Abebot removal

[kimsland]

Part 1 of ?

Preferably attach if it gets too long!

 

[kgrant66]

Log is on computer.

 

[kgrant66]

Log is on computer.

 

[kgrant66]

C:\Windows\Internet Logs\APACHEHAULIN-PC.ldb Object is locked skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\Internet Logs\IAMDB.RDB Object is locked skipped
C:\Windows\Internet Logs\tvDebug.log Object is locked skipped
C:\Windows\Internet Logs\ZALog2008.04.09.txt Object is locked skipped
C:\Windows\Internet Logs\ZALog2008.04.11.txt Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped

 

[kgrant66]

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.

 

[kgrant66]

Kaspersky log is cut and pasted (page 2 of this thread).

 

[kimsland]

kgrant66 I take it that you missed my post to you above (please scroll up, a lot!)

I don't think it is advisable to continue these large posts
If anything it would be much easier to edit them all and remove everything, then just attach a text file (or a few txt files!)

 

[kgrant66]

I have yet to be successful on attaching any files except the first one when the thread was open. The paperclip does nothing when I click on it. I have had several people at my home try to find a way to attach and nothing works. Sorry for the large posts. Just want to get this computer cleaned up and then I will delete all. At this point I don't know what to delete from the post because I may be deleting something Blind Dragon needs to know to help me.

 

[kimsland]

No don't delete them

I didn't realize that you can't attach.
I suspect its a matter of going through all your IE settings, and setting everything to default, then restart IE.

Actually I can provide a small tutorial on this if required

 

[kgrant66]

I appreciate your patience. I cleaned up some of the other logs above on page 1. I know we're at the home stretch on getting the health of this computer restored and it's working great right now!!!

Kel

 

[kgrant66]

A tutorial would be helpful especially if others read this and have the same issue. Much appreciate everyone's help!! You're all great!!!

Kel

 

[kimsland]

Oh I see
It was too many attachments on one thread that caused it.

If it does look OK now, then maybe wait a little while longer for Blind Dragon.
But if he does not reply (ie he is offline, and I heard may be away, but unsure fully on that) then I supppose you could uninstall all those tools (that have been used and now not required) Then continue on normally.

How do you feel about just doing that?

 

[kimsland]

Here is a good guide to follow:

You may wish to Print this page

Inside Internet Explorer click on "Tools" on the toolbar
(Note: in IE7, you may need to press ALT on the keyboard to see the IE toolbar)

After clicking on "Tools" click on "Internet Options"

• The first window you are presented with will be the "General" tab settings
• Inside the "General" tab you can select "Delete..."
• The next popup window will ask you what to delete.
• You can select one button at a time, or "Delete all", answering Yes

Once this is completed (and it may take some time to do) Continue on:

Still in the General Tab

• Click on "Settings" (next to Delete)
• Change the "Disk space to use" to 65
• Select OK

Now, go to the Security tab

• Click on "Custom Level"
• Click on "Reset"
• Click on "OK"

Now go to the Privacy tab

• What I do in here, is move the vertical slider slighty up or down
• This allows "Default" to highlight
• Click on "Default" (the slider will come back down)
• Click on Apply

At last go to the Advanced tab

• Click on "Restore advanced settings" (a bad way of saying default)
• Also if you scroll down the list, you will find "Phishing Filter" (I usually disable this annoying popup)
• Click on Apply
• Click on OK

Restart Internet Explorer

 

[Blind Dragon]

Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

-----------------------------------------------------------------------
Cleanup using OTMoveit2 by OldTimer
Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

* When finished exit out of OTMoveIt2

---------------------------------------------------------------------------
I recommend you keep
1 anti virus program
1 firewall
Combo of Anti-Spyware (Spybot S&D and MBAM, or your choice)

For Spybot you can download the latest version from HERE.

keep them updated.

You can also turn on tea timer in Spybot:

• Click on Mode at the top and make sure that Advanced is checked
• Expand the Tools tab in the left pane
• Single click on the Resident Icon also in the left pane
• check Resident "TeaTimer" (Protection of over-all system settings) Active
• Close spybot

Also under Tools you can double-click System Startup in the right pane and disable programs from running at startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green though.

And just to be sure
Set correct settings for files

• Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
• Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
• If unchecked please check Hide protected operating system files (Recommended)
• If necessary check "Display content of system folders"
• If necessary Uncheck Hide file extensions for known file types.
• Click OK

clear system restore points

• 
  This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.

 

[kgrant66]

The OTMoveit2 has been executed, the settins setback, restore point created, teatimer is back on. Everything looks good to me. I can't thank you enough!!!! I do have another home computer that has a worm virus, but I will open a different thread later this week. I am behind on my business invoices. Again, Thanks a million!!!

 

[Blind Dragon]

Not a problem. New computer = new thread - Good!

If you have any more issues with this one, please use this thread

Stay safe

Regards,

BD