[lapyert]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4296

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/23/2010 12:03:36 PM
mbam-log-2010-07-23 (12-03-36).txt

Scan type: Quick scan
Objects scanned: 139673
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the log. Looks good.

[Advertisements]

While Limewire is not illegal to use, the files that you download are frequently bundled with spyware, malware, and viruses. I recommend that you remove these programs in order to help protect your computer against further infections.


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  
  :Services
  
  :Reg
  
  :Files
  :FILES
  c:\windows\system32\5EC5001610.sys
  c:\windows\system32\101600C55E.sys
  
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

next

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

next

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

and finally

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Thanks
Cruise

[Cruise475]

While Limewire is not illegal to use, the files that you download are frequently bundled with spyware, malware, and viruses. I recommend that you remove these programs in order to help protect your computer against further infections.


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  
  :Services
  
  :Reg
  
  :Files
  :FILES
  c:\windows\system32\5EC5001610.sys
  c:\windows\system32\101600C55E.sys
  
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

next

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

next

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

and finally

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Thanks
Cruise

[lapyert]

Sorry for the delay. I had to go out of town for work


OTL log:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== FILES ==========
c:\windows\system32\5EC5001610.sys moved successfully.
c:\windows\system32\101600C55E.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 2968 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Tera Stamper
->Temp folder emptied: 429484 bytes
File delete failed. C:\Documents and Settings\Tera Stamper\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4634197 bytes
->Java cache emptied: 27537 bytes
->FireFox cache emptied: 37895981 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 2433016 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.38 mb


OTL by OldTimer - Version 3.0.10.3 log created on 07262010_105656

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat not found!

Registry entries deleted on Reboot...



Kapersky:
Friday, July 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 26, 2010 18:17:39
Records in database: 4199938
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
F:\
Scan statistics
Objects scanned 191263
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 05:06:17

No threats found. Scanned area is clean.
Selected area has been scanned.


Thanks again for all your help!

[Cruise475]

Hi There,

It's not problem at all. Can you let me know what problems if any you are having?

Thanks
Cruise

[lapyert]

It seems to be running good now. Except norton antivirus. I cant stand it. isnt there a tool to remove it so I can install avast or something like that?

[Cruise475]

Hey There,

You can head to this site to pick up the norton removal tool to remove Norton from your computer: http://www.symantec....3834EN&ln=en_US

Good call on getting rid of Norton, it is a resource hog, and you can get better for free


Now for the best news of the day!

Good News, We have cleaned up your system.

We need to take care of a few housekeeping tasks now.

Uninstall Combofix

• Click on Start > Run (Or press the Windows Key + R)
• Type Combofix /uninstall in the run box and click Ok. Note the space between the x and the /uninstall, it needs to be there.
• 

Program Cleanup
Please open OTL/OTS.

• Make sure you have internet connection..
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Create a restore point.

Click Start Menu > Run > type (or copy and paste) (Windows Vista users and up, hold your Windows Key and then press R)

%SystemRoot%\System32\restore\rstrui.exe (Windows XP and below)
%systemroot%\system32\rstrui.exe(Windows Vista)

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.


Disk Cleanup
Next goto Start Menu > Run > type (Windows Vista users and up, hold your Windows Key and then press R)
cleanmgr


Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder.

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
• Scroll down to the Java SE Runtime Environment (JRE) option.
• Download and install the latest Java Runtime Environment (JRE) version for your computer.

Update Windows

It is a good idea to keep Windows updated by visiting Http://windowsupdate.microsoft.com.

We are going to ensure that Windows Automatic Updating is turned on, to ensure that you will get all available updates.

• Goto your Control Panel.
• Select Automatic Updates
• Make sure Automatic is selected.

Now we will talk about some prevention steps

Antispyware Programs:
I recommend the following programs to help keep your computer safe from future attacks. Be sure to keep them updated, and scan your computer at least once a month.

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

Antivirus Protection.
This is basically a necessity! Be sure to have an up-to-date antivirus program installed and running on your computer. But remember, only one program should be installed at a time to prevent conflicts. As with any other tool, It needs to be updated regurarly to help combat the newest threats. I recommend the following FREE Antivirus Programs.

• AntiVir
• Avast

Firewall.
A firewall is just as important as a reliable antivirus program. A firewall acts as a barrier between you and the rest of the world. It blocks all internet traffic from reaching your computer that you have not approved. If you don't use a firewall it will open up your computer to attacks Criminals can break into your computer and steal your personal information, or to even use your computer for anything they please.

Additional, Just as you should only have one antivirus program installed on your system, you should only have ONE firewall installed. If you have more than one installed, they will conflict with each other and not work properly.

Here are a few Free Personal Firewalls

• Comodo Free Firewall
• Zone Alarm Free
• Sunbelt-Kerio

Next, you can use the MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
http://mvps.org/winhelp2002/hosts.htm


Lastly, To find out more information about how you got infected in the first place, and some pointers to follow to prevent future infections. Check out this article by Tony Klein. How did I get infected in the first place?

I will keep this topic open for a few days to make sure everything is ok!

Good Luck
Cruise

[Cruise475]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.