Getting off to a slow start

[geodonuts]

Here we go, the report. the log i tried uploading but got this message, Error You aren't permitted to upload this kind of file."

basically i ran the scan in safe mode, without having read the 'how to,' of course. i deleted a bunch of stuff that was 'low risk,' but then some of it wouldn't allow to be deleted, nor quarantined, so...whaddoido? maybe the scan wasn't in safe mode actually, i can't remember. there was one 'high risk' file that my friend deleted without noting it, maybe it's on the report.

it's hard to type on my very slow inhibited computer, sorry for my austerity.

thank you all for your help happy halloween!

[Lynx]

Hi geodonuts, and welcome to the forum

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

P.S.

...basically i ran the scan in safe mode...

Please do not run anything in Safe Mode unless instructed by malware fighter and provide all required log files

[geodonuts]

bobcat dude, maybe you should read what i wrote: i can't post any log files, because i am getting an error message when i try to upload the file a-squared.db3 from the log folder in the a-squared folder of c:/program files. are there log files saved to another folder? the report is the only thing the program even says when it runs ('report saved,' etc.). the program was run when the computer was booted into 'debugging mode' now that i remember it, and not safe mode.

here is the win32diag report.

thanks man

[Lynx]

...bobcat dude, maybe you should read what i wrote:

First, please refrain yourself from using informal language... and I did read what you wrote.

... i can't post any log files, because i am getting an error message when i try to upload the file a-squared.db3

You should not upload this file. This is special internal file in SQLite format. It's not needed unless you are asked to attach it.

...here is the win32diag report.

Why did you run Win32Diag?

Does the a-squared report meet the conditions described in the instruction, which is stating when you have to run the said Utility?

If you are experiencing difficulties with downloading/running/producing log files of ISeeYouXP and HiJackFree please describe that.

What messages are you getting when running these Tools?

If you cannot run them, wait for the advice from malware fighter.

Otherwise attach all required log files

Please update a-squared and attach fresh Deep Scan report. There were many updates since you posted. In addition, in your previous report

Last update: N/A
Scan type: Smart Scan

which means that you most likely did not update that time after install ("N/A") and that was Smart Scan

My regards

[geodonuts]

i ran aquared after updating it and not much was different, here is what is is saying after it runs the scan and then click to quarnatine them objects: 'cannot delete xxxx' etc. error message style.

here is the log from the iseeyouxp

thx

[Lynx]

1) You did not attach HiJackFree log file;

2) The Deep Scan Report by a-squared is required.

You provided the the result of the Smart Scan (see my reply from Nov., 3 regarding this);

3) You hit delete despite the instruction clearly stating do not quarantine/delete;

4) In your case there were just cookies only and those are harmless and never representing threats. Therefore it is always recommended to clean temporary file locations and cookies before scanning.

See the recommendation in the instruction about running CCleaner before scanning. Basically all cookies should be gone before the scan.

Keep in mind if you will not follow the instruction and will blindly quarantine/delete anything that is flagged you may face big troubles. That applies to any security Software you are using. That is stressed in the instruction.

5) Please update a-squared; run Deep Scan and attach the report

plus, as in #1, attach HiJackFree log file

My regards

[geodonuts]

when you say "log file" do you mean "report?" because i can't find any log files from running asquared.

anyways, deep scan done, please help, thx

[ShadowPuterDude]

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

Link 3

* IMPORTANT !!! Save Combo-Fix to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach fresh logs for:

• ComboFix (C:\combofix.txt)
  
• a-squared Free/Anti-Malware
  
• ISeeYouXP
  
• HiJackFree

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[geodonuts]

not sure what are the log files so i posted all suspected ones. computer is running just as bad. housemate interfered with the scan and deleted a bunch of stuff despite the note i left, not exactly sure what it was, but these scans were all recent, after combofix was run.

thx

[ShadowPuterDude]

The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u17 available from Sun Microsystems.

-----------------------------------------------------------

Using Add or Remove Programs in the Control Panel; uninstall the following:

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 4

Java 6 Update 7

-----------------------------------------------------------

You are using MsConfig to prevent several items from loading at Windows start. MsConfig is a diagnostic tool, and not intended to be used in the manner you are using MsConfig. Enable everthing you used MsConfig to disable. If you are recieving error messages, related to these items, at system start; we can fix this without using MsConfig.

-----------------------------------------------------------

Download -->> OTL <<-- to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    
  • Attach both logs with your next reply.

[geodonuts]

COOL sounds like we're getting somewhere.

still runs really badly tho.

thanks

[ShadowPuterDude]

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O1 - Hosts: 208.43.47.212  a1.review.zdnet.com
  O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
  O1 - Hosts: 208.43.47.212  d1.reviews.cnet.com
  O1 - Hosts: 208.43.47.212  review.2009softwarereviews.com
  O1 - Hosts: 208.43.47.212  reviews.download.com
  O1 - Hosts: 208.43.47.212  reviews.pcadvisor.co.uk
  O1 - Hosts: 208.43.47.212  reviews.pcmag.com
  O1 - Hosts: 208.43.47.212  reviews.pcpro.co.uk
  O1 - Hosts: 208.43.47.212  reviews.techradar.com
  O1 - Hosts: 208.43.47.212  toptenreviews.com
  O1 - Hosts: 208.43.47.212  www.reevoo.com
  
  :Files
  C:\WINDOWS\*.tmp
  C:\WINDOWS\System32\*.tmp
  
  :Commands
  [purity]
  [emptytemp]
  [resethosts]
  [start explorer]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[geodonuts]

no OTL logs th5s t50e! i can't ty*e anyth5ng! *3ease he3*

[ShadowPuterDude]

no OTL logs th5s t50e! i can't ty*e anyth5ng! *3ease he3*

Use English. No form of leet speak, Haxor and any other form of gibberish. This is a technical support forum, not an IM chat.

[geodonuts]

my keyboard was not working!!!! funny tho that it works now. it still takes 20 times as long to type. there was no otl log. please advise.

[ShadowPuterDude]

OK, just go ahead and run OTL and attach the resulting log.

[geodonuts]

thx

[ShadowPuterDude]

The OTL log looks fine. How are things running?

[geodonuts]

just as bad as ever. typing takes a million years for the screen to catch up with the keys. the copmuter just runs like crap, real slow. firefox freezes a lot.

i ran asquared again. i quarantined the trojan file but that hasn't helped. i guess some windows files are damaged? for some reason there is no report, maybe i didn't save it or something, but there is the 'report' of the quarantine, which i cannot upload. it is the file c:\system volume information\_restore{B2EA3A96-529E-4F28-B8D7-91F00C1127D0}\RP521\A0117431.exe

thanks for your help

[ShadowPuterDude]

... for some reason there is no report, maybe i didn't save it or something, but there is the 'report' of the quarantine, which i cannot upload. it is the file c:\system volume information\_restore{B2EA3A96-529E-4F28-B8D7-91F00C1127D0}\RP521\A0117431.exe

thanks for your help

Antivirus Tools Cannot Clean Infected Files in the System Restore Folder.

The System Restore feature in Windows protects all folders and files in the System Restore folder on the Windows partition. This folder and all of its subfolders are the data store that the System Restore feature uses to restore your computer's operating system to a previous state from a previous point in time.

Although some antivirus programs may have the ability to work with files that have been compressed or stored in .zip or .cab file format, the System Restore feature does not permit these utilities to manipulate these files within the data store. The data store is protected for data integrity purposes, and the System Restore feature is the only method you can use to obtain access to the data store. Because of this, the antivirus program is unable to remove the virus from the file or files in the data store. The files in the data store are inactive and can be used only by the System Restore feature.

-----------------------------------------------------------

A reinstall of the Operating System may be required.

[geodonuts]

okay...

i scanned using AVAST4.8 and found the same file along with something, gsl.dll, in a profile folder of firefox. not sure what it is or if it's removable, but who cares if it is secondary to this i guess.

would you say that my only option is to reformat the HD, and if so could you please direct me to a good set of instructions on doing it the right way? i do not want to back up my files and unwittingly backup some malware to reinfect my machine.

thanks a lot for helping out.

[ShadowPuterDude]

gsl.dll is not malware.

Reformatting the HDD and performing a "Clean Install" of the Operating System is the best way to proceed.