jwbirdsong

Trusted Helpers
  • Content Count

    262
  • Joined

  • Last visited

Everything posted by jwbirdsong

  1. Please download OTCleanIt and save it to Desktop. Make sure you have internet connection.. Double-click OTCleanIt.exe Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes Please read these excellent articles by miekiemoes : Help! My computer is slow! How to prevent Malware
  2. Please visit the webpage HERE for instructions for downloading and running ComboFix. Post the log from ComboFix once you done that.
  3. I was hoping that would be the case. Using Internet Explorer please do an online scan with Kaspersky Online Scanner Click on Kaspersky Online Scanner Click "I accept" You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (If available otherwise Standard) [*]Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan select My Computer [*]The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. [*]Now click on the Save report button. [*]Call it Kaspersky.txt [*]Expand the arrow beside "file types" and save as .txt file. [*]Save the file to your desktop. [*]Copy and paste that information in your next post. *Note If you have Internet Explorer 7 installed: If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button. Page will reload and you should be able to carry on scan. If the KAV log has your email all over it -- please attach it rather than copy/paste. Run a fresh Combofix log Post [*]KAV results[*]Combofix log in your next reply.
  4. Logs looking LOTS better. Are you still getting redirects/blocked sites? You seem to have 2 AV running at one. One is a MUST but two can/will lead to problems. If you wish to use AVG and Norton360..make sure Norton AV is disable. This could have been some of the blocked site issue. No overt sign of any malware left but the log is wayy old...my fault. Please post Fresh HJT Fresh OTViewIt description of any problems issues you are still having in your reply
  5. Sorry your post has sat unanswered for so long .For a variety of reasons I've been unable to reply. I will post as soon after work today as possible
  6. Sorry your post has sat unanswered for so long .For a variety of reasons I've been unable to reply. I will post as soon after work today as possible
  7. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  8. Ok i'll leave this open a few days incase anything pops up... I'm also going to forgo the "Normal" You are clean/closing speech as I'm sure you've read a few hundered on here by now.
  9. Sorry I've since changed my speech for OtMoveit3. They are located in C:\_OTMoveIt\MovedFiles\ Files are named by date/time you ran the tool. I have no reason to suspectg it didn't work as it should, and always does. Everything is looking real good. Any other issues?? Just as a point of fact the entries in HJT O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Are all (very) un-necessary for startup. Checking them and fix w/ HJT may show a considerable improvment in start time/preformance. Office (both MS and Sun) as well as adobe can simply be opened as needed, saving those resource for other programs.
  10. Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please click OTMoveIt3 and then click >> run. Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :files C:\WINDOWS\System32\uniq.tll C:\WINDOWS\System32\frmwrk32.exe C:WINDOWS\System32\pcload.exe C:\Documents and Settings\tom 1\Desktop\kjgjo.exe C:\Documents and Settings\tom 1\Desktop\SDFix.exe C:\WINDOWS\System32\*.tmp C:\WINDOWS\*.tmp :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Framework Windows"=- :Commands [EmptyTemp] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After rebooting please run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only! Click on the Start Scanning button at bottom of page. Accept the License Agreement and the ActiveX install. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report to your Desktop for posting. Please post C:\_OTMoveIt\MovedFiles\date_time_ran_OtMoveIt.log F-Secure log New OtViewIt logs(s) in your reply here.
  11. Yeah you've got some ugly infections w/ some probably renamed files. Let's sort this out efficently. Please go HERE and follow the directions for Downloading and running Combofix. Post it's log once done.
  12. Step 1 Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Step 2 Download OTViewIt to your desktop. Close all windows and open it Click Run Scan and let the program run uninterrupted It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You can ATTACH both of these if needed. You may need to use two posts to get it all on the forum or ATTACH OTviewit logs Please post OTViewIt logs in your reply. You can ATTACH one if needed. EDIT: IMMEDIATLY after a reboot try MBAM again and npost a log from that if able.
  13. Please visit the webpage HERE for instructions for downloading and running ComboFix. Post the log from ComboFix once you done that.
  14. Please visit the webpage HERE for instructions for downloading and running ComboFix. Post the log from ComboFix once you done that.
  15. Step 1 Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Step 2 Download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a the following log. Step 3 Download OTViewIt to your desktop. Close all windows and open it Click Run Scan and let the program run uninterrupted It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You may need to use two posts to get it all on the forum
  16. Step 1 Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Step 2 Download OTViewIt to your desktop. Close all windows and open it Click Run Scan and let the program run uninterrupted It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You may need to use two posts to get it all on the forum
  17. Step 1 Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Step 2 Download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a the following log. Step 3 Download OTViewIt to your desktop. Close all windows and open it Click Run Scan and let the program run uninterrupted It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You may need to use two posts or you can ATTACH the OTView logs. Please post MBAM log OtViewit log (can be attached) in your next post.
  18. Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :files C:\PROGRAM FILES\RAPID ANTIVIRUS\ C:\PROGRAM FILES\ACE-HIGH MP3 WAV WMA OGG CONVERTER\ACE-HIGH.CONVERTER_KG.EXE :commands [emptytemp] [start explorer] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post along with a final Hijaclk log please.
  19. Log looks fine. If you did a restore there may be some (non-active) baddie laying around on his drives tho. I would sugguest he/you run a full/updated scan w/ Avast and/or F-Secure just to check. If you run Fsecure post the output please. Please run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only! Click on the Start Scanning button at bottom of page. Accept the License Agreement and the ActiveX install. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report to your Desktop for posting. Also post a fresh HJT log for me please.
  20. Are you still getting the popups or just now looking for a clean bill of health. LOOKS like MBAM got rid of any issues. SAS runs clean (After MBAM run?) If you are still having issues post the following logs. Download DDS and save it to your desktop from here or here or here. Disable any script blocker, and then double click ddsto run the tool. When done, DDS will open two (2) logs DDS.txt Attach.txt [*]Save both reports to your desktop. -- Note: The screen instructions will indicate the attach.txt must be zipped before attaching to your forum post. Instead, we want you to just include attach.txt as an attachment to upload using the "Browse" button in the text editor when making your reply. No need to zip it. In your next reply post DDS.txt Attach.txt <<---- Attached in your next reply.
  21. Start by downloading Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a DDS logs (instructions follow). Download DDS and save it to your desktop from here or here or here. Disable any script blocker, and then double click ddsto run the tool. When done, DDS will open two (2) logs DDS.txt Attach.txt [*]Save both reports to your desktop. -- Note: The screen instructions will indicate the attach.txt must be zipped before attaching to your forum post. Instead, we want you to just include attach.txt as an attachment to upload using the "Browse" button in the text editor when making your reply. No need to zip it. In your next reply post MBAM log DDS.txt Attach.txt in your next reply.
  22. Try the last version that supports Win98 available from HERE and see if it will "reset" your sytem back to compatable settings.
  23. Sorry, guess the reply from Samuel John threw me off somehow. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. REBOOT Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close any open browsers. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run. Open the OTScanit folder and double-click on OTScanit.exe to start the program. (Vista users, please right click on OtScanIt.exe and select "Run as an Administrator") Leave all the setting to the default except as noted below Change the setting under BOTH files created and file modified within to 90 days. Under Additional Scans sections, check the followingReg - BotCheck File - Additional Folder Scan [*]Now click the Run Scan button on the toolbar. [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes. [*]When the scan is complete Notepad will open with the report file loaded in it. [*]Save that notepad file Since the log is too large to post, use the ADDREPLY button, then scroll down to the attachments section and attach the notepad file here.
  24. Start OtScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Kill Explorer] [Unregister Dlls] [Processes - Non-Microsoft Only] YY -> servupdate.exe -> %SystemRoot%\system32\servupdate.exe [Win32 Services - Non-Microsoft Only] YY -> (TASKMNGR) Windows Task Services [Win32_Own | Auto | Stopped] -> %SystemRoot%\system\taskmngr.exe [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YY -> Windows USB Monitor -> %SystemRoot%\system32\servupdate.exe [servupdate.exe] < RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices YY -> Windows USB Monitor -> %SystemRoot%\system32\servupdate.exe [servupdate.exe] [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\servupdate.exe -> C:\WINDOWS\system32\servupdate.exe [C:\WINDOWS\System32\servupdate.exe:*:Enabled:Windows USB Monitor] [Files/Folders - Created Within 30 days] NY -> av.exe -> %SystemRoot%\System32\av.exe NY -> servupdate.exe -> %SystemRoot%\System32\servupdate.exe NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp [Files Created - Additional Folder Scans - Non-Microsoft Only] NY -> @Alternate Data Stream - 135 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 [Files/Folders - Modified Within 90 days] NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp NY -> i -> %SystemRoot%\System32\i NY -> servupdate.exe -> %SystemRoot%\System32\servupdate.exe NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp NY -> 1 C:\Documents and Settings\Josh Stegall\Local Settings\Temp\is-IMRJR.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Josh Stegall\Local Settings\Temp\is-IMRJR.tmp\_isetup\*.tmp NY -> 1 C:\Documents and Settings\Josh Stegall\Local Settings\Temp\is-LV4V0.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Josh Stegall\Local Settings\Temp\is-LV4V0.tmp\_isetup\*.tmp NY -> 12 C:\Documents and Settings\Josh Stegall\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh Stegall\Local Settings\Temp\*.tmp [Empty Temp Folders] [Start Explorer] [ZipFiles] [Reboot] The fix should only take a very short time. You run will take a few minutes because I'm zipping up some files for submition. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. If it reboots this may not happen. You need to manually find the file. it is at Desktop\OTScanIt\MovedFiles4112008_163441.log or what ever yours is named(Date/Time you ran the fix) In your case there will also be a 04112008_163441.ZIP there also. Please upload this zip file to HERE then continue with the following. Please run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only! Click on the Start Scanning button at bottom of page. Accept the License Agreement and the ActiveX install. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting. Please post OTscan it "results" log (described above) F-Secure log Fresh OtScanIt log made after F-secure in your next reply here
  25. Still infected. Next download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. REBOOT Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close any open browsers. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run. Open the OTScanit folder and double-click on OTScanit.exe to start the program. (Vista users, please right click on OtScanIt.exe and select "Run as an Administrator") Leave all the setting to the default except as noted belowCheck the box for Scan all user accounts Under Additional Scans sections, check the followingReg - BotCheck File - Additional Folder Scan [*]Now click the Run Scan button on the toolbar. [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes. [*]When the scan is complete Notepad will open with the report file loaded in it. [*]Save that notepad file Since the log is too large to post, use the ADDREPLY button, scroll down to the attachments section and attach the notepad file here.