[clixto]

Attached is all my info i.e. scans and original post http://www.geekstogo...US-t237642.html

thanks in advance

Also picked up heur/crypted suspicious code with my anti-virus yesterday in C:\System Volume information\_restore{8C72C1BC-OAF4-4A46-B32A-24664FE7D355}\RP232\A0230167.exe

Attached Files

•  Microsoft_Windows_XP_Professional.doc   98KB   149 downloads
•  Microsoft_Windows_XP_Professional.doc   128.5KB   43 downloads

Edited by clixto, 04 May 2009 - 08:53 PM.

[Advertisements]

Hi clixto,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Please Click here!, and follow the recommendations in the guide.

Please post the OTListIt2 and Rooter Logs.

Edited by SpySentinel, 07 May 2009 - 02:21 PM.

[SpySentinel]

Hi clixto,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Please Click here!, and follow the recommendations in the guide.

Please post the OTListIt2 and Rooter Logs.

Edited by SpySentinel, 07 May 2009 - 02:21 PM.

[clixto]

Hi there , I've already done this and have attached them

Edited by clixto, 11 May 2009 - 08:06 PM.

[clixto]

Here they are again.
thx

Attached Files

•  Extras.Txt   33.04KB   483 downloads
•  OTListIt.Txt   68.2KB   198 downloads

[SpySentinel]

Hi clixto,


Launch Malwarebytes' Anti-Malware

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[clixto]

I did the malwarebytes scan and nothing showed up. Should I continue with the other scan?

[SpySentinel]

Yes please, and post the log here

Edited by SpySentinel, 13 May 2009 - 02:31 PM.

[clixto]

I got 5% into the Kaspersky scan after 3 hrs. Estimated time to complete was the 16th. This doesn't seem right. It's taking way too long to scan. after I rebooted from safe mode, my start up is extremely slow.

[SpySentinel]

Hi clixto,


Lets try this:


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.




Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  o Click Preferences, then click the Statistics/Logs tab.
  o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  o Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

[clixto]

Hi spy, here is my result from the scan

thx

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/16/2008 at 08:49 PM

Application Version : 4.23.1006

Core Rules Database Version : 3677
Trace Rules Database Version: 1656

Scan type : Quick Scan
Total Scan Time : 00:22:15

Memory items scanned : 461
Memory threats detected : 0
Registry items scanned : 404
Registry threats detected : 0
File items scanned : 29514
File threats detected : 11

Adware.Tracking Cookie
C:\Documents and Settings\pebbles\Cookies\pebbles@revsci[2].txt
C:\Documents and Settings\pebbles\Cookies\pebbles@tacoda[1].txt
C:\Documents and Settings\pebbles\Cookies\pebbles@collective-media[1].txt
C:\Documents and Settings\pebbles\Cookies\[email protected][1].txt
C:\Documents and Settings\pebbles\Cookies\pebbles@adcentriconline[2].txt
C:\Documents and Settings\pebbles\Cookies\[email protected][2].txt
C:\Documents and Settings\pebbles\Cookies\[email protected][2].txt
C:\Documents and Settings\pebbles\Cookies\pebbles@fightnewsextra[1].txt
C:\Documents and Settings\pebbles\Cookies\pebbles@kontera[2].txt
C:\Documents and Settings\pebbles\Cookies\pebbles@dmtracker[1].txt
C:\Documents and Settings\pebbles\Cookies\pebbles@rogersmedia[1].txt

[SpySentinel]

How is your computer running?

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[clixto]

seems to running ok right now.
thx

[clixto]

Here are the log and info files
thx

Attached Files

•  info.txt   14.61KB   183 downloads
•  log.txt   27.84KB   168 downloads
•  info.txt   14.61KB   117 downloads
•  log.txt   27.84KB   151 downloads

[clixto]

I noticed today when I booted my comp there was a flashing cursor for approx 2 min before booting. After that everything was very slow. Should I scan again?

[SpySentinel]

Hi Clixto, That's odd about the cursor, your RSIT Log did not show anything that leads me to believe to have malware.

Let's do one more scan:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.