also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] After using Malwarebytes anti-malware I still have XP Security 2011

Discussion in 'Virus and Malware Removal' started by hbuteme, Nov 21, 2010.

Thread Status:
Not open for further replies.
Page 3 of 3

  1. hbuteme Newcomer, in training

    Ok. Let me do that.
    hbuteme, Nov 25, 2010
    #41

  2. hbuteme Newcomer, in training

    OTL log

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\PDF Suite\styles folder moved successfully.
    C:\PDF Suite\print folder moved successfully.
    C:\PDF Suite\Help folder moved successfully.
    C:\PDF Suite\Gs\Resource\Font folder moved successfully.
    C:\PDF Suite\Gs\Resource\Encoding folder moved successfully.
    C:\PDF Suite\Gs\Resource\Decoding folder moved successfully.
    C:\PDF Suite\Gs\Resource\ColorSpace folder moved successfully.
    C:\PDF Suite\Gs\Resource\CMap folder moved successfully.
    C:\PDF Suite\Gs\Resource folder moved successfully.
    C:\PDF Suite\Gs\lib folder moved successfully.
    C:\PDF Suite\Gs\fonts folder moved successfully.
    C:\PDF Suite\Gs folder moved successfully.
    C:\PDF Suite\Driver\x86 folder moved successfully.
    C:\PDF Suite\Driver\x64 folder moved successfully.
    C:\PDF Suite\Driver folder moved successfully.
    C:\PDF Suite\addin07 folder moved successfully.
    C:\PDF Suite\addin folder moved successfully.
    C:\PDF Suite folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: KOYO
    ->Temp folder emptied: 41925 bytes
    ->Temporary Internet Files folder emptied: 23930163 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 26721258 bytes
    ->Flash cache emptied: 969 bytes

    User: KOYO_2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Others
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 70119907 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 115.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: KOYO
    ->Flash cache emptied: 0 bytes

    User: KOYO_2
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Others
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11262010_030404

    Files\Folders moved on Reboot...
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA281.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA282.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA283.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA284.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA285.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA286.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA287.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA288.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA289.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28A.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28B.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28C.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28D.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\CAY3GRF8.com moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\menu28[1].htm moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\revo_uninstaller_free_download[1].htm moved successfully.
    File\Folder C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\OPQRGTUV\CAGDA3CD.com not found!
    File\Folder C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\OPQRGTUV\topic156963-2[9].html not found!

    Registry entries deleted on Reboot...
    hbuteme, Nov 25, 2010
    #42

  3. Broni Malware Annihilator

    Now, the statement listed below is conditional.
    I can't guarantee, that Virut didn't spread.
    So, we'll run final steps, but you'll have to watch your computer very closely from now on....



    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
    Broni, Nov 25, 2010
    #43

  4. hbuteme Newcomer, in training

    OTL log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: KOYO
    ->Temp folder emptied: 16781 bytes
    ->Temporary Internet Files folder emptied: 2480552 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: KOYO_2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Others
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 67895779 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 67.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: KOYO
    ->Flash cache emptied: 0 bytes

    User: KOYO_2
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Others
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.3 log created on 11262010_031758

    Files\Folders moved on Reboot...
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\SDYVW5MV\iframes_api_loader[1].html moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\SDYVW5MV\topic156963-3[1].html moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7MJ4WNEI\CA4LABOT.com moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7MJ4WNEI\menu28[2].html moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7FIRTZ86\CA7QNE3J.com moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7FIRTZ86\crosspixel-dest[1].htm moved successfully.
    File move failed. C:\WINDOWS\temp\WFV6.tmp scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    hbuteme, Nov 25, 2010
    #44

  5. hbuteme Newcomer, in training

    I'm about to do step 2 (OTL cleanup) but reading ahead to step 3, how do I make sure windows updates are current? And I still haven't yet updated IE to 7. Should I do that as well.
    hbuteme, Nov 25, 2010
    #45

  6. Broni Malware Annihilator

    Yes, update IE now.
    As for Windows updates......Start>Windows Updates
    Broni, Nov 25, 2010
    #46

  7. hbuteme Newcomer, in training

    Hi Broni,

    Thanks for all your help and your patience. You're awesome.

    IE is updated to 7.

    I've downloaded and installed WOT, Secunia Personal Software Inspector (PSI) and FileHippo Update Checker. I'll definitely be running them weekly.

    I haven't updated windows. I didn't understand the Start>Windows Updates instruction. Would you mind going over it step by step or being a bit more specific.

    What's defrag? I'm sorry but I'm a complete computer/IT dunce.

    I've saved the webpage http://www.bleepingcomputer.com/forums/topic2520.html
    I'll read it later today.

    I'll change all my passwords later on today. I hope that's all right. It's 4am where I am and I'm feeling kind of foggy. I'd like to get some shut-eye because my eyes are half closed now.

    So far my laptop seems ok. I don't use this laptop at work so won't be able to do the rest of this stuff until this evening when I get back from work. I'll be able to give a proper rundown on it then.

    Thanks again.
    hbuteme, Nov 25, 2010
    #47

  8. hbuteme Newcomer, in training

    Sorry. It's not 4am here it's 2 am. And you said that I might have to create a new user profile as a regular user as my old one seems to be corrupted. I can access my documents in my profile from administrator but I can't access my music and pictures. Will I be able to transfer non corrupted files from my old profile to my new profile?
    hbuteme, Nov 25, 2010
    #48

  9. Broni Malware Annihilator

    If you click on Start button, you should see Windows Updates option there.
    ...or go to http://www.windowsupdate.microsoft.com

    As for defrag...
    Start>All Programs>Accessories>System Tools>Disk Defragmenter

    Then...
    How to copy data from a corrupted user profile to a new profile in Windows XP: http://support.microsoft.com/kb/811151

    I'll mark this topic as resolved, but I'm not 100% convinced.
    But, I'll keep my fingers crossed.

    Good luck and stay safe :)
    Broni, Nov 25, 2010
    #49

  10. hbuteme Newcomer, in training

    Thanks a lot Broni. I've managed to do the windows update and defrag but I'm unable to copy data from the corrupted user profile to a new one. I think as I can access the most important (and irreplaceable) stuff from my corrupt profile from the admin profile then losing my music and pictures is not such a big deal.

    Cheers.
    hbuteme, Nov 28, 2010
    #50

  11. Broni Malware Annihilator

    What is the exact problem?
    Broni, Nov 28, 2010
    #51

  12. hbuteme Newcomer, in training

    When I try to open the folder for my old user profile from a new user profile in order to get to teh old subfolders that need to be copied I get an error message: C:\Documents and settings\old user name is is not accessible. Acess is denied.
    hbuteme, Nov 28, 2010
    #52

  13. Broni Malware Annihilator

    Broni, Nov 28, 2010
    #53

  14. hbuteme Newcomer, in training

    I think we're almost there.

    I've managed to access the folder for my old user profile and starting copying it to a new profile folder but it gives me an error message and says that Usrclass.dat cannot be copied. Someone else is using it. Close any programs that may be using that file and try again. When I start copying afresh I sometimes get the same error message and other times another one that says cannot copy (what cannot be copied varies). Cannot find the specified file. Make sure you specify the correct path and file name.
    hbuteme, Nov 29, 2010
    #54

  15. hbuteme Newcomer, in training

    I also can't open any of my pdf files even when logged on as an administrator. When I click on them an open with window pops up. When I select adobe acrobat 7.0 then the pdf file opens ok. The word and excel files open just fine. It's the pdf ones that don't.
    hbuteme, Nov 29, 2010
    #55

  16. Broni Malware Annihilator

    Did you take ownership of that folder?
    Also, try safe mode.

    When you select Adobe, make sure, you check a box "Always use the selected program to open this kind of file".
    Broni, Nov 29, 2010
    #56

  17. hbuteme Newcomer, in training

    Hi Broni,

    Thanks for the tip on the pdf. The pdf files are all opening fine now.

    Yes, I followed the instructions and took ownership of the old user profile folder. That's when I was able to access it but I still can't copy everything in it. Even in safe mode. I get the same error messages.

    One other thing. in the instructions it says not to copy ntuser.dat.log, ntuser.dat and ntuser.ini but I don't have all three in my folder. I only have ntuser.dat and in addition I have NTUSER (DAT file) and ntuser (configuration setttings). When copying I've been leaving all three out. Is that wrong?
    hbuteme, Dec 1, 2010
    #57

  18. Broni Malware Annihilator

    No. You're doing it correctly.

    As for those files....try this...

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.

    Now, you should be able to navigate through your computer files and move them around by using "File Manager".
    Broni, Dec 1, 2010
    #58

  19. hbuteme Newcomer, in training

    Hi Broni,

    This has now gotten way too complex for me. I'm way too scared to even try it. Is there another way that I could try? If not I think I'll wait until I get someone who's more knowledgeable about computers than I am to help me follow these new instructions.
    hbuteme, Dec 5, 2010
    #59

  20. Broni Malware Annihilator

    Not a problem. Keep me posted :)
    Broni, Dec 5, 2010
    #60
Page 3 of 3
Thread Status:
Not open for further replies.