"Malware Defense" malware?

View previous topic View next topic Go down

Re: "Malware Defense" malware?

Post by Belahzur on Thu Jan 07, 2010 11:17 pm

Try this instead.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by GMan316 on Thu Jan 07, 2010 11:26 pm

[You must be registered and logged in to see this link.] wrote:Try this instead.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.

Is it alright if I do it in safe mode? I can't seem use the normal mode without it freezing up on me.

GMan316
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2009-08-23
OS OS : Windows XP Pro
Points Points : 27650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by Belahzur on Thu Jan 07, 2010 11:27 pm

Yep. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by GMan316 on Thu Jan 07, 2010 11:40 pm

Here is the DDS log:


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Angelito Pangilinan at 15:38:29.78 on Thu 01/07/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1773 [GMT -8:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Angelito Pangilinan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\angeli~1\applic~1\mozilla\firefox\profiles\0tue9jez.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-8-29 625024]

=============== Created Last 30 ================

2010-01-07 00:30:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-07 00:30:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 00:09:59 857 ----a-w- c:\windows\system32\krl32mainweq.dll
2010-01-07 00:07:53 0 d-----w- C:\_OTL
2010-01-05 02:57:22 202 ----a-w- c:\windows\system32\srcr.dat
2009-12-29 11:06:43 0 d-----w- c:\windows\system32\XPSViewer
2009-12-29 11:05:29 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-29 11:05:29 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-29 11:05:29 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-29 11:05:29 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-29 11:05:29 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-29 11:05:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-29 11:05:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-29 11:05:28 0 d-----w- C:\9bdb8e80f0b1b57487be468f
2009-12-28 09:50:07 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-28 09:49:08 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-28 09:49:07 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-28 09:49:06 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-28 09:48:19 2560 ------w- c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-10-29 05:38:23 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-05-07 23:34:00 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe

============= FINISH: 15:39:20.15 ===============

GMan316
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2009-08-23
OS OS : Windows XP Pro
Points Points : 27650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by GMan316 on Thu Jan 07, 2010 11:40 pm

Here is the attach log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2009 6:05:54 PM
System Uptime: 1/7/2010 3:36:43 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | 1000H
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 80 GiB total, 45.264 GiB free.
D: is FIXED (NTFS) - 61 GiB total, 38.047 GiB free.
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP25: 10/10/2009 2:15:00 PM - System Checkpoint
RP26: 10/13/2009 9:39:18 PM - System Checkpoint
RP27: 10/16/2009 9:33:00 PM - System Checkpoint
RP28: 10/19/2009 12:45:37 AM - System Checkpoint
RP29: 10/20/2009 5:26:37 PM - System Checkpoint
RP30: 10/21/2009 5:43:18 PM - System Checkpoint
RP31: 10/23/2009 2:05:02 PM - System Checkpoint
RP32: 10/25/2009 11:10:28 PM - System Checkpoint
RP33: 10/29/2009 12:29:54 AM - System Checkpoint
RP34: 11/1/2009 9:13:38 PM - System Checkpoint
RP35: 11/2/2009 9:57:21 PM - System Checkpoint
RP36: 11/8/2009 11:05:52 PM - System Checkpoint
RP37: 11/10/2009 11:42:08 PM - System Checkpoint
RP38: 11/12/2009 9:33:47 PM - System Checkpoint
RP39: 11/13/2009 9:39:47 PM - System Checkpoint
RP40: 11/15/2009 1:33:23 PM - System Checkpoint
RP41: 11/19/2009 12:50:51 AM - System Checkpoint
RP42: 12/5/2009 2:33:40 PM - System Checkpoint
RP43: 12/5/2009 4:15:34 PM - Software Distribution Service 3.0
RP44: 12/20/2009 1:57:55 AM - System Checkpoint
RP45: 12/21/2009 2:29:49 AM - System Checkpoint
RP46: 12/22/2009 9:45:36 PM - System Checkpoint
RP47: 12/25/2009 10:14:46 PM - System Checkpoint
RP48: 12/26/2009 10:34:04 PM - System Checkpoint
RP49: 12/28/2009 1:56:44 AM - Software Distribution Service 3.0
RP50: 12/28/2009 3:16:12 PM - Software Distribution Service 3.0
RP51: 12/28/2009 5:01:56 PM - Software Distribution Service 3.0
RP52: 12/28/2009 11:18:33 PM - Software Distribution Service 3.0
RP53: 12/29/2009 3:00:15 AM - Software Distribution Service 3.0
RP54: 12/31/2009 7:26:40 PM - System Checkpoint
RP55: 12/31/2009 8:02:14 PM - Software Distribution Service 3.0
RP56: 1/1/2010 9:19:55 PM - System Checkpoint

==== Installed Programs ======================


Adabas D 13.01.00
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Agent
AIM 6
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Azurewave Wireless LAN
Compatibility Pack for the 2007 Office system
Eee Instant Key
Eee Storage 1.1.15.197
ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
FTDI USB Serial Converter Drivers
Full Tilt Poker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
Java(TM) 6 Update 17
Malware Defense
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Works
Mobile Partner
Mozilla Firefox (3.0.16)
MySpaceIM
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Skype™ 3.6
StarOffice 8 ASUS Edition
Super Hybrid Engine
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - FTDI FTDI VCP Driver Package (12/12/2005 1.00.2176)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Writer

==== Event Viewer Messages From Past Week ========

1/7/2010 12:47:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
1/7/2010 12:39:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/7/2010 12:39:15 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2010 12:39:15 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2010 12:39:15 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2010 12:39:15 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/6/2010 4:19:58 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
1/6/2010 3:54:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/6/2010 3:53:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/6/2010 3:51:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/6/2010 3:51:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/6/2010 3:39:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
1/6/2010 3:37:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/6/2010 3:33:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service service to connect.
1/6/2010 3:33:09 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/4/2010 5:47:11 PM, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 00248C24957B has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

GMan316
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2009-08-23
OS OS : Windows XP Pro
Points Points : 27650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by Belahzur on Fri Jan 08, 2010 12:00 am

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Malware Defense

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    Viewpoint Manager Service

    :files
    c:\windows\system32\krl32mainweq.dll
    C:\_OTL
    c:\windows\system32\srcr.dat


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by GMan316 on Fri Jan 08, 2010 12:08 am

Here is the OTM log:

========== SERVICES/DRIVERS ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
========== FILES ==========
LoadLibrary failed for c:\windows\system32\krl32mainweq.dll
c:\windows\system32\krl32mainweq.dll moved successfully.
C:\_OTL\MovedFiles\01062010_160753\C_WINDOWS\system32 folder moved successfully.
C:\_OTL\MovedFiles\01062010_160753\C_WINDOWS folder moved successfully.
C:\_OTL\MovedFiles\01062010_160753\C_Program Files\Malware Defense folder moved successfully.
C:\_OTL\MovedFiles\01062010_160753\C_Program Files folder moved successfully.
C:\_OTL\MovedFiles\01062010_160753\C_Documents and Settings\Angelito Pangilinan\Local Settings\Temp folder moved successfully.
C:\_OTL\MovedFiles\01062010_160753\C_Documents and Settings\Angelito Pangilinan\Local Settings folder moved successfully.
C:\_OTL\MovedFiles\01062010_160753\C_Documents and Settings\Angelito Pangilinan folder moved successfully.
C:\_OTL\MovedFiles\01062010_160753\C_Documents and Settings folder moved successfully.
C:\_OTL\MovedFiles\01062010_160753 folder moved successfully.
C:\_OTL\MovedFiles folder moved successfully.
C:\_OTL folder moved successfully.
c:\windows\system32\srcr.dat moved successfully.

OTM by OldTimer - Version 3.1.4.0 log created on 01072010_160748

GMan316
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2009-08-23
OS OS : Windows XP Pro
Points Points : 27650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by Belahzur on Fri Jan 08, 2010 12:10 am

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by GMan316 on Fri Jan 08, 2010 12:22 am

I did the OTM cleanup and then rebooted. The machine froze on the welcome part, I gave it a couple of mins to try to load and when it didn't I turned it off. Turned it back on after about 30 secs and it appears to be running fine now. I think you did it Belahzur. I really appreciate all the help man, you're awesome Smile

Would you still like me to run hijackthis and malwarebytes? Or is that no longer necessary? Also what programs should I put on this to prevent this kind of thing from happening again? I use avira anti vir on my desktop, is there anything else I should get? Should I consider using another browser other than firefox?

EDIT:

When I opened up the firefox browser an add on pop up came up. It's Microsoft .NET framework Assistant 1.1. Should I disbale it or uninstall?


Last edited by GMan316 on Fri Jan 08, 2010 12:24 am; edited 1 time in total

GMan316
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2009-08-23
OS OS : Windows XP Pro
Points Points : 27650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by Belahzur on Fri Jan 08, 2010 12:23 am

You can run MBAM if you want to, but I doubt it will find anything [under quick scan that is, full scan would likely find infected restore points or quarantined items]


We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Malware Defense" malware?

Post by GMan316 on Fri Jan 08, 2010 12:33 am

Awesome, thanks again for all the help Belahzur. You're a lifesaver man.

GMan316
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2009-08-23
OS OS : Windows XP Pro
Points Points : 27650
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum