Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infection on XP PC

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware infection on XP PC

Unread postby willpak » August 4th, 2011, 4:15 am

Hi Dakeyras

PC seems to be much the same as before. I tried running windows update, but the updates didnt install fully. "Windows Malicious Software Removal Tool" installed but "Update for Windows XP (KB2443685)" didnt.

I followed your instructions for repairing Avira, but I didnt see a repair function in add/remove programmes. I probably shouldnt have, but I removed Avira and reinstalled it. Sorry if that messes up any of your hard work, hopefully not. After the reinstall, Avira seems to be running fine. I disabled it before running ComboFix, report below.

ComboFix 11-08-02.02 - Owner 04/08/2011 8:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1063 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-03 20:55 . 2011-06-17 11:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-03 20:55 . 2011-06-17 11:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-03 20:55 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-03 20:55 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-03 20:55 . 2011-08-03 20:55 -------- d-----w- c:\program files\Avira
2011-08-03 20:55 . 2011-08-03 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-02 21:12 . 2008-04-13 23:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-08-02 21:12 . 2008-04-13 23:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-07-30 21:22 . 2011-07-30 21:22 -------- d-----w- C:\_OTL
2011-07-30 21:17 . 2011-07-30 21:17 -------- d-----w- c:\program files\ERUNT
2011-07-07 20:39 . 2011-07-07 20:39 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2011-05-19 16:54 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-05-19 16:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 09:23 . 2011-06-06 09:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2009-01-22 07:42 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-25 22:23 . 2011-05-10 07:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-02_21.36.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-03 20:55 . 2010-06-17 14:27 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2009-08-19 12:16 . 2010-06-17 15:27 28520 c:\windows\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-03 202256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-10-14 303104]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2010 12:53 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/08/2011 21:55 136360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19/05/2011 17:54 41272]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [18/02/2009 20:55 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [18/02/2009 20:56 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [18/02/2009 20:56 107304]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [19/06/2007 07:51 97704]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-746137067-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2011-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-746137067-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.facebook.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vrrmn6r.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53717
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://www.facebook.com
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-04 08:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-746137067-839522115-1003\Software\Zepter Software\RegLib*f039ec0d\AnyDVD/1]
"1"=dword:4450278b
"2"=dword:4475df29
.
Completion time: 2011-08-04 08:21:21
ComboFix-quarantined-files.txt 2011-08-04 07:21
ComboFix2.txt 2011-08-02 21:46
.
Pre-Run: 14,716,846,080 bytes free
Post-Run: 14,755,233,792 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 216820ACAE51BAA3FDA242055044E954

------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7373

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04/08/2011 08:41:30
mbam-log-2011-08-04 (08-41-30).txt

Scan type: Quick scan
Objects scanned: 149447
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
willpak
Active Member
 
Posts: 11
Joined: July 25th, 2011, 4:28 am
Advertisement
Register to Remove

Re: Malware infection on XP PC

Unread postby Dakeyras » August 4th, 2011, 5:20 am

Hi. :)

I tried running windows update, but the updates didnt install fully. "Windows Malicious Software Removal Tool" installed but "Update for Windows XP (KB2443685)" didnt.
OK leave Windows Update alone and we will address this last of all as I mentioned in my prior post.

I followed your instructions for repairing Avira, but I didnt see a repair function in add/remove programmes. I probably shouldnt have, but I removed Avira and reinstalled it. Sorry if that messes up any of your hard work, hopefully not. After the reinstall, Avira seems to be running fine
Not a problem, I would have advised a uninstallation at some point anyway...however the latest versions of Avira now use unethical advertising with the application so I would have advised a different Anti-Virus.

Your choice to keep it installed and or consider one of the below free-ware instead:-


Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click on Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.

Next...

  • Click on Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...Click on Scan Now
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Malware infection on XP PC

Unread postby willpak » August 5th, 2011, 4:23 pm

Hi Dakeyras

Cheers for the anti-virus links.

I ran the scans as you suggested. About half an hour into "CHKDSK C: /R" repair I got this pop up "the profile could not be found". There was an OK button in the pop up so I hit that and I went to bed. This morning the scan seemed to have completed, but with the same pop up "the profile could not be found". The Eset scan ran without fault, report below.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=649c87ad2b3f6145806df1da70711143
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 10:05:35
# local_time=2011-08-05 11:05:35 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 743 49064778 35288 0
# compatibility_mode=8192 67108863 100 0 31980744 31980744 0 0
# scanned=147583
# found=19
# cleaned=0
# scan_time=6926
C:\Documents and Settings\Owner\Application Data\58855E819EE2D8EBEEFAB5F066224EE4\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe Win32/RemoteAdmin.NetCat application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\FRITZ!Box\voip.exe a variant of Win32/TrojanDownloader.Banload.QGL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\My Documents\Downloads\cbaffregistrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\My Documents\Downloads\iPod_Support_v3_09.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\My Documents\Downloads\VideoConverter-3.2-Setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Winamp\Plugins\ml_ipod\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP341\A0051303.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP341\A0051304.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP341\A0051305.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP341\A0051306.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP341\A0051307.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP341\A0051308.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP343\A0053554.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP343\A0053555.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP343\A0053556.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP343\A0053557.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP343\A0053558.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5EF6FEC7-68DA-471F-BBF3-EF8B2C214EBF}\RP343\A0053559.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
willpak
Active Member
 
Posts: 11
Joined: July 25th, 2011, 4:28 am

Re: Malware infection on XP PC

Unread postby Dakeyras » August 6th, 2011, 2:49 pm

Hi. :)

Cheers for the anti-virus links.
You're welcome!

About half an hour into "CHKDSK C: /R" repair I got this pop up "the profile could not be found".
Do you still have Avira AntiVir installed?

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
FF - prefs.js..network.proxy.http_port: 53717

:Files
ipconfig /flushdns /c
C:\Documents and Settings\Owner\Application Data\58855E819EE2D8EBEEFAB5F066224EE4\enemies-names.txt
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6
C:\Documents and Settings\Owner\My Documents\Downloads\cbaffregistrybooster.exe 
C:\Documents and Settings\Owner\My Documents\Downloads\VideoConverter-3.2-Setup.exe 

:Commands
[EmptyTemp]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot, please post this in your next reply.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Repair Windows Update:

Please download this Fix It tool to your Desktop.

Run it in Default mode, if in the event Windows Update still has problems afterwards, re-run the tool in Aggressive mode.

New Adobe Reader Installation:

  • Go here and click on AdbeRdr1010_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • After the new Reader is installed, Open Adobe Reader X.
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Malware infection on XP PC

Unread postby willpak » August 6th, 2011, 7:37 pm

Hi Dakeyras

I do have Avira still installed. I will most likely install one of your Anti-virus suggestions, though.

I ran the OTL fix, report below.

I am still unable to install windows updates properly. Two files downloaded: "Windows Malicious Software Removal Tool - July 2011 (KB890830)" and "Update for Windows XP (KB2443685)" the first installed but the second failed. I ran Microsoft Fix-it in both modes with no success.

========== OTL ==========
Prefs.js: 53717 removed from network.proxy.http_port
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.txt deleted successfully.
C:\Documents and Settings\Owner\Application Data\58855E819EE2D8EBEEFAB5F066224EE4\enemies-names.txt moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\tools folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\settings folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\Teldat 630 folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\RouterControl folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\Modem folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\MicroLink ADSL Modem Router folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\FRITZ!Box folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\D-Link di 624 folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router\Arcor Wlan Router 100 folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\router folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\plugins folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\stealth.to\stealthcaptcha folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\stealth.to folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\rapidshare.com folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\netload.in folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\megaupload.com\Py folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\megaupload.com\Cap folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\megaupload.com folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\hotfile.com\antirecaptcha\tessdata folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\hotfile.com\antirecaptcha\ext folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\hotfile.com\antirecaptcha folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\hotfile.com folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\filer.net\ocr_by_spider_b\Vergleiche folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\filer.net\ocr_by_spider_b folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr\filer.net folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\ocr folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\log folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\lang folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\captchas\netload.in folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\captchas\megaupload.com folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\captchas\hotfile.com folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6\captchas folder moved successfully.
C:\Documents and Settings\Owner\Desktop\CryptLoad_1.1.6 folder moved successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\cbaffregistrybooster.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\VideoConverter-3.2-Setup.exe moved successfully.
========== COMMANDS ==========
Error: Unable to interpret <[EmptyTemp> in the current context!

OTL by OldTimer - Version 3.2.26.1 log created on 08062011_234739
willpak
Active Member
 
Posts: 11
Joined: July 25th, 2011, 4:28 am

Re: Malware infection on XP PC

Unread postby Dakeyras » August 7th, 2011, 9:37 am

Hi. :)

I do have Avira still installed. I will most likely install one of your Anti-virus suggestions, though.
OK this acording to my research accounts for the the profile could not be found error. So what you need to do is either uninstall and replace and or re-download the installer and run it again but use the modify/repair feature.

With regards to Windows Update I do not think there is actually any specific problem persay, just a issue with Update for Windows XP (KB2443685) <-- If you click on the link you can read for yourself this is not actually deemed a Critical Update. Now you could either try temp disabling your Anti-Virus and manually download/install the update and or follow the advice/anwser here and that should solve the problem.

For interests sake it appears you did not copy the custom OTL script in it entirety hence the error in the log...not a problem however as it only relates to removing temp files which you can address yourself via following the System Maintenance advice below.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Image

Clean up with OTL:

  • Double-click OTL to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, Avira AntiVir(or if you decide to change the others will also) automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Update to Internet Explorer v8:

IE7 has been superseded by IE8, I strongly advise you download and install the new browser from here. This will increase overall security whist browsing online.

Note: IE9 is not compatible with the XP Operating System.

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Malware infection on XP PC

Unread postby Wingman » August 8th, 2011, 6:47 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 126 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware