Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DLL umtoam.dll is not a valid Windows image


  • This topic is locked This topic is locked

#16
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Strange issue with your desktop wallpaper. We'll get back to it later.

Do you recognize this file?

C:\Program Files\kri060RWL_174801004.jpg


Step 1.
Virscan:

  • Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\yxly.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same with this:
  • C:\Program Files\kri060RWL_174801004.jpg

Step 2.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-682003330-1004336348-2146735463-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-682003330-1004336348-2146735463-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O3 - HKU\S-1-5-21-682003330-1004336348-2146735463-1003\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O15 - HKU\S-1-5-21-682003330-1004336348-2146735463-1003\..Trusted Domains: ([]msn in My Computer)
    [2010/08/17 09:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\fljmkcfvq
    [2010/05/11 14:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\uTorrent
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog


Step 3.
MBAM:

  • Launch Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 4.
Things I would like to see in your reply:

  • The answer to the question in the beginning of this post.
  • The results from the filescans in step 1.
  • The content of the fixlog from OTL in step 2.
  • The content of the report from MBAM in step 3.

  • 0

Advertisements


#17
carlsonjok

carlsonjok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Do you recognize this file?

C:\Program Files\kri060RWL_174801004.jpg


No, but it is, umm, interesting!

Results of file scan:
  • C:\yxly.exe
ERROR: Can't find upload file!

Results of file scan:
  • C:\Program Files\kri060RWL_174801004.jpg
VirSCAN.org Scanned Report :
Scanned time : 2010/09/17 09:00:44 (CDT)
Scanner results: Scanners did not find malware!
File Name : kri060RWL_174801004.jpg
File Size : 251073 byte
File Type : JPEG image data, JFIF standard 1.02
MD5 : 51d56816cb93675849d8c84ec9c1f990
SHA1 : e1701b393d0c6ed185ffc31f2094e89a776acc4a
Online report : http://virscan.org/r...f616c56d9c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100917005258 2010-09-17 40.10 -
AhnLab V3 2010.09.16.01 2010.09.16 2010-09-16 40.09 -
AntiVir 8.2.4.52 7.10.11.200 2010-09-17 0.33 -
Antiy 2.0.18 20100917.5185283 2010-09-17 0.13 -
Arcavir 2009 201006281601 2010-06-28 0.02 -
Authentium 5.1.1 201009170229 2010-09-17 1.32 -
AVAST! 4.7.4 100917-0 2010-09-17 0.02 -
AVG 8.5.850 271.1.1/3140 2010-09-17 0.24 -
BitDefender 7.90123.6387732 7.33928 2010-09-17 4.62 -
ClamAV 0.96.1 11953 2010-09-17 0.02 -
Comodo 4.0 6103 2010-09-16 40.09 -
CP Secure 1.3.0.5 2010.09.17 2010-09-17 0.01 -
Dr.Web 5.0.2.3300 2010.09.17 2010-09-17 11.00 -
F-Prot 4.4.4.56 20100916 2010-09-16 1.27 -
F-Secure 7.02.73807 2010.09.17.06 2010-09-17 10.75 -
Fortinet 4.1.143 12.359 2010-09-16 27.57 -
GData 21.852/21.338 20100917 2010-09-17 40.09 -
ViRobot 20100916 2010.09.16 2010-09-16 37.43 -
Ikarus T3.1.32.15.0 2010.09.17.76748 2010-09-17 7.76 -
JiangMin 13.0.900 2010.08.30 2010-08-30 27.55 -
Kaspersky 5.5.10 2010.09.17 2010-09-17 0.12 -
KingSoft 2009.2.5.15 2010.9.17.18 2010-09-17 40.09 -
McAfee 5400.1158 6108 2010-09-16 18.42 -
Microsoft 1.6201 2010.09.17 2010-09-17 40.09 -
Norman 6.06.05 6.06.00 2010-09-17 8.02 -
Panda 9.05.01 2010.09.16 2010-09-16 40.11 -
Trend Micro 9.120-1004 7.468.07 2010-09-17 0.02 -
Quick Heal 11.00 2010.09.17 2010-09-17 40.09 -
Rising 20.0 22.65.03.04 2010-09-16 40.10 -
Sophos 3.11.2 4.57 2010-09-17 4.12 -
Sunbelt 3.9.2447.2 6884 2010-09-16 40.09 -
Symantec 1.3.0.24 20100916.002 2010-09-16 0.05 -
nProtect 20100916.02 9122264 2010-09-16 40.09 -
The Hacker 6.7.0.0 v00020 2010-09-16 40.09 -
VBA32 3.12.14.0 20100917.0843 2010-09-17 3.39 -
VirusBuster 4.5.11.10 10.128.4/2050751 2010-09-17 2.44 -

The content of the fixlog from OTLin step 2.

All processes killed
========== OTL ==========
HKU\S-1-5-21-682003330-1004336348-2146735463-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-682003330-1004336348-2146735463-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-682003330-1004336348-2146735463-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1004336348-2146735463-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\fljmkcfvq folder moved successfully.
C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jeff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff Carlson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: log

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner

User: Owner.JEFF-UFSIEVRDBX
->Temp folder emptied: 4356167 bytes
->Temporary Internet Files folder emptied: 1538278 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 95127797 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3816 bytes

User: OWNER~1~JEF

User: Pat Franz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Temporary Internet Files

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 96.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: Jeff

User: Jeff Carlson
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: log

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Owner

User: Owner.JEFF-UFSIEVRDBX
->Flash cache emptied: 0 bytes

User: OWNER~1~JEF

User: Pat Franz

User: Temporary Internet Files

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09172010_092627

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

The content of the report from MBAM in step 3.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4639

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/17/2010 9:38:07 AM
mbam-log-2010-09-17 (09-38-07).txt

Scan type: Quick scan
Objects scanned: 213997
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#18
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Thanks

We'll remove C:\yxly.exe
Need to take a peek in a folder also.
Then we'll do a thorough scan.

Step 1.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/04/20 23:31:07 | 000,000,000 | ---- | M] () -- C:\yxly.exe
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog


Step 2.
OTL-scan:


  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button.
  • Under the Custom Scan box paste this in

    C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\*. /s

  • Click the Run Scan button. The scan wont take long.
  • When the scan completes, it will open a notepad windows with OTL.Txt that's saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it.

Step 3.
Post logs:

  • Please post the content of the fixlog from OTL in step 1.
  • Please post the content OTL.txt from step 2.

Step 4.
Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
  • Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")


Step 5.
Post logs:

  • Please post the content of the report from KOS in step 4.


How is you computer running now?

-----
  • 0

#19
carlsonjok

carlsonjok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Step 1 - OTL Fixlog

All processes killed
========== OTL ==========
C:\yxly.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff Carlson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: log

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Owner.JEFF-UFSIEVRDBX
->Temp folder emptied: 731650 bytes
->Temporary Internet Files folder emptied: 33386 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62837765 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2724 bytes

User: OWNER~1~JEF

User: Pat Franz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Temporary Internet Files

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: Jeff

User: Jeff Carlson
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: log

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Owner

User: Owner.JEFF-UFSIEVRDBX
->Flash cache emptied: 0 bytes

User: OWNER~1~JEF

User: Pat Franz

User: Temporary Internet Files

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09172010_121357

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Step 2 - OTL Scan Results

OTL logfile created on: 9/17/2010 12:21:25 PM - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 21.22 Gb Free Space | 38.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 306.07 Gb Free Space | 65.71% Space Free | Partition Type: NTFS

Computer Name: JEFF-UFSIEVRDBX
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========


< C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\*. /s >
[2009/12/26 05:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\chrome
[2009/12/26 05:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\components
[2009/12/26 05:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\defaults
[2009/12/26 05:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\defaults\preferences
< End of report >

Step 4 - Kaspersky Scan Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 17, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 17, 2010 08:56:15
Records in database: 4215744
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Objects scanned: 148198
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:25:42

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#20
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Can you please do one more scan.

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button.
  • Under the Custom Scan box paste this in

    C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\*.* /s

  • Click the Run Scan button. The scan wont take long.
  • When the scan completes, it will open a notepad windows with OTL.Txt that's saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it.

  • 0

#21
carlsonjok

carlsonjok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL logfile created on: 9/18/2010 3:07:49 AM - Run 4
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 20.86 Gb Free Space | 37.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 306.07 Gb Free Space | 65.71% Space Free | Partition Type: NTFS

Computer Name: JEFF-UFSIEVRDBX
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========


< C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\*.* /s >
[2009/11/19 19:07:52 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\chrome.manifest
[2009/11/19 16:54:10 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\install.js
[2009/11/19 19:36:48 | 000,002,190 | ---- | M] () -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\install.rdf
[2009/11/19 19:36:56 | 000,027,898 | ---- | M] () -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\chrome\opendownload.jar
[2008/07/13 22:26:32 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\components\nsOpenDownloadListeners.idl
[2008/12/20 00:59:20 | 000,005,223 | ---- | M] () -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\components\nsOpenDownloadListeners.js
[2008/07/14 03:39:16 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\components\nsOpenDownloadListeners.xpt
[2009/02/12 00:23:42 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Owner.JEFF-UFSIEVRDBX\Application Data\Mozilla\Firefox\Profiles\xjw7upt5.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}\defaults\preferences\prefs.js
< End of report >
  • 0

#22
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hey there, carlsonjok !

OK! Well done, your log is clean again! :)

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    Posted Image

Second:

Double-click OTL.exe to start it.
Click the Clean Up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTL Clean Up.


Third:
Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
System Restore will now be active again.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,


Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


Do you still have that white section on your desktop?
  • 0

#23
carlsonjok

carlsonjok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
All done. Thank you for the help. Donation forthcoming. Have a few Nils Oscar beverages on me.

Do you still have that white section on your desktop?


No. Yesterday, I happened to move my mouse to the top of the screen and a tan header bar came up with the normal Minimize, Restore Down, Close on the right hand side. I clicked the Close X and it disappeared. I wish I had only minimized it, so I could figure out what it was, but I had closed it before I had that thought. Also, I am still having the problem I had started with where, after using Internet Explorer, my desktop no longer works: I can't start programs from the desktop and right/left clicking on the desktop does not bring up any dialog boxes. However, I am going on holiday starting Monday and, since my PC is malware free, I'll probably try to address that after I return in a week.

Tackar så mycket
  • 0

#24
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I'll leave this topic open until you return then.

I'll investigate it while you're on vacation.
  • 0

#25
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Do you need help sorting out the issue with the "white background"?
  • 0

Advertisements


#26
carlsonjok

carlsonjok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Do you need help sorting out the issue with the "white background"?


No, I resolved that previously. The problem I am still struggling with is whenever I use Internet Explorer (8.0.6001.18702), I can no longer use my desktop. I cannot double click on an icon to run the program, nor can I even single click on it to highlight it. Indeed, even right-clicking on the desktop itself does not bring up the Properties dialog box. I can still run programs from Start and I can right click on the task bar to get to it's properties dialog box. It is only the desktop affected.

Thanks.
  • 0

#27
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

No, I resolved that previously. The problem I am still struggling with is whenever I use Internet Explorer (8.0.6001.18702), I can no longer use my desktop. I cannot double click on an icon to run the program, nor can I even single click on it to highlight it. Indeed, even right-clicking on the desktop itself does not bring up the Properties dialog box. I can still run programs from Start and I can right click on the task bar to get to it's properties dialog box. It is only the desktop affected.

Thanks.


So when you don't use (run/open IE8) your desktop is as normal?
What happens when you close IE8 does your desktop go back to normal behavior?

  • 0

#28
carlsonjok

carlsonjok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

So when you don't use (run/open IE8) your desktop is as normal?

There is no problem at all when I use Firefox as my browser.

What happens when you close IE8 does your desktop go back to normal behavior?

No, it does not. I have to restart the computer for the desktop to work again.
  • 0

#29
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

Error - 9/17/2010 7:15:37 AM | Computer Name = JEFF-UFSIEVRDBX | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

This indicates that there is an issue with mouse installation.

Please start a new topic in the OS section of this board.
In that topic mention that you've been removing malware and post a link to this topic.

heir
  • 0

#30
carlsonjok

carlsonjok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Will do. Thank you for all your help with the malware. Feel free to close this topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP