Not sure what it is but i have a new problem

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 15th July 2009, 2:27 am

Done. Will I be able to use Weatherbug and Aim6 after having done that or are they dead now?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 15th July 2009, 2:31 am

Since the ComboFX scan, when I am using Trillian, my preferred instant messaging software, when i click a link in a dialog window, it now only opens thiat link in Internet Explorer. It used to do it in Firefox and I wanted it to. I don't know how to change it back. Why would the scan have caused that change? Is there any way to undo it?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Belahzur on 15th July 2009, 3:12 pm

Hello.
That's just the default browser.

Open Firefox as normal, does it have a little popup that says checking your default browser?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 15th July 2009, 3:31 pm

Ah very good. Meanwhile things are periodically still running a little slowly. are there any other scans I can do?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Belahzur on 15th July 2009, 3:34 pm

Hello.
Uninstall Spybot/SpamFIGHTER/Winpatrol.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Micro] "C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Install Spybot again now if you would like.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 15th July 2009, 4:00 pm

The scan did not show these:

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

or

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]


also before I completed the uninstallation of Spybot, it gave me a warning saying that all the changes made with Spybot during my use of it would be undone if i uninstalled it. After the obligatory restart, things were running very much more slowly. What should I do?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 15th July 2009, 4:03 pm

Can I/should I run a malwarebytes scan to clean up what was undone by the uninstallation of Spybot? I am having trouble reinstalling Spybot. THe installation wizard froze on me.

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 15th July 2009, 4:45 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 16th July 2009, 1:26 am

The Kaspersky thing is still updating. hasn't scanned yet. The buttons in the left frame, like "scan", 'update" and others refuse to load completely. Its as if Explorer doesn't recognise the format of the site or something. How should I proceed?

edit: Sorry I misread the previous post. please disregard this post.

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 16th July 2009, 1:56 am

The kaspersky scan seems to have frozen. what should I do?

edit: please ignore - it started up again.

It says that i can continue web surfing in other browsers while this is going on so thats what i've been doing. I hope that is ok.

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 16th July 2009, 3:10 pm

kaspersky scan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 16, 2009 02:42:52
Records in database: 2472927
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 204694
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 05:44:38


File name / Threat name / Threats count
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP866\A0139907.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\_OTMoveIt\MovedFiles\02072009_143227\program files\netpumper-1.25.1-setup-NP_0210.exe Infected: Trojan.Win32.Obfuscated.en 1

The selected area was scanned.

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 16th July 2009, 5:43 pm

Is it ok for me to do a spybot scan yet?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 16th July 2009, 5:49 pm

Yes if you want and do a Malwarebytes scan and post the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 16th July 2009, 11:38 pm

Here is the log:

Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 3

7/16/2009 5:58:17 PM
mbam-log-2009-07-16 (17-58-17).txt

Scan type: Quick Scan
Objects scanned: 103977
Time elapsed: 18 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Last edited by spacephrawgg on 16th July 2009, 11:40 pm; edited 1 time in total (Reason for editing : thought of something else to say)

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 17th July 2009, 6:45 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 12:06 am

I'm having trouble with the GMER program. When it opens its busy for a second and is just a gray square on the screen. then it looks like its supposed to and i can click the >>> button and i get the thing where it shows a scan button but it won't respond when i click on it. the other buttons will respond but not "scan".

The results it does give me is this:

GMER 1.0.15.14972 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-17 20:05:27
Windows 5.1.2600 Service Pack 3


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

---- EOF - GMER 1.0.15 ----


Is this what its suposed to produce or is it doing something wrong?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 12:08 am

Lets try a different tool:

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from [You must be registered and logged in to see this link.].
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 12:18 am

The scan is still going on. Is it safe for me to listen to itunes and look at my music library (not download new music) right now?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 12:20 am

Yes it is.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 12:34 am

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/17 20:15
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF23C9000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B8F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF7BF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\T-41520080-falluja, iraq - USA US Troops Guerilla Hot War Battle With Insurgents Footage Released 11-14-2004 via web United States Coalition of the willing drudge sex tits teen lolita bus.avi
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\T-24179273-DJ Food & DK -Solid Steel Theme - Jeru The Damaja - Come Clean_The Cinematic Orchestra - Channel One Suite - NEotrpic - Beached - Ice - X1 - X-Ecutioners - Musica Negra - David.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Shared Limewire stuff\remix jurasic park remix ft. Big Pun, Method Man, Redman, Eminem, Busta Rymes, Jurassic 5, Tupac, Sheek, BG, DMX, Snoop, Young Noble, Bone Thugs N Harmony, Ghostface Killah, Dr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 01 - All I Want To Know.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 02 - As You Turn To Go.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 03 - Dreams Anymore.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 04 - Epitaph For My Heart.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 05 - Heather Heather.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 06 - I Think I Need A New Heart.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 07 - One April Day.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 08 - Stray With Me.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 09 - The Luckiest Guy On The Lower East Side.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 10 - You You You You You.mp3
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "" at address 0xf7d00d1e

#: 053 Function Name: NtCreateThread
Status: Hooked by "" at address 0xf7d00d14

#: 063 Function Name: NtDeleteKey
Status: Hooked by "" at address 0xf7d00d23

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "" at address 0xf7d00d2d

#: 098 Function Name: NtLoadKey
Status: Hooked by "" at address 0xf7d00d32

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0xf7d00d00

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0xf7d00d05

#: 193 Function Name: NtReplaceKey
Status: Hooked by "" at address 0xf7d00d3c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "" at address 0xf7d00d37

#: 247 Function Name: NtSetValueKey
Status: Hooked by "" at address 0xf7d00d28

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0xf7d00d0f

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "" at address 0xf7d00d0a

==EOF==

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 12:38 am

that there is the report.

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 12:44 am

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 1:00 am

"error invalid script" 8>/

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 1:02 am

Did you copy everything in the Box?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 1:10 am

Ok it worked. Here is the scan report:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Fri Jul 17 21:00:07 2009

21:00:07: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Fri Jul 17 21:00:33 2009

21:00:33: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm" not found!
Deletion of file "c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 1:16 am

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 1:24 am

THis is the result:

========== FILES ==========
File/Folder c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm not found.

OTM by OldTimer - Version 3.0.0.5 log created on 07172009_212417

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 1:46 am

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 3:13 am

during hte course of the scan it periodically has popups that ask me if i want to move things it discovers, despite the fact that I told it to only report the things it finds as you instructed. What do I do with these?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 7:56 pm

Let it move the items.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 8:45 pm

by mistake i told it not to move one item. What do I do about that? (the scan is still running)

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 8:46 pm

Its ok just skip it.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 9:39 pm

The scan is still running and it looks like it isn't even a 20th of the way through. Should I be concerned?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 9:41 pm

These scans usually take a long time, has it found any viruses?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 11:46 pm

yes in fact it just found one and it wants to if it should cure it. It found a trojan of some kind. Should i tell it to cure it?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 11:47 pm

Can you give me the name of the Trojan.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 18th July 2009, 11:51 pm

Trojan.click.1487

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 18th July 2009, 11:54 pm

Ok can you give me the info to where the infection is coming from.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 19th July 2009, 12:11 am

sorry here it is: C:\Documents and Settings\All Users\Start Menu\NetZero - First Month Free!.exe

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 19th July 2009, 3:04 pm

Most likely a false positive, can you tell em what parts of the computer are going slow again?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 19th July 2009, 3:26 pm

I don't understand what you mean by "what part of the computer is going slowly". If it is slow, the whole thing is slow, if its fast, the whole thing is fast. I apologize for being dense. I just got up. Please be patient.

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 19th July 2009, 3:27 pm

Sorry I wasn't specific, what events do you do that cause the computer to slow down?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 19th July 2009, 4:16 pm

I use FF and have as many as 9 tabs open most of the time I use it, though I cut back to four when i have to leave the computer for a time. Sometimes the computer takes several minutes to open FF, and as long to open iTunes. Sometimes starting MS Word takes as long as well.

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 19th July 2009, 4:19 pm

I see, lets run this scan to see if it can pick up something I missed:


I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download [You must be registered and logged in to see this link.] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 19th July 2009, 6:25 pm

the Dr. Web scan is still running. I had it wait until you could tell me what to do about that Trojan it found so its still going now. It is a little less than a third done. I'm guessing I should wait on any other scans until it is done right?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on 19th July 2009, 6:43 pm

Yes wait until it has finished, this scan shouldn't take as long as Dr Web Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 19th July 2009, 10:46 pm

Ok now Dr. web is half done. Is it supposed to take this long?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 20th July 2009, 2:23 am

Dr. Web has found an old OTmoveit folder full of infected objects and wants to know if it should move it. What should i tell it to do?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 20th July 2009, 2:46 pm

Another problem i've been noticing for the past few weeks now that i think of it is when I'm writing out a long string of text sometimes the cursor jumps a few lines above where i'm typing and starts inserting my new text in the middle of a word, or jumps to a totally different part of the page and opens a dormant window that i have in the bar at the bottom of the screen, or something else of that sort. I'm using a laptop so I thought it had to do with my left hand accidentally touching the touchpad when I'm typing but the thing is the mouse pointer is frequently nowhere near where the cursor ends up. Sometimes what happens is the result of where the mouse pointer is but it isn't consistent. What do you suppose is going on?

As the doctor's say, when you hear hoofbeats think horses, not zebras. Well I'm trying and all I can think of is zebras at this point. What do you think?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on 21st July 2009, 1:10 am

[You must be registered and logged in to see this link.] wrote:Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

OH GOD I F-eD UP! instead of clicking "cure" i clicked "delete"! THis is not my week. Am I screwed? What do I do now? Have you lost patience with me yet? I'm sorry! Oh god...

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum