Solved GMER has crashed Inspiron/XP four times - what to do?

[Anaya]

Man, I hope with all this cutting and pasting I didn't accidentally duplicate sections or leave some out. These logs don't look that long in Notebook form, so when i label them "X of Y" I don't actually know how many e-m it will take!

As far as current issues -- I honestly don't know. I was at work all day yesterday, and at an internship all day today, so the only time I have been on the cptr the last two days has been following your instructions - and you know all about how that is going!

One thing that started happening today is that when I go into yahoo mail, when i start typing my username and pass into the fields, it flickers, and gives me a new page to type into. It happens every time, and its kind of weird. It doesn't flicker until i start typing - and I know its a new page because the background ad changes (you know - their current campaign has a couple different people - a guy, a woman with tats, etc., so it's easy to see it reloaded and flipped to the next one, as opposed to just not accepting what I'm typing.). I hope that makes sense.

Are my logs extra long? Am I in extra deep ****?

 

[Broni]

You did fine. Let me see, what's there.
As for Yahoo mail, see, if same thing happens in another browser.

 

[Broni]

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

========================================================================

OTL log looks perfectly clean


Last scans.....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[Anaya]

OMG that is good news!

No clue what you did, but you're a real trooper - putting up with me!

I am falling asleep though, so I will have to finish all this tomorrow.

Talk to you then!

 

[Broni]

No problem

 

[Anaya]

Uh-oh

Hi, just in case you are there I thought I would ask - i started the Kaspersky thing and I forgot to disable Norton -- should I stop it somehow -- I don't see a stop button, or should I wait and run it again...?

 

[Anaya]

it currently says Program download and update (100%) annd the Database update is at 15%. Did I screw it all up?

 

[Broni]

No. Norton may make scanning slower, but you didn't screw anything up...

 

[Anaya]

Thank goodness you are there! So I should just keep letting it do its thing then. I will be posting the logs - which are being created more slowly than expected - soon!

 

[Broni]

Kaspersky, usually takes a while...be patient

 

[Anaya]

So I leave "viruses, worms, trojans, rootkits" UNchecked? or it should be checked?

 

[Anaya]

The other 3 (which you mentioned above) are checked - just making sure this one should be UNchecked.

 

[Broni]

Just make sure, those 3 are checked. Don't change anything else.
If those 3 are checked, you're good to run the scan.

 

[Anaya]

never mind. in this world of instant communication, waiting over 3 minutes was killing me, so i started the scan without ticking that viruses and worms box. you have been pretty specific so far, so i figure if you wanted it checked, you would have mentioned it.

 

[Broni]

OK.............

 

[Anaya]

so, now it stopped and i saw the thing that said to disable other anti virus protection or else Kaspersky can't do a virus scan, so i disabled Norton again, pressed "Scan My Computer" again and then I remembered that all of 60 seconds ago you told me that we weren't ticking the virus scanning part. SO, i think it's running, -- it's keeping track of the duration time, but it says scanning in progress is 0%. Have I screwed it up NOW? Because that would be so ME.

 

[Broni]

No worries. Be patient...LOL

 

[Anaya]

It finished after about 2 hours but when i clicked on report, there was nothing there. So i started it again.

 

[Broni]

Forget it.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• IMPORTANT! UN-check Remove found threats
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[Anaya]

No threats found...?

ESET didn't give me the option you mentioned, because the final box just said "no threats found." I have included the log from the Kaspersky run, also no threats, and the original request of the check-up log is just below. Is everything really fine do you think? Should I use the computer for a few hours and see if I am still getting misdirected all the time? Or have you seen this frequently with this kind of malware?

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
Japanese Fonts Support For Adobe Reader 9
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

and here is the note from Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 7, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 06, 2010 22:31:56
Records in database: 4133743
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 86098
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:04:29

No threats found. Scanned area is clean.

Selected area has been scanned.

 

[Broni]

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

 

[Anaya]

Trojan?

WAS any Trojan detected anywhere? I'll change my passwords anyway I guess.

Broni,
Thanks for all the help. You were great for putting up with me - i'm such a technological dolt, and I really appreciate it. I know you all do this as a service to mankind, and why this is fun for you in your spare time is beyond me, but should I send you cookies or something? (ACTUAL, homemade cookies! to thank you!)

Anaya

 

[Anaya]

One last question...

The computer seems ok for now - i have a couple Q's if you don't mind

Do you think Spy Bot is superior to MalwareBytes? Do I need one (or both) of them in addition to Norton 2010?

Is there a forum here for less technical problems than viruses? Because i have a very annoying desktop problem that started the same time as the redirects, and i did think they were related, but now that i know the system is clean, the desktop issue is still there, so it must have just been coincidence, and i'd like to get it fixed.

AND, what can i do to thank you?

 

[Broni]

WAS any Trojan detected anywhere?

Yes.

You were great for putting up with me

My pleasure

should I send you cookies or something?

"Thank you" will absolutely do

Do you think Spy Bot is superior to MalwareBytes?

No. Spybot is rather a toll of the past and you can safely uninstall it.
MBAM is the way to go.

Is there a forum here for less technical problems than viruses? Because i have a very annoying desktop problem that started the same time as the redirects, and i did think they were related, but now that i know the system is clean, the desktop issue is still there, so it must have just been coincidence, and i'd like to get it fixed.

You can always start new topic at Windows forum.

what can i do to thank you?

You just did

Good luck and stay safe