[Solved] I can't send the logs...help

hijacked · Jan 16, 2011

Hi Broni, Not sure if the java install went correctly It asked to verify my currentsoftware but it took much linger than the recommended 60 seconds. I then went to the download tab and downloaded ver 6 update 23. I didn't get any of the options to uncheck tool bars so I'm not too sure if I should proceed??

hijacked · Jan 16, 2011

I went back and hit the verify button again and it said congratulations I have the correct version so I guess I'm ok to proceed.

hijacked · Jan 16, 2011

I ran the JavaRa.exe, but the directions which open up before you go to the web page are nothing like the page itself. There is no Java Runtime section of the web page. just a small link (JRE) which takes you to a whole differnt world.
Help please

hijacked · Jan 17, 2011

Hi Broni,
I got a bit confused with the JavaRa.exe but finally sorted it ou. Still not sure if Java was installed properly. Below are the logs for OTL and Security check. When I came back to check on ESET I was a screen trying to sell me the program. No list of threats found button or log so I presume it was happy.

Cheers

All processes killed
Error: Unable to interpret <Under the Custom Scans/Fixes box at the bottom, paste in the following> in the current context!
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1563985344-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-1563985344-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com.au\www\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-1563985344-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\techspot.com\www\ not found.
File C:\Program Files\Common Files\nuluvisol.dat not found.
File C:\WINDOWS\System32\efubo.sys not found.
File C:\Program Files\Common Files\ugowol.dat not found.
File C:\Documents and Settings\All Users\Application Data\elivapenub.pif not found.
File C:\Documents and Settings\Brian\Application Data\yretyg.dl not found.
File C:\Program Files\Common Files\tivoq.lib not found.
File C:\Documents and Settings\All Users\Application Data\yxavygex.pif not found.
File C:\Documents and Settings\All Users\Application Data\keguwiwit.db not found.
File C:\Documents and Settings\All Users\Application Data\imyzo.lib not found.
File C:\Documents and Settings\All Users\Application Data\wisy.lib not found.
File C:\Documents and Settings\Brian\Application Data\hegitagisa.vbs not found.
File C:\Program Files\Common Files\utyb.db not found.
File C:\WINDOWS\System32\JJAKEn.dll not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 106411 bytes
->Temporary Internet Files folder emptied: 2760866 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125947 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb

[EMPTYFLASH]

User: All Users

User: Brian
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.2 log created on 01172011_183806

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF96A1.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF96B1.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF97C2.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF97CF.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF98DF.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF99A0.tmp not found!
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\ZBJYET2E\clkurl=;ord=1942135082[1].htm moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\V8Y4KA98\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\V8Y4KA98\topic159705[1].html moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\7Q09MD1S\sh30[1].html moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d38.dat not found!

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

Broni · Jan 17, 2011

You did well

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

hijacked · Jan 17, 2011

Hi Broni,
Thanks for your help. I thought that before I do the final restore I should report an error message I got this morning on opening. "Jusched.exe has encountered a problem and needs to shut down"

Broni · Jan 17, 2011

Disable Jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

hijacked · Jan 17, 2011

Hi Broni,
All looks good. I have downloaded the programs you suggested to try and keep the gad guys out and will read the info on how to kepp them out in the future.
Thanks for your help

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 134830 bytes
->Temporary Internet Files folder emptied: 11605107 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 690 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125969 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 98166 bytes

Total Files Cleaned = 11.00 mb

[EMPTYFLASH]

User: All Users

User: Brian
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.2 log created on 01182011_081622

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF1ED2.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF1EDD.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF1F49.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF1F54.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF20DE.tmp not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\~DF20E9.tmp not found!
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\MRNZZOQD\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\MRNZZOQD\sh30[1].html moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\497EM380\clkurl=;ord=692100634[1].htm moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\497EM380\topic159705-2[1].html moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d74.dat not found!

Registry entries deleted on Reboot...

Broni · Jan 17, 2011

Way to go!!
Good luck and stay safe

hijacked · Jan 20, 2011

Hi Broni,
All is going well with my very clean computer, except that I'm still getting occasional drop outs from the internet. The wireless is fine. It seems to be just the connection with the computer. Usually if I go to my wireless network and disconnect (it usually l says I'm still connected). It reconnects, but sometimes it says it can't locate any wireless networks and I have to re boot.
Any suggestions would be appreciated.
thanks

Broni · Jan 20, 2011

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

hijacked · Jan 20, 2011

OK will do.
Thanks

Broni · Jan 20, 2011

Sure thing

TechSpot

[Solved] I can't send the logs...help

hijacked Newcomer, in training

hijacked Newcomer, in training

hijacked Newcomer, in training

hijacked Newcomer, in training

Broni Malware Annihilator

hijacked Newcomer, in training

Broni Malware Annihilator

hijacked Newcomer, in training

Broni Malware Annihilator

hijacked Newcomer, in training

Broni Malware Annihilator

hijacked Newcomer, in training

Broni Malware Annihilator