Should I system restore to retrieve the full virus for the OTL scan?

View previous topic View next topic Go down

Should I system restore to retrieve the full virus for the OTL scan?

Post by gmaturinot on Mon 16 May 2011, 12:51 am

I'm unsure on what to do, my issue is I received the virus then I system restored to a previous point and the virus pop ups stopped but my files and certain programs are blocked, so would it be better to system restore to the full virus point of time of virus affection and will the OTL help with my effected external hard drives too? Sorry if I posted this in the wrong place.

gmaturinot

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-05-15
Operating System : windows 7 basic

View user profile

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by DragonMaster Jay on Mon 16 May 2011, 8:43 am

Don't restore yet.

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by gmaturinot on Tue 17 May 2011, 10:52 am

Wow, I can see a lot of files that I thought were stolen I'm very impressed thank you so much. Here's the data copy from the combo fix report log.

ComboFix 11-05-16.01 - Trinidad 05/16/2011 14:24:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1919 [GMT -7:00]
Running from: c:\users\Trinidad\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Trinidad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
K:\Autorun.inf
L:\Autorun.inf
L:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-16 21:29 . 2011-05-16 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-16 21:22 . 2011-05-16 21:23 -------- d-----w- C:\32788R22FWJFW
2011-05-16 21:18 . 2011-04-18 16:15 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{821AF4EA-B605-46A1-96A9-784C72C3D16A}\mpengine.dll
2011-05-15 14:10 . 2011-05-15 14:10 -------- d-----w- C:\perflogs
2011-05-15 11:18 . 2011-05-15 11:19 -------- dc----w- c:\users\Trinidad\AppData\Local\MigWiz
2011-05-15 10:49 . 2011-05-15 10:49 -------- d-----w- c:\users\Trinidad\AppData\Roaming\Leadertech
2011-05-14 22:55 . 2011-05-14 22:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-14 22:54 . 2011-05-14 22:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-14 22:54 . 2011-05-14 22:54 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-14 22:54 . 2011-05-14 22:54 -------- d-----w- c:\program files (x86)\Java
2011-05-14 10:17 . 2011-05-14 10:18 -------- d--h--w- c:\users\Trinidad\AppData\Roaming\DriverCure
2011-05-14 10:17 . 2011-05-14 11:30 -------- d--h--w- c:\programdata\DriverCure
2011-05-14 10:17 . 2011-05-14 10:17 -------- d--h--w- c:\programdata\ParetoLogic
2011-05-14 10:17 . 2011-05-14 10:17 -------- d-----w- c:\program files (x86)\ParetoLogic
2011-05-14 10:17 . 2011-05-14 10:17 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2011-05-13 04:44 . 2011-05-13 05:19 -------- d-----w- C:\82e692bcd6b407535766f8
2011-05-13 04:25 . 2011-05-13 04:25 -------- d--h--w- c:\programdata\ATI
2011-05-13 04:25 . 2011-05-13 04:25 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-24 10:54 . 2011-04-24 10:54 -------- d-----w- c:\program files\iPod
2011-04-24 10:54 . 2011-04-24 10:54 -------- d-----w- c:\program files\iTunes
2011-04-24 10:54 . 2011-04-24 10:54 -------- d-----w- c:\program files (x86)\iTunes
2011-04-24 10:53 . 2011-04-24 10:53 -------- d-----w- c:\program files\Bonjour
2011-04-24 10:53 . 2011-04-24 10:53 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-12 04:25 . 2011-02-07 22:36 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-12 04:24 . 2011-02-07 22:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-12 03:24 . 2011-04-13 07:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-11 10:14 . 2011-02-07 23:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-13 07:36 . 2011-04-13 07:36 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-05 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-11-28 1701224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AtiDCM;AtiDCM;c:\users\Trinidad\AppData\Local\Temp\atidcmxx.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Trinidad\AppData\Roaming\Mozilla\Firefox\Profiles\nqwyoxme.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-16 14:31:36
ComboFix-quarantined-files.txt 2011-05-16 21:31
.
Pre-Run: 1,482,976,247,808 bytes free
Post-Run: 1,483,173,765,120 bytes free
.
- - End Of File - - 97020F545FAB06385BC6604C5FD8CA8F

gmaturinot

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-05-15
Operating System : windows 7 basic

View user profile

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by DragonMaster Jay on Tue 17 May 2011, 3:57 pm

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by gmaturinot on Wed 18 May 2011, 9:40 am

Here this is and thank you so much, hope all is going well for you today.


aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-17 15:25:28
-----------------------------
15:25:28.354 OS Version: Windows x64 6.1.7600
15:25:28.355 Number of processors: 4 586 0xF0B
15:25:28.355 ComputerName: TRINIDAD-PC UserName: Trinidad
15:25:31.077 Initialize success
15:29:34.487 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
15:29:34.487 Disk 0 Vendor: Intel___ 1.0. Size: 1907734MB BusType: 8
15:29:34.487 Disk 0 MBR read successfully
15:29:34.487 Disk 0 MBR scan
15:29:34.487 Disk 0 Windows 7 default MBR code
15:29:34.487 Service scanning
15:29:35.376 Disk 0 trace - called modules:
15:29:35.376 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
15:29:35.392 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80040b6060]
15:29:35.392 3 CLASSPNP.SYS[fffff880013c343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8003a6d050]
15:29:35.392 Scan finished successfully
15:31:59.895 Disk 0 MBR has been saved successfully to "C:\Users\Trinidad\Desktop\MBR.dat"
15:31:59.895 The log file has been saved successfully to "C:\Users\Trinidad\Desktop\aswMBR.txt"



gmaturinot

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-05-15
Operating System : windows 7 basic

View user profile

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by DragonMaster Jay on Wed 18 May 2011, 2:33 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by gmaturinot on Fri 20 May 2011, 11:49 am

Hello there, today I tried ESET Online Scan and did everything per your and the sites instructions ,two essential actions I could not do was save to a certain location and copy or find the log report. When I try to find it on my computer it says no match and I'm not sure how to use the Internet Explorer to find the log.

By the way I appreciate the time you've given so far and I'm doing a lot better now than before you helped me so help me at your convenience, don't let me become to much of a burden. Weekend coming up and I hope your going to have a good one, thanks.

gmaturinot

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-05-15
Operating System : windows 7 basic

View user profile

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by DragonMaster Jay on Fri 20 May 2011, 10:25 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by gmaturinot on Tue 24 May 2011, 12:07 pm

Well the most important things that I needed back I got and I couldn't thank you guys enough so I now reinstalled my window 7 basic to eliminate all the small stuff that could be replaced. You guys are real life savers. I am now using your anti mal-ware bytes program and I am getting another computer for everyone else to use in another room. Can you recommend anything else for me to keep me safer from future issues.

P.S.
Hope life is treating you well.

gmaturinot

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-05-15
Operating System : windows 7 basic

View user profile

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by DragonMaster Jay on Tue 24 May 2011, 7:45 pm

Right on...If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by gmaturinot on Wed 01 Jun 2011, 4:19 am

Hi there I've been away for a while because when I redid my windows 7 I did something wrong where the hard drive image was red in color, that the OS went into and then within minutes of using my computer I started getting a mess. that said not enough memory space or something, well I took this computer to my brother to redo my system for me, so I got it back and now this is a raid 0 system with two 320 GB's instead of the two TB's and the Windows is a Vista Ultimate that he had been looking for me for my editing & 3 GB's of ram more.
Well I still did all that you said to do per the instructions above, because the external hard drives that might be infected I am still using. I guess all seems well but before I started to perform the instructions I checked my external hard drives and found that I can't see the contents like their invisible but the folders properties of the folders say a high volume of the contents are still there like 30 GB's depending on which folder I click on, do you know how I can fix this? I didn't checked the contents of the folders since you & I fixed my computer I just saw that I retrieved the folders back into my hard drives and presumed.

As always thanks for your precious time.

P.S. Here's the Security Check Notes
Results of screen317's Security Check version 0.99.12
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````


gmaturinot

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-05-15
Operating System : windows 7 basic

View user profile

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by DragonMaster Jay on Wed 01 Jun 2011, 12:35 pm

I would recommend to get your Windows Updates done first, and get an antivirus.

I would recommend to purchase an antivirus program for best protection. Would you like to know a list of those?

Otherwise, here is a list of free antivirus programs...

I recommend a few different antivirus programs, which work very well and are free, so it is your choice.

avast!

Download link: avast.com/free-antivirus-download


Screenshot provided by Softpedia!




Avira AntiVir Personal Edition

Download link: free-av.com


Screenshot provided by Softpedia!




Microsoft Security Essentials

Download link: Microsoft.com/Security_Essentials


Screenshot provided by Addictive Tips!




Rising Antivirus

Download link: freerav.com


Screenshot provided by Softpedia!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by gmaturinot on Thu 02 Jun 2011, 8:08 am

Hello Dragon Master Jay thank you for these Free Virus programs advise but I'm really interested in knowing what you would get yourself, if you don't mind letting me know.

Dragon Master Jay I couldn't thank you enough for the time you take out of your personal life that has made mine a bit easier to breath in, and though there is only so much I can do in return trust that I do my extreme best to pay it forward to the world around me too.

I personally understand it takes a unique ability for a person to carry the weight of such warmth and kindness in a sort of highly unappreciated society so I do wish you the most flourishing accomplishments in your daily endeavors.

Sorry this seems as a over the top tribute explanation of yourself driven efforts but it is a factual reality and ok to let one feel the honor of such positive integrity. OK, no I won't write like this all the time in case you're wondering, I just understand, lol.

gmaturinot

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-05-15
Operating System : windows 7 basic

View user profile

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by DragonMaster Jay on Thu 02 Jun 2011, 7:43 pm

That's very wonderful to hear. I'm most dedicated, at my young age, as an expert in the field of Windows Security. However, if it weren't for those that I work with, I couldn't do this. Our entire staffing team on the four websites we help operate are highly maintained on the latest knowledge of security threats, and we refuse to make anyone pay for it.

For the antivirus program I most recommend is Kaspersky Antivirus. It yields the highest results in antivirus testing groups, and is one of the most trusted. It's antivirus product is well worth its cost. If you would like to know more, please click on the Kaspersky logo in my signature and it will take you to the appropriate product choice page so you can understand all of the different products.

While I would rather see you interested in Kaspersky Internet Security, the antivirus program will suffice enough. Both programs are well maintained and well above average for any security program. We're truly lucky Kaspersky exists as one of the best, because it beats most other products by miles. :o)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by DragonMaster Jay on Mon 27 Jun 2011, 7:15 am

THIS THREAD HAS EXPIRED.
Are you having the same problem? Instead of using the advice given in this topic, it is recommended to get more personal help, instead. We have volunteers ready to answer your question, but first you'll have to [You must be registered and logged in to see this link.]. Check out our [You must be registered and logged in to see this link.] for help getting you started!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Should I system restore to retrieve the full virus for the OTL scan?

Post by Sponsored content Today at 12:55 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum