[NeonFx]

Excellent

STEP 1

Run OTS

• Under the Paste Fix Here box on the right, paste in the following
  
  

  [Files/Folders - Modified Within 30 Days]
  NY -> win32k.sys -> C:\Windows\win32k.sys
  [Custom Items]
  :clearrestorepoints
  :end
  [Empty Temp Folders]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.

STEP 2

Note: I give you the instructions for downloading MalwareBytes and running it below, but if you already have it installed there is no need to reinstall it. Just update it by clicking on the update tab and then on the button. After updating, you can start at step 3.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

STEP 3

Run OTS again and click on the Quick Scan button at the top. Copy and Paste the results of this scan in your next reply.

[Advertisements]

when i pasted the code into the fix here box and run fix it did so for a little while before stopping with a message "Range check error"

[jayordan19]

when i pasted the code into the fix here box and run fix it did so for a little while before stopping with a message "Range check error"

[NeonFx]

Ok. Skip that step and proceed with Step 2. Please also do Step 3 for me.

[jayordan19]

Malware and OTS are attached.

Attached Files

•  mbam_log_2009_10_25__23_56_39_.txt   2.36KB   95 downloads
•  OTS.Txt   105.16KB   105 downloads

[NeonFx]

Good job. I don't see anything else in the OTS log. How's the computer running?

I want to run an online AntiVirus to be absolutely sure you're clean. This will take a while but it's well worth it as it can find things most other scans will miss.

STEP 1

Before we do, I need you to update Internet Explorer to IE8. Even if you don't use it, we need to have it updated as its components are deeply connected with Windows itself.

Please go here to download the installer:

http://www.microsoft.com/windows/internet-explorer/


STEP 2

The online scanner uses Java, so I will need you to download and install the latest version for that.

Please go here to download the installer:

http://java.com/en/download/index.jsp


STEP 3



Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.



2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.


The program will then begin downloading and installing and will also update the database.


Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Also, try the computer out for a while and let me know how its running.

[jayordan19]

it would not let me run the online scan. when i went to it, it gave me this message
"The program could not be started. The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

[ERROR: java.lang.RuntimeException: Kaspersky Online Scanner 7.0 cannot be started because this computer has Kaspersky Internet Security 8.0 (9.0) installed.]"

The computer has been running really well lately, the browser and all of my programs are running quicker than they had been. but now i have this problem with the online scanner. i deactivated my Kaspersky protection and tried again but nothing changed.

[NeonFx]

Could you run a scan of your entire system using your Kaspersky AntiVirus for me? Please update it before running the scans. Copy and Paste the results here if you can.

[jayordan19]

I ran a complete scan and it detected no threats. I cannot really figure out how to post the results of the scan because I cannot find the exact details of it. When I clicked the detailed report it came up with something, but it did not appear to important (I attached it to this reply)

Attached Files

•  Latest_Scan.txt   5.07KB   130 downloads

[NeonFx]

Excellent. Let's cleanup.

STEP 1

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

STEP 2

To clean up OldTimer's tools, along with a few others, do the following:

• Run OTS.exe by double clicking on it
• Click on the "CleanUp" button on the top.
• You will be asked if you wish to reboot your system, select "Yes"

STEP 3

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.


All Clean

Congratulations!, , your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates


Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlockList Pro's HOSTS Manager HERE

• Double click the Installer on your desktop and let it Install the Hosts Manager
• After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
• When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
• Click Disable DNS Service. This is important
• In the Left Pane, click Download
• It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save

You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Install WinPatrol
Download it HERE
You can find information about how WinPatrol works HERE

Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Setting up Automatic Updates
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this.

Read further information HERE on how to prevent Malware infections and keep yourself clean.

[jayordan19]

Thank you so much for walking me through all of this. Since I am in my final semester of college you can imagine how important my computer is to me (and how dependent I am on it). You were so much more helpful than our school's Computer Service department whom has yet to contact me about the problem I had a week ago (and we are not a big school by any means). You are the best and if I have any problems in the future I will be sure to go to you first.

[NeonFx]

You're very welcome jayordan19 You have a good one.

[NeonFx]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.