Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware Infection [Closed]


  • This topic is locked This topic is locked

#16
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi there -
Sorry about the delay, things are becoming a little more normal for my schedule now.

Many of those infections you see in the ESET log were already in quarantine by the other tools we ran.
Now you see some of the benefits one can get from P2P downloads!
I will go over my ESET instructions and make sure they are current :)
I am still concerned about the System Restore not working correctly and I would like you to do a little testing for me.

Step 1
Please click on the Start Orb and in the search box type in services.msc
The Services box will open
Please scroll down the list to find the Windows Backup service and then double click it.
Make sure that the Startup Type is set to Manual, if it is not, please select Manual and click OK

Step 2
Click on the Start Orb, then Right Click on Computer.
Next click on System Protection
Posted Image

The System Properties box will open and in there, please click on Create
Posted Image

You will be prompted for a name, you can call it whatever you like, then click on that create button.

Now hopefully you will get a System Protection box telling you that the restore point was created successfully. But if not, please make note of any errors you receive here.

Step 3

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • List last 10 Event Viewer log
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

Advertisements


#17
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey Crowbar,

No worries on the job front- in fact, I appreciated the break - the computer isn't the only thing that got a virus and I absolutely HATE summer colds. I get grouchy.....

Anyway, I got a restore point just fine - no errors popped up.

I downloaded the mini- tool box and here's the log:



MiniToolBox by Farbar Version: 23-07-2012
Ran by John (administrator) on 13-08-2012 at 20:46:37
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/13/2012 05:34:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:29:46 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (08/12/2012 09:37:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2012 08:42:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2012 00:48:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2012 07:45:38 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16447, time stamp 0x4fc9cd53, faulting module AcroRd32.dll_unloaded, version 0.0.0.0, time stamp 0x4f71ac4e, exception code 0xc0000005, fault offset 0x60b0e281,
process id 0x11f4, application start time 0xiexplore.exe0.

Error: (08/10/2012 07:06:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2012 07:40:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2012 07:22:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2012 07:14:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = OTL Restore Point - 8/9/2012 7:14:26 PM; Hr = 0x800423f4).


System errors:
=============
Error: (08/13/2012 05:34:18 PM) (Source: Service Control Manager) (User: )
Description: eSettings Serviceint15%%3

Error: (08/13/2012 05:34:18 PM) (Source: Service Control Manager) (User: )
Description: lxddCATSCustConnectService%%1053

Error: (08/13/2012 05:34:18 PM) (Source: Service Control Manager) (User: )
Description: 30000lxddCATSCustConnectService

Error: (08/13/2012 05:34:18 PM) (Source: Service Control Manager) (User: )
Description: int15%%3

Error: (08/12/2012 09:37:21 AM) (Source: Service Control Manager) (User: )
Description: eSettings Serviceint15%%3

Error: (08/12/2012 09:37:21 AM) (Source: Service Control Manager) (User: )
Description: lxddCATSCustConnectService%%1053

Error: (08/12/2012 09:37:21 AM) (Source: Service Control Manager) (User: )
Description: 30000lxddCATSCustConnectService

Error: (08/12/2012 09:37:21 AM) (Source: Service Control Manager) (User: )
Description: int15%%3

Error: (08/11/2012 08:42:28 PM) (Source: Service Control Manager) (User: )
Description: eSettings Serviceint15%%3

Error: (08/11/2012 08:42:28 PM) (Source: Service Control Manager) (User: )
Description: lxddCATSCustConnectService%%1053


Microsoft Office Sessions:
=========================
Error: (09/26/2009 05:31:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/26/2009 05:31:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/26/2009 05:08:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/26/2009 05:05:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/27/2009 06:16:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/17/2009 10:43:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/18/2009 11:14:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/18/2009 11:03:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/18/2009 11:03:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/18/2009 11:03:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.


**** End of log ****
  • 0

#18
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi -

Hope you are feeling better, how is the computer doing now, any lingering problems?
  • 0

#19
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
As far as I can tell from the lack of grumping - and a few trial runs - it seems to be up to speed. I do want to clear out all the "extras" that we mentioned - bearshare, limewire, the extra antivirus and whatnot he's put on here and install something - avast, avira etc that should be his main line of defense after windows defender et al.

Do you have time to help me do that? Since it's not my computer, I'm not sure exactly what and how he may have partially uninstalled these items or if there may be some bits and pieces left over - lurking.....
  • 0

#20
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Glad to hear that it's running ok :cool:

You should be able to uninstall both Bearshare and Limewire as any other program,
click the Start Orb, then Control Panel
Next click on Uninstall a program and choose both Bearshare and Limewire (one at a time) and click uninstall.
If you don't see Bearshare in that list, you may have to locate the uninstaller in the Bearshare folder, so try this:
Go the Start Orb, click on All Programs, click on Bearshare, click on Uninstall Bearshare
If one of them still refuses to go away, let me know, we have ways to make them cooperate :ph34r:

The next program will show me your security setup, and we can proceede from there.

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#21
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
What a week! school started - so I didn't get her a quickly as I wanted to- kids kept me hopping. I checked the uninstall area and bearshare and limewire aren't in there - like I said earlier - I'm not sure HOW he took them off- or attempted to.... so we nay ahve to make them cooperate if there are parts left over.

I ran the security scan and the results are below:


Results of screen317's Security Check version 0.99.46
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Watch Live! Anti-Virus
AVG Anti-Virus Free Edition 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java™ 6 Update 5
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
  • 0

#22
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Don't worry about replying late, we are working on your schedule. Kids and stuff should come first.

For Bearshare, I think the only way to remove it is to go to the Bearshare folder and run the uninstaller.
Go the Start Orb, click on All Programs, click on Bearshare, click on Uninstall Bearshare

For Limewire, it's possible that the program has been uninstalled already and I see just a piece of it.

Do you see a copy of Extras.txt on the desktop? If so, please post it for me to look at. If you don't see it there, we can generate a new one.
run OTL and at the top select NONE
In the Extra Registry section select Use Safe List
Now click on the Run Scan button.
Two notepad windows will open, please post the contents of the Extra.txt file.

Your UAC is turned off. User Account Control is supposed to be on by default.
User Account Control (UAC) can help you prevent unauthorized changes to your computer. It works by prompting you for permission when a task requires administrative rights, such as installing software or changing settings that affect other users.

We don't recommend turning User Account Control off. If you do turn it off, you should turn it back on as soon as possible.

  • Open User Accounts by clicking the Start button Picture of the Start button, clicking Control Panel, clicking User Accounts and Family Safety (or clicking User Accounts, if you are connected to a network domain), and then clicking User Accounts.
  • Click Turn User Account Control on or off. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Select the Use User Account Control (UAC) to help protect your computer check box to turn on UAC, or clear the check box to turn off UAC, and then click OK.

I do see 2 anti virus programs, Lavasoft AV, which is part of Ad Aware, along with AVG. I personally would uninstall the entier Ad Aware package, and stick with your installation of AVG.

Either way, you would need to go to your control panel and uninstall the anti virus that you don't want to keep.

Upgrade Java : (32 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 4 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u4-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

Update the Adobe Reader
The Adobe Reader is often updated to fix known security flaws so it is recommended that you update your copy

Your Adobe reader is out of date, please uninstall it, thru the Control Panel, and go here to download the newest version. You can uncheck the box to install McAfee Security Scan, as that is what I just did for you. :)

In your next reply I would like to see:
  • Extras.txt
  • Did all that go ok?

  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP