[chamber]

Logs are looking good.

The Kaspersky scan took just over 5 hours? I've seen ones that lasted over 20!

1) OTM

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Games\eGames\Solitaire 25 Volume 3\Wcsup.dll
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

2) Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your reply I would like to see copied and pasted,

1) OTM log
2) Security Check log

[Advertisements]

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
DllUnregisterServer procedure not found in C:\Program Files\Games\eGames\Solitaire 25 Volume 3\Wcsup.dll
C:\Program Files\Games\eGames\Solitaire 25 Volume 3\Wcsup.dll NOT unregistered.
C:\Program Files\Games\eGames\Solitaire 25 Volume 3\Wcsup.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Willium
->Temp folder emptied: 87572609 bytes
->Temporary Internet Files folder emptied: 3178118 bytes
->Java cache emptied: 25621453 bytes
->FireFox cache emptied: 87420361 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 109563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 194.49 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11012009_155654

Files moved on Reboot...

Registry entries deleted on Reboot...




Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
AS-Patch-Reset
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Anti-Spyware
Java™ 6 Update 16
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````



there y'arr. and lol i spose i got it good then ;P

[Willium_Bob_Cole]

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
DllUnregisterServer procedure not found in C:\Program Files\Games\eGames\Solitaire 25 Volume 3\Wcsup.dll
C:\Program Files\Games\eGames\Solitaire 25 Volume 3\Wcsup.dll NOT unregistered.
C:\Program Files\Games\eGames\Solitaire 25 Volume 3\Wcsup.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Willium
->Temp folder emptied: 87572609 bytes
->Temporary Internet Files folder emptied: 3178118 bytes
->Java cache emptied: 25621453 bytes
->FireFox cache emptied: 87420361 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 109563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 194.49 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11012009_155654

Files moved on Reboot...

Registry entries deleted on Reboot...




Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
AS-Patch-Reset
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Anti-Spyware
Java™ 6 Update 16
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````



there y'arr. and lol i spose i got it good then ;P

[chamber]

Visit THIS website to obtain the latest update for Adobe reader, yours is quite out of date now.


You can also re enable AVG's resident.

You don't appear to have a software firewall running on your system, while you may have the windows firewal enabled this will not be enough to protect you while online.

This is because the windows firewall will only protect you from inbound traffic, not outbound. In order to make sure that you are properly protected here are some good free alternatives;

• Online Armor
• Outpost
• Sunbelt Personal Firewall

Remember to use only ONE firewall though.

If you want to understand more about firewalls then HERE is an excellent writeup.

How are things now?

[Willium_Bob_Cole]

just downloading latest adobe reader now, and online armour. Will AVG, Online armour, and windows firewall be enough to protect my computer from future potential [bleep] ups?

Also, I am getting a brand spanking new motherbeast of a PC next month so obviously I want it well protected, what would you recommend?

also, lol, these problems arose around the time i was trying to sort out windows live messenger, whether or not they are related or not i don't know, but i still get the same error message as before, being that the service is unavailable, error code 8007007e, I couldnt find any help on the windows live support site, found a fair number of references to it on other forums but nobody seem to know exactly why this is or how to get rid of it. I've tried zap messenger and suchlike and then reinstalling messenger, but no luck. any thoughts?

Thank you chamber, you are, a legend!

EDIT: lol, it bleeped me... ;P

Edited by Willium_Bob_Cole, 30 October 2009 - 10:33 AM.

[chamber]

You don't need the windows firewall when you have a software firewall.

You need
a good antivirus kept up to date.
a software firewall
antimalware software

HERE is a good guide for you to have a look at.

Congratulations your logs appear clean!!

Clean up

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

You should have a good anti spyware program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

MVPS Hosts file The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Spring Cleaning

TFC - Temp File Cleaner by OldTimer - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

[Willium_Bob_Cole]

heyyy, umm problem with adobe reader, after installing/during install or whatever, it comes up with an error box saying the following:

Error 1311.Source file not found C:\Program
Files\Adobe\Acrobat 9.0\Setup
Files\{AC76BA86-1033-F400-7760-000000000004}\Data1.cab.
Verify that the file exists and that you can access it.

Retry Cancel

is this file (safely) downloadable on it's own?

[chamber]

Try downloading a fresh copy and trying again.

[chamber]

Also found this,

http://kb2.adobe.com...5/kb405705.html

[chamber]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.