Jump to content

oldman960

Trusted Malware Techs
  • Content Count

    59
  • Joined

  • Last visited

Everything posted by oldman960

  1. oldman960

    Pc Slowdown

    Hi boanro, More than happy to have been able to help. Take care.
  2. oldman960

    Pc Slowdown

    Hi boanro, I don't see anything to be concerned with. It does seem to be a temporary file issue, the last tool we used will clean out some of the caches. We'll clean up the tools. Keep Defogger as we will use it later in the cleanup. From your desktop, please delete, if present any notepads/logs that we created aswMBR.exe DDS.scr MBR.dat Next Click the Start button, click Run. Copy and paste the following line into the run box and click OK Combofix /uninstall I suggest you keep MBAM. Keep it updated and use it regularly. You can also keep TFC, use it regularly. To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop. Your Emulation drivers are now re-enabled. You can now delete Defogger. Updates and upgrades There is a new version of java available. Click your start button, open Control panel. Locate the Java icon (it looks like a coffee cup) double click it to open it click the Update tab Click update now Next, clear the java cache Still in Control Panel. [*]Double-click the Java icon in the control panel. [*]On the General tab, Click Settings under Temporary Internet Files. [*]On the Temporary Files Settings screen, Click Delete Files. [*]check all boxes [*]Click OK Some Recommendations and prevention tips Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have those already. You can also use Spybot to install a Custom Hosts file. -Secure your Internet Explorer From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis - Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System - Keep your antivirus program updated, as well as any other security programs you have. -More tips and programs can be found HERE - You may also want to read this article By Tony Klein http://www.freedomlist.com/forum/viewtopic.php?t=22879 Please post back if you have any problems. Take care
  3. oldman960

    Pc Slowdown

    Hi boanro, Let's see if this will turn anything up. Please read through these instructions to familarize yourself with what to expect when this tool runs Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Please post back with the combofix log. Thanks
  4. oldman960

    Pc Slowdown

    Hi boanro, No problem. I'll "see" you in a couple of days.
  5. oldman960

    Pc Slowdown

    Hi boanro, Perhaps your temporary internet files got a little out of hand. When is the last time you did some basic maintanance and cleanup? Try using the computer for a bit. Let me know how you make out and if it still seems ok we'll clean up the tools.
  6. oldman960

    Pc Slowdown

    H iboanro, That log looks good. Which browser are you using? Is it the same with all browsers? Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean Next You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan. Open MBAM Click the Update tab Click Check for Updates If an update is found, it will download and install the latest version. The program will close to update and reopen. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Please post back with MBAM logThanks
  7. oldman960

    Pc Slowdown

    Hi boanro, There may be a false reading in that last scan. It may be caused some software you have installed that could interfer with aswMBR. We'll temporarily disable some drivers and make sure we get an accurate log. Please download DeFogger to your desktop. Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK If it needs to, DeFogger may ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Do not re-enable these drivers until otherwise instructed. Next Please rerun aswMBR.exe as you did before and post the log produced.
  8. oldman960

    Pc Slowdown

    Hi boanro , Comodo appears to be installed with just the firewall. When did you first notice the slow down? Any other symptoms? FrostWire 4.21.3 You have FrostWire 4.21.3, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm I would recommend that you uninstall FrostWire 4.21.3, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. Open hijackthis, do a system scan only and checkmark these lines, if present O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file) O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT. Download aswMBR.exe ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply
  9. oldman960

    Pc Slowdown

    Hi boanro , welcome to the forum. To make cleaning this machine easier Please do not uninstall/install any programs unless asked toIt is more difficult when files/programs are appearing in/disappearing from the logs. Please do not run any scans other than those requested Please follow all instructions in the order posted All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked. Do not attach any logs/reports, etc.. unless specifically requested to do so. If you have problems with or do not understand the instructions, Please ask before continuing. Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine. Looks like you may have mutiple antivirus programs installed. If this is the case it will not give you more protection, it may actually give you less. Multiple antivirus programs will conflict causing the slow down you are experiencing. Avast5 COMODO Internet Security- did you install this with the antivirus? Please download DDS and save it to your desktop. Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open.An additional log called Attach.txt should appear minimized on the task bar. Save both reports to your desktop before closing the DDS window. Please post back with antivirus status DDS.txt Attach.txt Thanks
  10. oldman960

    Redirecting Virus

    Hi mackie, No you can uninstall it. I find it to b a nusiance. You're welcome.
  11. oldman960

    Unable To Produce A Hijack This Log

    Hi mary_to78, Keep Defogger, we will use it shortly. From your desktop, please delete, if present any notepads/logs that we created Rootkit Unhooker GMER.exe GMER.zip Next *Create a new Restore Point* Click on the Start button to open your Start Menu. Click on the Control Panel menu option. Click on the System and Maintenance menu option. Click on the System menu option. Click on System Protection in the left-hand task list. Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point. Type in a title for the manual restore point and press the Create button. Close the System window after you have been advised that the procedure has been successfully completed. *Remove old Restore Points* Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and Ok it This will remove all restore points except the most recent one. Next To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop. Your Emulation drivers are now re-enabled. Next Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself. I suggest you keep MBAM. Keep it updated and use it regularly. Eset online scanner can be uninstalled if you wish, Click on the Start button > Control Panel Depending on your setings, either click on the Uninstall a program option under the Programs category. If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead. Some Recommendations and prevention tips Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. * If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended. Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware) You should also use Spyware Blaster to help immunize your computer. - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. OR A guide to understanding and using the hosts file. Learn how your Hosts file can protect you and how you can protect it. Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file. HOSTS Please read the info on disabling the DNS Client before installing a custom hosts file. -Secure your Internet Explorer From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis - Ensure that Automatic Update is turned on so you get all the latest patches. Click start, control panel, click Security Center. - Keep your antivirus program updated, as well as any other security programs you have. -Check this site out to check for out of date programs Secunia Personal Software Inspector (PSI) 1.0 -More tips and programs can be found HERE - You may also want to read this article By Tony Klein http://www.freedomlist.com/forum/viewtopic.php?t=22879 Please post back if you have any problems. We'll keep this thread open for a couple of days. Take care
  12. oldman960

    Unable To Produce A Hijack This Log

    Hi mary_to78, I'll give you some links for some free antivrus programs including AVG. Please do this fix first then reinstall AVG or an alternate antivirus programs. Next, Right click on OTL.exe and chose Run as Administrator to run it Under the Custom Scans/Fixes box at the bottom, paste in the following Do Not copy the word CODE please note the fix starts with the : :Services :OTL O4 - HKLM..\Run: [] File not found IE - HKCU\..\URLSearchHook: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - Reg Error: Key error. File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. :Files C:\ProgramData\32b918\182347.reg C:\ProgramData\32b918\9d2a7379f890eb472243c999ebf67cc7.ocx C:\ProgramData\32b918\ISS.ico C:\ProgramData\32b918\mcp.ico C:\Users\Owner\AppData\Roaming\Internet Security Suite C:\ProgramData\32b918\vghm9s01u8ny2p45e7tm9q01ucu8dfg2p4hkn.dll C:\ProgramData\ISKYS :Commands [createrestorepoint] [emptytemp] Then click the Run Fix button at the top Let the program run unhindered Please save the resulting log to be posted in your next reply. Please install one of these antivirus programs. Avast Help and support can be found here Avast Forum AVG Help and support can be found here AVG Forum Antivir PersonalEditionClassic Help and support can be found here Avira Personal Support Forum Please post back with the OTL fix log. We'll clean up the tools after you have posted back. Thanks
  13. oldman960

    Redirecting Virus

    Hi mackie, JonTom is away from the forums for a few days and asked if I would finish this with you. Everything looks good so we will clean up the tools. The ESET detections will be taken care of as part of the tools removal. Please note that some of these tools have their own unique method for removal. Please follow the steps as posted. From your desktop, please delete, if present any notepads/logs that were created GMER (10z4c3wy[1].exe) You can also delete these programs from wherever you saved them to. CWShredder Stinger I suggest you keep MBAM. Keep it updated and use it regularly. SuperAntiSpyware, your choice, it's a decent on demand scanner. If you would rather not have it you can uninstall it via add/remove programs. ESET can be uninstalled via ADD/Remove programs. Next Click the Start button, click Run. Copy and paste the following line into the run box and click OK Combofix /uninstall Open OTM then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself. Updates and upgrades You have an older version of Adobe Reader. You can download the current version HERE You may want to consider Foxit Reader instead. It may be a bit lighter on resources. Visit their support forum Foxit Forum In either case you should uninstall Adobe Reader 7.1.0 first. Be sure to move any PDF documents to another folder first though. Some Recommendations and prevention tips Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have most of them. For resident antispyware I suggest either Windows Defender OR Winpatrol You should also use Spyware Blaster to help immunize your computer. - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. OR A guide to understanding and using the hosts file. Learn how your Hosts file can protect you and how you can protect it. Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file. HOSTS Please read the info on disabling the DNS Client before installing a custom hosts file. -Secure your Internet Explorer From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis - Make sure Automatic Updates is set to your chosen option. Click your start button > Control Panel > System - Keep your antivirus program updated, as well as any other security programs you have. -More tips and programs can be found HERE - You may also want to read this article By Tony Klein http://www.freedomlist.com/forum/viewtopic.php?t=22879 Please post back if you have any problems. Take care
  14. oldman960

    Unable To Produce A Hijack This Log

    Hi mary_to78, Do you still have AVG installed? It seems to have disappeared from the logs. Could I get you to do another quick little scan? Right click on OTL.exe and select "Run as Adminstrator" to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, click the None button near the top (it may looked greyed out) In the window under Custom Scans/Fixes copy and paste the following C:\ProgramData\32b918\*.* /s C:\Users\Owner\AppData\Roaming\Internet Security Suite\*.* /s C:\ProgramData\ISKYS\*.* /s Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open a notepad window, OTL.Txt. Please post this log. Thanks
  15. oldman960

    Unable To Produce A Hijack This Log

    Hi mary_to78, JonTom will be away from the forum for a few days and asked if I'd finish this with you. As a Vista user you will need to right click your browser icon and choose "Run as Administrator" in order to run this next scan. Do not do anything else with that instance of your browser except for this scan. Once the scan is inished, please save the log and close that instance of your browser. *Note It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your antivirus along with your antispyware programs. Go here to run an online scannner from ESET (Note: You must use Internet Explorer for this scan.) Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock Click Start Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked. Click Scan. Wait for the scan to finish. Re-enable your Antivirus software. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later. Please post back with the ESET log. Next Right click on the icon and choose "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted. Click on Minimal Output at the top In the Custom Scans and fixes window copy and paste the following C:\Users\Owner\AppData\Roaming\Internet Security Suite C:\ProgramData\ISKYS [2010/11/22 18:18:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\32b918 Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open a notepad windows. OTL.Txt Pleease post back with Eset log OTL.txt How's the computer? Thanks
  16. oldman960

    getting rid of rootkit virus

    Glad we could help. Since this issue appears resolved ... this Topic is closed.
  17. oldman960

    HJT Log-Need Immediate Help

    Glad we could help. Since this issue appears resolved ... this Topic is closed.
  18. oldman960

    getting rid of rootkit virus

    Hi Eriya, You very welcome. Don't take it the wrong way, but if I don't "see" you again, it will be a good thing.
  19. oldman960

    getting rid of rootkit virus

    Hi Eriya, The files Kaspersky detected are already quarantined and will be removed when the tools are removed. I see you also used Defogger. Do not delete this program as we will use it shortly. If no other problems, we can clean up our tools. From your desktop, please delete, if present any notepads/logs that we created Rooter.exe GMER.zip GMER.exe jre-6u18-windows-i586.exe RootRepeal.exe Win32kDiag.exe From within Windows explorer you can delete these folders, C:\Rooter$ C:\Program Files\Alwil Software Next Click the Start button, click Run. Copy and paste the following line into the run box and click OK Combofix /uninstall Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself. I suggest you keep MBAM, keep it updated and use it regularly. To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop. Your Emulation drivers are now re-enabled. Some Recommendations and prevention tips Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. For an antispyware program with resident (real time) scanning. I suggest Windows Defender OR Winpatrol You should also use Spyware Blaster to help immunize your computer. - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. OR A guide to understanding and using the hosts file. Learn how your Hosts file can protect you and how you can protect it. Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file. HOSTS Please read the info on disabling the DNS Client before installing a custom hosts file. -Secure your Internet Explorer From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis - Ensure that Automatic Update is turned on so you get all the latest patches. Click start, control panel, click Security Center. - Keep your antivirus program updated, as well as any other security programs you have. -Check this site out to check for out of date programs Secunia Personal Software Inspector (PSI) 1.0 -More tips and programs can be found HERE - You may also want to read this article By Tony Klein http://www.freedomlist.com/forum/viewtopic.php?t=22879 We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved". Take care
  20. oldman960

    getting rid of rootkit virus

    Hi Eriya, C:\DOCUME~1\BETHAN~1\My Documents\MAYA\awkeygen.exe This would indicate that this is a cracked illegal copy of the program Maya. I would kindly ask you remove it. Cracks and keygens are a large source of infection. Your java is way out of date and vulnerable. Go to http://java.sun.com/javase/downloads/index.jsp Scroll down to "Java Runtime Environment (JRE) 6 Update 18 Click the download button on the right. If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content. Select the platform (Windows, in your case), mutli language. Accept the license agreement, click continue. You do not have to install the Java Web Start ActiveX ControlScroll down and click on Windows Offline Installation, Save the file jre-6u18-windows-i586-p.exe to your desktop; Do not select Run . Do not install it yet. When the download is complete, close your browser. Open Control Panel > Add/Remove Programs and uninstall J2SE Runtime Environment 5.0 Update 4 Do not uninstall Java TM 6 Update 18 if found! Reboot your computer. Double-click on the saved file ( jre-6u18-windows-i586-p.exe) to install the update. Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so. *NoteIt is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your antivirus along with your antispyware programs. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save buttonSpyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Change the Files of type to Text file (.txt) Set the Save In to Desktop click the Save button. Please post this log in your next reply. Please post back withKaspersky log new OTL scan log taken after the Kaspersky scan. Thanks
  21. oldman960

    HJT Log-Need Immediate Help

    Hi TyphlosionDragon, Finish the other steps if you haven't all ready done so. Then check with the forum that I gave you the link to so you can sort out your driver issue. Good luck and keep safe.
  22. oldman960

    getting rid of rootkit virus

    Hi Eriya, Yes we have a little more to do. I see you have both Avast and McAfee installed. 2 antivirus programs do not mean better protection. Due to conflicts that can arise it may in fact mean less. The combofix log reports McAfee as being updated. You also said a new copy was on it's way. Click your start button > ADD/Remove programs and uninstall Avast If you have any questions about this please ask. Next, Download Rooter.exe to your desktop Then doubleclick it to start the tool A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have installed Windows). Post that in your next reply. You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan. Open MBAM Click the Update tab Click Check for Updates If an update is found, it will download and install the latest version. The program will close to update and reopen. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Please post back with Rooter log MBAM log
  23. oldman960

    getting rid of rootkit virus

    Hi Eriya, Go ahead and run combofix. Combofix will most likely reboot your computer. When it does try to boot back into safe mode. Save the log and try to boot to normal windows and post th log. Thanks
  24. oldman960

    HJT Log-Need Immediate Help

    Hi TyphlosionDragon, Well I've never had that happen before but it seems to be Symantec that's disabling it. LINK I wouldn't go as far as the one person did and uninstall your antivirus program. There are a few more that you could try or as suggested in the link, check with Symantec.
  25. oldman960

    .dll errors galore

    Glad we could help. Since this issue appears resolved ... this Topic is closed.
×