Windows Defender Virus Type on Vista

View previous topic View next topic Go down

Re: Windows Defender Virus Type on Vista

Post by Dr Jay on 30th March 2010, 8:43 pm

Hi Smile

Optional Programs
I see you are running uTorrent, a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: [You must be registered and logged in to see this link.]

Update Software
Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.




OTL Fixes
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :otl
    O33 - MountPoints2\{77698c3d-ed05-11de-96f7-00242129468a}\Shell\AutoRun\command - "" = nqdymj.exe
    O33 - MountPoints2\{77698c3d-ed05-11de-96f7-00242129468a}\Shell\open\Command - "" = nqdymj.exe
    O33 - MountPoints2\{c48dcdeb-40d6-11de-b4b5-00242129468a}\Shell - "" = AutoRun
    O33 - MountPoints2\{c48dcdeb-40d6-11de-b4b5-00242129468a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{e5d2bf33-f2ae-11de-91b9-00242129468a}\Shell\AutoRun\command - "" = wu1n.exe
    O33 - MountPoints2\{e5d2bf33-f2ae-11de-91b9-00242129468a}\Shell\open\Command - "" = wu1n.exe
    O33 - MountPoints2\{e5d2bf4d-f2ae-11de-91b9-00242129468a}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5d2bf4d-f2ae-11de-91b9-00242129468a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O37:64bit: - HKCU\...exe [@ = secfile] -- "C:\Users\Mike\AppData\Local\ave.exe" /START "%1" %* File not found
    O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Mike\AppData\Local\ave.exe" /START "%1" %* File not found
    @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Windows Defender Virus Type on Vista

Post by Michael Samsel on 1st April 2010, 4:45 pm

Thank you. This seems to have fixed everything! I will certainly make a donation. This is a great resource. Log Below:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77698c3d-ed05-11de-96f7-00242129468a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77698c3d-ed05-11de-96f7-00242129468a}\ not found.
File nqdymj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77698c3d-ed05-11de-96f7-00242129468a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77698c3d-ed05-11de-96f7-00242129468a}\ not found.
File nqdymj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c48dcdeb-40d6-11de-b4b5-00242129468a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c48dcdeb-40d6-11de-b4b5-00242129468a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c48dcdeb-40d6-11de-b4b5-00242129468a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c48dcdeb-40d6-11de-b4b5-00242129468a}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5d2bf33-f2ae-11de-91b9-00242129468a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5d2bf33-f2ae-11de-91b9-00242129468a}\ not found.
File wu1n.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5d2bf33-f2ae-11de-91b9-00242129468a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5d2bf33-f2ae-11de-91b9-00242129468a}\ not found.
File wu1n.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5d2bf4d-f2ae-11de-91b9-00242129468a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5d2bf4d-f2ae-11de-91b9-00242129468a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5d2bf4d-f2ae-11de-91b9-00242129468a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5d2bf4d-f2ae-11de-91b9-00242129468a}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
ADS C:\Program Files (x86)\Cake Poker:MID deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Jeannie
->Temp folder emptied: 561252 bytes
->Temporary Internet Files folder emptied: 123284924 bytes
->Java cache emptied: 12118833 bytes
->FireFox cache emptied: 3962590 bytes
->Flash cache emptied: 4400 bytes

User: Michael
->Temp folder emptied: 282362 bytes
->Temporary Internet Files folder emptied: 597097 bytes
->Java cache emptied: 12118833 bytes
->Flash cache emptied: 434 bytes

User: Mike
->Temp folder emptied: 781168 bytes
->Temporary Internet Files folder emptied: 68745771 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38319164 bytes
->Google Chrome cache emptied: 86909225 bytes
->Apple Safari cache emptied: 827330 bytes
->Flash cache emptied: 10636 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 411368 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3527234 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1877616684 bytes

Total Files Cleaned = 2,127.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04012010_090400

Files\Folders moved on Reboot...
C:\Users\Jeannie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF9D96.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF9DAF.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF9E00.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF9E19.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF9E90.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF9EA9.tmp not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNP3EQVM\activex[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNP3EQVM\evaluateCss[1].htc moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNP3EQVM\favicon[1].ico moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E38BKS7A\favicon[1].ico moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E38BKS7A\index[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E38BKS7A\manual[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E38BKS7A\windows-defender-virus-type-on-vista-t20274-15[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHSNPSWV\favico12[4].gif moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TGG04SJ\favico12[2].gif moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Michael Samsel
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-03-18
OS OS : Windows Vista
Points Points : 24783
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Defender Virus Type on Vista

Post by Dr Jay on 1st April 2010, 6:40 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum