40 PM
Evilfantasy,

The log you requested.


Explorer killed successfully
C:\Documents and Settings\Michelle Thomas\Application Data\vmntoolbar\vmntoolbar_151.zip moved successfully.
C:\Documents and Settings\Michelle Thomas\Incomplete\T-328472-02 - sun eyed girl _192kbps_ 29.wma moved successfully.
C:\Documents and Settings\Michelle Thomas\Shared\(1) evernescence 16.wma moved successfully.
C:\Documents and Settings\Michelle Thomas\Shared\beck sun eyed girl.wm moved successfully.
C:\Program Files\vmntoolbar\VMNTOO~11.old moved successfully.
C:\WINDOWS\system32\bdeinsta3.dll NOT unregistered.
C:\WINDOWS\system32\bdeinsta3.dll moved successfully.
C:\WINDOWS\system32\cashbar.dll unregistered successfully.
C:\WINDOWS\system32\cashbar.dll moved successfully.
C:\WINDOWS\system32\cexwxfst.sys moved successfully.
C:\WINDOWS\system32\SS001.dll unregistered successfully.
C:\WINDOWS\system32\SS001.dll moved successfully.
C:\WINDOWS\system32\sxwand.sys moved successfully.
C:\WINDOWS\system32\tmpxr_184699820684.bk moved successfully.
C:\WINDOWS\system32\wfallsfreems.exe moved successfully.
File/Folder C:\WINDOWS\system32\wfallsfreems.exe not found.
C:\WINDOWS\system32\yaxcnxd.sys moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp10D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp115.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp126.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp127.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmpD8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DF8411.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DFFC3F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DFFC4C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\History\History.IE5\MSHist012008073120080801\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\HQEB7EJ6\all[2].htm scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_173152
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 31, 2008, 03:41:43 PM
Looks good. The next log won't be needed.

I think you are finally malware free :)

Final steps. Let me know if you have any questions.

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide  (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
.
----------

Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

If you are running any Microsoft Office version go to the Office Update (http://office.microsoft.com/search/redir.aspx?assetid=ES790020331033&CTT=96&Origin=CL100570421033) site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 (http://www.spreadfirefox.com/node&id=224248&t=324) with Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) and NoScript (http://noscript.net/)

To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
*  Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Check out  Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.

Use only trusted security software like the programs listed on this page. Trusted security tools & resources (http://evilspages.blogspot.com/2008/07/trusted-security-tools-resources.html)
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 31, 2008, 04:38:19 PM
Evilfantasy,

Thank you sooooo much for getting me to this point but I do have a question.

After I created the New restore point you say to

Go to Start > Run and type Cleanmgr
Click OK

When I do this I do not get an option to Click More Options tab

Instead I get a pop up box that says:

Select the Drive you want to clean up:

What do I do here?

Thank You
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 31, 2008, 04:39:54 PM
No problem. It's a little different for XP Home.

Disable the System Restore Utility to prevent re-infection from an old one

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.

Now re-enable System Restore

To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on July 31, 2008, 04:53:40 PM
Evilfantasy,

Thank You I disabled and re-enabled the system restore per your instructions.  So if I need to go back to a clean working state I will have my Restore point that I created.  Hopefully I won't need it though....But I will definitely utilize all your suggestions to keep my computer clean from the bad stuff. 

I will definitely recommend this site to all my friends and I think you all do a wonderful thing here in helping all of us out who would not know any better.

Thank You
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: evilfantasy on July 31, 2008, 05:43:18 PM
No problem. Glad we got you cleaned up!

Safe surfing.............(http://bestsmileys.com/water/12.gif)
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: drmsucks on July 31, 2008, 05:56:53 PM
@mthomas: Now back to the original problem - is your computer running faster?
Title: Re: Log Reports...RE: Computer Runs slowly and freezes up.
Post by: mthomas6377 on August 01, 2008, 07:02:17 AM
My computer is running faster indeed....I still need to use the compressed air to clean out the inside....That is definite, but Internet explorer moves faster from website to website and just an overall great improvement on speed. 

I have another issue but I will post a new thread for this one.

Thank You