[pystryker]

Hi, you can download SecurityCheck from here: http://screen317.spywareinfoforum.org/

That link is working now.

[Advertisements]

That link worked great...here's the text file:

 

 Results of screen317's Security Check version 0.99.82 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 ESET Online Scanner v3  
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 SpywareGuard v2.2   
 Spybot - Search & Destroy
 SUPERAntiSpyware    
 HijackThis 2.0.2   
 Java™ 6 Update 13 
 Java version out of Date!
  Adobe Flash Player  12.0.0.77 Flash Player out of Date! 
 Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[tl79]

That link worked great...here's the text file:

 

 Results of screen317's Security Check version 0.99.82 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 ESET Online Scanner v3  
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 SpywareGuard v2.2   
 Spybot - Search & Destroy
 SUPERAntiSpyware    
 HijackThis 2.0.2   
 Java™ 6 Update 13 
 Java version out of Date!
  Adobe Flash Player  12.0.0.77 Flash Player out of Date! 
 Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[pystryker]

Step 1: Warning about Keygens, Cracks, Illegal Software


Your posted log shows items that are related to Illegal Software (Keygens). My fix below will remove the illegal items from your machine. However, if choose not to run the fix and remove the items, I will be unable to assist you further, as it will be a violation of the Terms of Use of the website.


Step 2: FRST Fix

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt

Start
C:\DAD-2008\UTILITIES\Keygen(nero).exe
C:\DAD-2008\UTILITIES\Nero6x_KEYGEN72004.rar
C:\Downloads\Software\MyFunCards.exe
C:\Downloads\Software\rcsetup146.exe
C:\games\Fear.for.Sale.Mystery.of.McInroy.Manor.CE.RPK\Keygen\Fear for Sale The Mystery of McInroy Manor CE Keymaker.exe
C:\Program Files\Aquitania\uninstall.exe
C:\Program Files\World Voyage\uninstall.exe
C:\SDFix\apps\Process.exe
J:\2013 GAME (INSTALLED)\Cradle Of Rome\uninstall.exe
K:\DAD 2010\2010 game installers part 2\SherlockHolmesBaskervillesCE\SherlockHolmesBaskervillesCE\Sherlock Holmes TheHound of the Baskervilles Collectors Edition Keymaker.exe
K:\DAD 2010\2010 game installers part 2\used\SherlockHolmesBaskervillesCE.rar
K:\DAD-2008\DAD2009\UTILITIES2009\SDFix.exe
K:\DAD-2008\gamedownloads2008\GAMES\KeyGenfor reflexivegames.exe
K:\DAD-2008\UTILITIES\Keygen(nero).exe
K:\DAD-2008\UTILITIES\Nero6x_KEYGEN72004.rar
L:\2009 DVD STUFF\dvdstuff\321Studios 5in1KG.zip
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


[b]Things I need to see in your next post:


FRST Fix Log

[tl79]

Sorry for the delay...Easter and all!  Happy Easter to you!  Here's the text file you requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2014 02
Ran by Owner at 2014-04-20 18:32:32 Run:3
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\DAD-2008\UTILITIES\Keygen(nero).exe
C:\DAD-2008\UTILITIES\Nero6x_KEYGEN72004.rar
C:\Downloads\Software\MyFunCards.exe
C:\Downloads\Software\rcsetup146.exe
C:\games\Fear.for.Sale.Mystery.of.McInroy.Manor.CE.RPK\Keygen\Fear for Sale The Mystery of McInroy Manor CE Keymaker.exe
C:\Program Files\Aquitania\uninstall.exe
C:\Program Files\World Voyage\uninstall.exe
C:\SDFix\apps\Process.exe
J:\2013 GAME (INSTALLED)\Cradle Of Rome\uninstall.exe
K:\DAD 2010\2010 game installers part 2\SherlockHolmesBaskervillesCE\SherlockHolmesBaskervillesCE\Sherlock Holmes TheHound of the Baskervilles Collectors Edition Keymaker.exe
K:\DAD 2010\2010 game installers part 2\used\SherlockHolmesBaskervillesCE.rar
K:\DAD-2008\DAD2009\UTILITIES2009\SDFix.exe
K:\DAD-2008\gamedownloads2008\GAMES\KeyGenfor reflexivegames.exe
K:\DAD-2008\UTILITIES\Keygen(nero).exe
K:\DAD-2008\UTILITIES\Nero6x_KEYGEN72004.rar
L:\2009 DVD STUFF\dvdstuff\321Studios 5in1KG.zip
End

*****************

C:\DAD-2008\UTILITIES\Keygen(nero).exe => Moved successfully.
C:\DAD-2008\UTILITIES\Nero6x_KEYGEN72004.rar => Moved successfully.
C:\Downloads\Software\MyFunCards.exe => Moved successfully.
C:\Downloads\Software\rcsetup146.exe => Moved successfully.
C:\games\Fear.for.Sale.Mystery.of.McInroy.Manor.CE.RPK\Keygen\Fear for Sale The Mystery of McInroy Manor CE Keymaker.exe => Moved successfully.
C:\Program Files\Aquitania\uninstall.exe => Moved successfully.
C:\Program Files\World Voyage\uninstall.exe => Moved successfully.
C:\SDFix\apps\Process.exe => Moved successfully.
J:\2013 GAME (INSTALLED)\Cradle Of Rome\uninstall.exe => Moved successfully.
K:\DAD 2010\2010 game installers part 2\SherlockHolmesBaskervillesCE\SherlockHolmesBaskervillesCE\Sherlock Holmes TheHound of the Baskervilles Collectors Edition Keymaker.exe => Moved successfully.
K:\DAD 2010\2010 game installers part 2\used\SherlockHolmesBaskervillesCE.rar => Moved successfully.
K:\DAD-2008\DAD2009\UTILITIES2009\SDFix.exe => Moved successfully.
K:\DAD-2008\gamedownloads2008\GAMES\KeyGenfor reflexivegames.exe => Moved successfully.
K:\DAD-2008\UTILITIES\Keygen(nero).exe => Moved successfully.
K:\DAD-2008\UTILITIES\Nero6x_KEYGEN72004.rar => Moved successfully.
L:\2009 DVD STUFF\dvdstuff\321Studios 5in1KG.zip => Moved successfully.

==== End of Fixlog ====

[pystryker]

Sorry for the delay...Easter and all! Happy Easter to you! Here's the text file you requested:

No worries, and Happy Easter back at you! I'm feeling the effects now of too much good food in such a short time.


Great news, your logs are CLEAN! but we still have a few things we need to address namely:

• I need to remove the tools we installed on your machine.
• We also have some programs on your machine that need updating to help protect you in the future.
• Also, if you are still having the speed issues, I'll provide the link to our Network Support forum.

Step 1: Tool Removal and Creation of a Clean Restore Point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Program Updates and FileHippo Install


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.

• Click on this link Java Website and click Do I Have Java?
• Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

• Unzip the files to the directory of your choice.
• Double click the JavaRa icon in the directory and choose your language preference.
• Click Remove Older Versions from the menu.
• Click Yes.
• If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
• JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java



Updating Adobe Reader

• Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
• Please click here to download FoxIt Reader.
• If you wish to continue to use Adobe Reader, then please update it by clicking here.
• Please remember to uncheck the option to install Chrome for use as your default browser.

Update Adobe Flash Player

• Your Adobe Flash Player is out of date. Please click here to update it.
• Please remember to uncheck the option to install McAfee Security Suite.

Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Your hard drive is showing %16 fragmentation, please defrag it soon.


Step 3: Tips, Information and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.




Support for Windows XP has ended.

As you are probably aware, support for Windows XP has come to an end. That means there will be no more updates or patches to fix identified security problems with the software. If possible, I recommend upgrading to a new OS as soon as you can. There are already reports of new infections targeting Windows XP, including a new one called Blackbeard.

Link to Network Support forum. Please click here to find our Network Support forum, and they should be able to help with your speed issues.

Are there any further issues I can assist you with?

[tl79]

^{Hi!  I tried updating Adobe Reader but got a message stating that Adobe Reader 7.0 was running and I had to stop it before the update could continue.  As far as I could tell, Reader was NOT running, so I couldn't stop it so the update would not install.  Adobe Flash update installed fine.  I installed CryptoPrevent and FileHippo.  Are there any other virus/malware programs I should run besides Malwarebytes?  As I no longer have Comodo for a firewall, what do you recommend for a firewall?  I have left a message at the networking forum about the speed problem.  Thanks for the referral.}

 

 

 

 

^{# DelFix v10.6 - Logfile created 21/04/2014 at 08:13:59
# Updated 11/11/2013 by Xplode
# Username : Owner - D5YG9NF1
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)}

 

 

 

^{~ Removing disinfection tools ...}

 

 

^{Deleted : C:\SDFix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\JavaRa.log
Deleted : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
Deleted : C:\Documents and Settings\Owner\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Owner\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Owner\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
Deleted : C:\Documents and Settings\Owner\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR}

 

^{~ Creating registry backup ... OK}

^{~ Cleaning system restore ...}

^{Deleted : RP #1121 [Software Distribution Service 3.0 | 01/28/2014 18:01:16]
Deleted : RP #1122 [System Checkpoint | 02/01/2014 00:15:25]
Deleted : RP #1123 [avast! antivirus system restore point | 02/01/2014 03:34:15]
Deleted : RP #1124 [System Checkpoint | 02/02/2014 20:27:59]
Deleted : RP #1125 [System Checkpoint | 02/09/2014 15:44:11]
Deleted : RP #1126 [System Checkpoint | 02/11/2014 00:04:48]
Deleted : RP #1127 [Software Distribution Service 3.0 | 02/15/2014 00:03:09]
Deleted : RP #1128 [System Checkpoint | 02/16/2014 15:37:04]
Deleted : RP #1129 [System Checkpoint | 02/23/2014 17:39:52]
Deleted : RP #1130 [System Checkpoint | 03/02/2014 15:07:59]
Deleted : RP #1131 [Software Distribution Service 3.0 | 03/11/2014 21:39:53]
Deleted : RP #1132 [System Checkpoint | 03/15/2014 13:25:28]
Deleted : RP #1133 [System Checkpoint | 03/16/2014 23:21:27]
Deleted : RP #1134 [Software Distribution Service 3.0 | 03/18/2014 00:01:26]
Deleted : RP #1135 [System Checkpoint | 03/19/2014 23:02:13]
Deleted : RP #1136 [System Checkpoint | 03/22/2014 17:56:51]
Deleted : RP #1137 [Software Distribution Service 3.0 | 03/23/2014 02:53:07]
Deleted : RP #1138 [avast! antivirus system restore point | 03/23/2014 17:40:22]
Deleted : RP #1139 [System Checkpoint | 04/10/2014 23:33:40]
Deleted : RP #1140 [Software Distribution Service 3.0 | 04/11/2014 01:09:34]
Deleted : RP #1141 [Removed COMODO Internet Security | 04/12/2014 13:31:16]
Deleted : RP #1142 [Restore Operation | 04/12/2014 15:09:25]
Deleted : RP #1143 [Removed Apple Mobile Device Support | 04/12/2014 15:27:24]
Deleted : RP #1144 [Removed COMODO Internet Security | 04/12/2014 15:30:04]
Deleted : RP #1145 [Software Distribution Service 3.0 | 04/12/2014 15:53:23]
Deleted : RP #1146 [System Checkpoint | 04/16/2014 21:31:15]
Deleted : RP #1147 [System Checkpoint | 04/17/2014 23:24:25]
Deleted : RP #1148 [System Checkpoint | 04/20/2014 23:00:43]}

^{New restore point created !}

^{########## - EOF - ##########}

[pystryker]

[size=6][font=arial, helvetica, sans-serif][sup][sup]Hi!  I tried updating Adobe Reader but got a message stating that Adobe Reader 7.0 was running and I had to stop it before the update could continue.  As far as I could tell, Reader was NOT running, so I couldn't stop it so the update would not install.  Adobe Flash update installed fine.  I installed CryptoPrevent and FileHippo.

Hello

See if uninstalling Adobe Reader 7.0 first and then trying the update eliminates the problem.
 

As I no longer have Comodo for a firewall, what do you recommend for a firewall?

Here's one for personal use that you might like.

Agnitum - Outpost free

 

I have left a message at the networking forum about the speed problem.  Thanks for the referral.

You're welcome

 

Are there any other virus/malware programs I should run besides Malwarebytes?

MBAM is my second line of defense and I use Avast as my anti-virus program. But remember, only have one anti-virus program installed on your machine. Having multiple AV's will conflict with each other, cause false positives, and consume system resources.

You can check out Avast by clicking here.

[tl79]

I tried uninstalling Adobe Reader 7 but got "a process is running that cannot be safely shut down by Adobe Reader.  Please restart and try again."  I did, with the same message.  So I tried safe mode and got "the windows installer service could not be accessed."  

 

Can Outpost Free be configured to JUST install the firewall?  I'm already running AVAST and MBAM and windows firewall.  I was just hoping to setup some kind of better firewall.  

 

Thanks again!

[pystryker]

I tried uninstalling Adobe Reader 7 but got "a process is running that cannot be safely shut down by Adobe Reader. Please restart and try again." I did, with the same message. So I tried safe mode and got "the windows installer service could not be accessed."

Hmm..Ok, Adobe Labs makes a tool that is designed to remove corrupt installations for Acrobat and Reader. You can go to their page and download it by clicking this link:

http://labs.adobe.co...batcleaner.html
 

Can Outpost Free be configured to JUST install the firewall? I'm already running AVAST and MBAM and windows firewall. I was just hoping to setup some kind of better firewall.

I did a test install of this on my machine, and once it's installed, you can go in and configure the options.
 

Thanks again!

You're quite welcome Please let me know that the Adobe removal went ok and that updating it went ok.

[tl79]

The Adobe remova`l tool appears to be just for versions 9.x and 10.x and later.  This is version 7.0.  I will give Outpost Free a try.  The speed issue I mentioned appears to be a hardware issue.  I've ordered a new card and will hopefully have that problem solved.  The computer is running faster; the girls were using it this past weekend for some picture editing (and whatever else) and it seems to be working fine.  Thanks a lot for all of your help, i really appreciate it!

[pystryker]

The Adobe remova`l tool appears to be just for versions 9.x and 10.x and later.  This is version 7.0.  I will give Outpost Free a try.  The speed issue I mentioned appears to be a hardware issue.  I've ordered a new card and will hopefully have that problem solved.  The computer is running faster; the girls were using it this past weekend for some picture editing (and whatever else) and it seems to be working fine.  Thanks a lot for all of your help, i really appreciate it!

You're very much welcome, don't hesitate to come see us again if you need help.

[pystryker]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. <br /><br />If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.<br /><br />Everyone else please begin a New Topic.