TechSpot

8 step process completed, logs attached

By brokensynapse
Jan 7, 2010
  1. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,987   +168

    You have gotten rid of some nasty stuff, but you still have a couple of things to fix in the Hijackthis log:

    O20 - AppInit_DLLs: karna.dat
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)


    Try running the ESET On-Line Scanner after you fix the Hijackthis log
    ESET Scanner
     
  2. brokensynapse

    brokensynapse TS Rookie Topic Starter Posts: 39

    it's getting better that's for sure

    My computer stills seems to lockup after its on for while...the eset scanner found nothing

    I attached a hjt log..thanks for helping me out. All the computers in my life are going haywire. The computer at work has the Internet Security 2010 bug....I couldn't do the 8 steps on it..
     

    Attached Files:

  3. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,987   +168

    The log looks good... the lock ups could be caused by a hardware or software issue. Remove the computers side and make sure there is no dust or other debris inside the case. Make sure all the fans are running normally
     
  4. brokensynapse

    brokensynapse TS Rookie Topic Starter Posts: 39

    thanks

    I appreciate all your help!!
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The member who was assisting you did not complete the job. I would like to take you the rest of the way if you don't object:

    First, the Malwarebytes logs are both old logs. One from 12/18, the other from 12/26. I would like you to update the program and run a current scan.

    Second, XP AntiSpyware2009 was found in SAS and one entry was removed. You will have others. An entry in the HijackThis log was removed. You have more. Please run the following:

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
      Important! Save the renamed download to your desktop.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Double click on the setup file on the desktop to run
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
    • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    The Adobe Reader is way out of date and thus a vulnerability. You have v6- the current is v9.xx.
    Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

    When you have finished, rescan with HijackThis. Attach the following in your next reply:
    Malwarebytes current log
    New HijackThis log.

    When the system is clean, I will have you remove the cleaning tools and old restore points. I will also tell you how to reset the Cookies.
    --------------------------------------------------
    A high number of posts does not mean the member knowns what he is doing in this forum.
     
  6. brokensynapse

    brokensynapse TS Rookie Topic Starter Posts: 39

    completed steps - logs attached

    thanks for your help..I knew something was off still
     

    Attached Files:

  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    That's a lot of deletions in Combofix- especially since all he told you was to check for dust!

    I'd like you to update the Adobe Reader. You have v6 and current is v9.xx. The old version is a vulnerability so uninstall it:
    Visit this Adobe Reader site and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

    I'm going to ask kritius to check the deletions in Combofix. I can't identify any of them and he may want you to send some files to the VirScan.org for ID.

    Hang tight, okay, because it's the weekend.
     
  8. brokensynapse

    brokensynapse TS Rookie Topic Starter Posts: 39

    adobe updated!

    thanks again..no rush
     
  9. kritius

    kritius TS Guru Posts: 2,087

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  10. brokensynapse

    brokensynapse TS Rookie Topic Starter Posts: 39

    combo fix log attached

    everything is running pretty smoothly...
     

    Attached Files:

     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If kritius gives the okay, I'll have you remove the cleaning tools and old restore points.
     
  12. kritius

    kritius TS Guru Posts: 2,087

    Go ahead Bobbye
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thanks for your help kritius.
    brokensynapse, you can remove the cleaning tools now:

    Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes.

    If you are prompted to Reboot during the cleanup, select Yes.

    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you desire.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    More details and screenshots for Disk Cleanup in Windows Vista can be found here.

    Please follow these simple steps to keep your computer clean and secure:
    1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

    System Restore Guide


    2.Stay current on updates:
    • Visit the Microsoft Download Sitefrequently.
      You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP2
    • Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    3.Make Internet Explorer safer. Follow the suggestions HERE
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

    4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
    6.Use a good, bi-directional firewall(one software firewall)
    See Understanding and Using Firewalls including links to download a firewall.

    7.Consider these programs for Extra Security
    • Spywareblaster:
    • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    • IE/Spyad
    • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    • Google Toolbar Get the free google toolbar to help stop pop up windows.

    If I can be of further assistance, please let me know.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.