After using Malwarebytes anti-malware I still have XP Security 2011

hbuteme · Nov 25, 2010

Ok. Let me do that.

hbuteme · Nov 25, 2010

OTL log

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\PDF Suite\styles folder moved successfully.
C:\PDF Suite\print folder moved successfully.
C:\PDF Suite\Help folder moved successfully.
C:\PDF Suite\Gs\Resource\Font folder moved successfully.
C:\PDF Suite\Gs\Resource\Encoding folder moved successfully.
C:\PDF Suite\Gs\Resource\Decoding folder moved successfully.
C:\PDF Suite\Gs\Resource\ColorSpace folder moved successfully.
C:\PDF Suite\Gs\Resource\CMap folder moved successfully.
C:\PDF Suite\Gs\Resource folder moved successfully.
C:\PDF Suite\Gs\lib folder moved successfully.
C:\PDF Suite\Gs\fonts folder moved successfully.
C:\PDF Suite\Gs folder moved successfully.
C:\PDF Suite\Driver\x86 folder moved successfully.
C:\PDF Suite\Driver\x64 folder moved successfully.
C:\PDF Suite\Driver folder moved successfully.
C:\PDF Suite\addin07 folder moved successfully.
C:\PDF Suite\addin folder moved successfully.
C:\PDF Suite folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KOYO
->Temp folder emptied: 41925 bytes
->Temporary Internet Files folder emptied: 23930163 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 26721258 bytes
->Flash cache emptied: 969 bytes

User: KOYO_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70119907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 115.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: KOYO
->Flash cache emptied: 0 bytes

User: KOYO_2
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Others
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11262010_030404

Files\Folders moved on Reboot...
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA281.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA282.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA283.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA284.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA285.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA286.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA287.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA288.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA289.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28A.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28B.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28C.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28D.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\CAY3GRF8.com moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\menu28[1].htm moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\revo_uninstaller_free_download[1].htm moved successfully.
File\Folder C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\OPQRGTUV\CAGDA3CD.com not found!
File\Folder C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\OPQRGTUV\topic156963-2[9].html not found!

Registry entries deleted on Reboot...

Broni · Nov 25, 2010

Now, the statement listed below is conditional.
I can't guarantee, that Virut didn't spread.
So, we'll run final steps, but you'll have to watch your computer very closely from now on....

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

hbuteme · Nov 25, 2010

OTL log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KOYO
->Temp folder emptied: 16781 bytes
->Temporary Internet Files folder emptied: 2480552 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: KOYO_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67895779 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: KOYO
->Flash cache emptied: 0 bytes

User: KOYO_2
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Others
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 11262010_031758

Files\Folders moved on Reboot...
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\SDYVW5MV\iframes_api_loader[1].html moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\SDYVW5MV\topic156963-3[1].html moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7MJ4WNEI\CA4LABOT.com moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7MJ4WNEI\menu28[2].html moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7FIRTZ86\CA7QNE3J.com moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7FIRTZ86\crosspixel-dest[1].htm moved successfully.
File move failed. C:\WINDOWS\temp\WFV6.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

hbuteme · Nov 25, 2010

I'm about to do step 2 (OTL cleanup) but reading ahead to step 3, how do I make sure windows updates are current? And I still haven't yet updated IE to 7. Should I do that as well.

Broni · Nov 25, 2010

Yes, update IE now.
As for Windows updates......Start>Windows Updates

hbuteme · Nov 25, 2010

Hi Broni,

Thanks for all your help and your patience. You're awesome.

IE is updated to 7.

I've downloaded and installed WOT, Secunia Personal Software Inspector (PSI) and FileHippo Update Checker. I'll definitely be running them weekly.

I haven't updated windows. I didn't understand the Start>Windows Updates instruction. Would you mind going over it step by step or being a bit more specific.

What's defrag? I'm sorry but I'm a complete computer/IT dunce.

I've saved the webpage http://www.bleepingcomputer.com/forums/topic2520.html
I'll read it later today.

I'll change all my passwords later on today. I hope that's all right. It's 4am where I am and I'm feeling kind of foggy. I'd like to get some shut-eye because my eyes are half closed now.

So far my laptop seems ok. I don't use this laptop at work so won't be able to do the rest of this stuff until this evening when I get back from work. I'll be able to give a proper rundown on it then.

Thanks again.

hbuteme · Nov 25, 2010

Sorry. It's not 4am here it's 2 am. And you said that I might have to create a new user profile as a regular user as my old one seems to be corrupted. I can access my documents in my profile from administrator but I can't access my music and pictures. Will I be able to transfer non corrupted files from my old profile to my new profile?

Broni · Nov 25, 2010

I haven't updated windows. I didn't understand the Start>Windows Updates instruction

If you click on Start button, you should see Windows Updates option there.
...or go to http://www.windowsupdate.microsoft.com

As for defrag...
Start>All Programs>Accessories>System Tools>Disk Defragmenter

Then...
How to copy data from a corrupted user profile to a new profile in Windows XP: http://support.microsoft.com/kb/811151

I'll mark this topic as resolved, but I'm not 100% convinced.
But, I'll keep my fingers crossed.

Good luck and stay safe

hbuteme · Nov 28, 2010

Thanks a lot Broni. I've managed to do the windows update and defrag but I'm unable to copy data from the corrupted user profile to a new one. I think as I can access the most important (and irreplaceable) stuff from my corrupt profile from the admin profile then losing my music and pictures is not such a big deal.

Cheers.

Broni · Nov 28, 2010

I'm unable to copy data from the corrupted user profile to a new one

What is the exact problem?

hbuteme · Nov 28, 2010

When I try to open the folder for my old user profile from a new user profile in order to get to teh old subfolders that need to be copied I get an error message: C:\Documents and settings\old user name is is not accessible. Acess is denied.

Broni · Nov 28, 2010

Oh, that's not a big deal.
All you need to do is to take ownership of any stubborn folder: http://www.winxptutor.com/ownership.htm

Any other issues, or we can mark this topic as resolved?

hbuteme · Nov 29, 2010

I think we're almost there.

I've managed to access the folder for my old user profile and starting copying it to a new profile folder but it gives me an error message and says that Usrclass.dat cannot be copied. Someone else is using it. Close any programs that may be using that file and try again. When I start copying afresh I sometimes get the same error message and other times another one that says cannot copy (what cannot be copied varies). Cannot find the specified file. Make sure you specify the correct path and file name.

hbuteme · Nov 29, 2010

I also can't open any of my pdf files even when logged on as an administrator. When I click on them an open with window pops up. When I select adobe acrobat 7.0 then the pdf file opens ok. The word and excel files open just fine. It's the pdf ones that don't.

Broni · Nov 29, 2010

it gives me an error message and says that Usrclass.dat cannot be copied

Did you take ownership of that folder?
Also, try safe mode.

When I select adobe acrobat 7.0 then the pdf file opens ok

When you select Adobe, make sure, you check a box "Always use the selected program to open this kind of file".

hbuteme · Dec 1, 2010

Hi Broni,

Thanks for the tip on the pdf. The pdf files are all opening fine now.

Yes, I followed the instructions and took ownership of the old user profile folder. That's when I was able to access it but I still can't copy everything in it. Even in safe mode. I get the same error messages.

One other thing. in the instructions it says not to copy ntuser.dat.log, ntuser.dat and ntuser.ini but I don't have all three in my folder. I only have ntuser.dat and in addition I have NTUSER (DAT file) and ntuser (configuration setttings). When copying I've been leaving all three out. Is that wrong?

Broni · Dec 1, 2010

Is that wrong?

No. You're doing it correctly.

As for those files....try this...

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Now, you should be able to navigate through your computer files and move them around by using "File Manager".

hbuteme · Dec 5, 2010

Hi Broni,

This has now gotten way too complex for me. I'm way too scared to even try it. Is there another way that I could try? If not I think I'll wait until I get someone who's more knowledgeable about computers than I am to help me follow these new instructions.

Broni · Dec 5, 2010

Not a problem. Keep me posted

TechSpot

Welcome to TechSpot

After using Malwarebytes anti-malware I still have XP Security 2011

hbuteme Newcomer, in training Posts: 37

hbuteme Newcomer, in training Posts: 37

Broni Malware Annihilator Posts: 39,398 +177

hbuteme Newcomer, in training Posts: 37

hbuteme Newcomer, in training Posts: 37

Broni Malware Annihilator Posts: 39,398 +177

hbuteme Newcomer, in training Posts: 37

hbuteme Newcomer, in training Posts: 37

Broni Malware Annihilator Posts: 39,398 +177

hbuteme Newcomer, in training Posts: 37

Broni Malware Annihilator Posts: 39,398 +177

hbuteme Newcomer, in training Posts: 37

Broni Malware Annihilator Posts: 39,398 +177

hbuteme Newcomer, in training Posts: 37

hbuteme Newcomer, in training Posts: 37

Broni Malware Annihilator Posts: 39,398 +177

hbuteme Newcomer, in training Posts: 37

Broni Malware Annihilator Posts: 39,398 +177

hbuteme Newcomer, in training Posts: 37

Broni Malware Annihilator Posts: 39,398 +177

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.