Jump to content

i need help


kamry2009
 Share

Recommended Posts

If you had completely reinstalled Windows XP, which is what I had advised you to do. I would not be seeing in the OTL log your original profile and that OTL has been ran for the 10th time on that profile.

A "Clean Install" is just that a clean installation of Windows, just like the day you first turned on the computer. A "Repair Install" installs Windows in a new Windows folder and creates and new profile. A repair install also leaves the old copy of Windows and any profiles intact, but inactive when the new installation of Windows is loaded.

Link to comment
Share on other sites

ok now i understand what you ment

by this: I would not be seeing in the OTL log your original profile and that OTL has been ran for the 10th time on that profile.

ihave run otl after i repaierd windows >>>> if you If you remember armor+anti mlware

was not workinng probellay >>>know this problem solved

do you see any problem in run scanner logs+otl logs?

I appreciate your advice Mr. Kevin regarding the installation of a new version ..And I'd want to do that, but ..I have many files on my computer, and I can not transfer my files to another device because I do not have an external Hard Disk>>so i did repaier

Link to comment
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

  • Download the latest version of JRE 7 Update 7.
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • Click on the download link for your system and save it to your desktop.
    Windows x86 Offline (jre-7u7-windows-i586.exe)
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java(TM) 6 Update 35
Adobe Reader X (10.1.1) - Arabic

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

  • Save it to your desktop, extract the contents, then double click the runscanner icon this will run the program.
  • You will notice several entries in red and in blue.
  • Click the button at the top called Item Fixer
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - C:\Documents and Settings\llllllllllllllllllll\Local Settings\temp\Rar$EXa0.581\IDM Crack.exe (Efhamcomputer.com)
    SRV - (XAudioService) -- File not found
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (Browser Defender Update Service) -- File not found
    DRV - (XAudio) -- system32\DRIVERS\xaudio.sys File not found
    DRV - (winachsf) -- system32\DRIVERS\HSX_CNXT.sys File not found
    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (mdmxsdk) -- system32\DRIVERS\mdmxsdk.sys File not found
    DRV - (mbr) -- C:\DOCUME~1\LLLLLL~1\LOCALS~1\Temp\mbr.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (HSXHWAZL) -- system32\DRIVERS\HSXHWAZL.sys File not found
    DRV - (HSF_DPV) -- system32\DRIVERS\HSX_DPV.sys File not found
    DRV - (esihdrv) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- File not found
    DRV - (aswMBR) -- C:\DOCUME~1\LLLLLL~1\LOCALS~1\Temp\aswMBR.sys File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O18 - Protocol\Handler\ms-itss - No CLSID value found
    O32 - AutoRun File - [2012/09/11 19:05:16 | 000,000,000 | R-SD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2012/09/11 19:05:16 | 000,000,000 | R-SD | M] - D:\autorun.inf -- [ NTFS ]
    [2012/09/11 19:05:16 | 000,000,000 | R-SD | C] -- C:\autorun.inf
    [2012/09/10 01:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{D36303DF-0AF1-460C-9A26-C4D3BAE007EE}
    [2012/09/07 07:53:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
    [2012/09/07 07:53:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
    [2012/09/07 07:24:36 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
    [2012/09/07 07:24:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
    [2012/08/29 12:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [49 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2012/09/26 15:42:16 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
    [2012/09/24 01:55:15 | 000,007,680 | ---- | M] () -- C:\WINDOWS\46684390.exe
    [2012/09/24 01:55:15 | 000,000,304 | ---- | M] () -- C:\WINDOWS\46684390.dat
    [2012/08/28 03:37:22 | 003,072,054 | ---- | M] () -- C:\700.bmp
    [2012/08/28 03:35:13 | 003,072,054 | ---- | M] () -- C:\600.bmp
    [2012/09/09 18:01:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\llllllllllllllllllll\My Documents\exe
    [2012/08/29 14:59:20 | 000,094,854 | ---- | C] () -- C:\WINDOWS\System32\HKCU_GNU.reg
    [2012/08/29 14:59:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
    [2012/08/29 14:59:20 | 000,002,004 | ---- | C] () -- C:\WINDOWS\System32\HKLM_GNU.reg
    [2012/08/29 14:59:19 | 000,014,909 | ---- | C] () -- C:\WINDOWS\System32\A_reg.reg
    [2012/08/29 12:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/09/13 02:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D36303DF-0AF1-460C-9A26-C4D3BAE007EE}
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\llllllllllllllllllll\My Documents\runscanner.run:SummaryInformation
    @Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:905844AA
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAD001CC
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [ResetHosts]
    [Reboot]

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

do you recommend this toll NTREGOPT

NT Registry Optimizer?

anvi smart defender scan:DB Version: 1.04.0011

Type:68687 Name:PSW.OnLineGames Path:C:\WINDOWS\Packet.dll

Type:69374 Name:PSW.OnLineGames Path:C:\WINDOWS\wpcap.dll

is that real threats?

do i need to use compofix if i use compo fix do i lose my restor point or not?

if you dont need this tool how can i remove this toll from my computer ?

i want to konw about these files :UIExec+ssax226

these files used by wimax conection but when i closed these files sory not files but .exe

anyway> my conection work without any problem i just want to know if these >exe

spy on me !

aso i want to know about

WinPatrol Plus ?

if i need to use it or not؟

How do I know if this process is injected svchost?

How do I avoid attacks Meta Spolit attack!

Link to comment
Share on other sites

do you recommend this toll NTREGOPT

NT Registry Optimizer?

You don't need to worry about otimizing the registry that's the least of your porblems.
anvi smart defender scan:DB Version: 1.04.0011

Type:68687 Name:PSW.OnLineGames Path:C:\WINDOWS\Packet.dll

Type:69374 Name:PSW.OnLineGames Path:C:\WINDOWS\wpcap.dll

is that real threats?

I don't even know what Anvi Smart Defender is or does.
do i need to use compofix if i use compo fix do i lose my restor point or not?

if you dont need this tool how can i remove this toll from my computer ?

Don't remove any tools until I tell you that they are no longer needed.
i want to konw about these files :UIExec+ssax226

these files used by wimax conection but when i closed these files sory not files but .exe

anyway> my conection work without any problem i just want to know if these >exe

spy on me !

The required by WinMax, and you shouldn't worry about them.
aso i want to know about

WinPatrol Plus ?

if i need to use it or not؟

WinPatrol is an excellent system monitor. However, you can quickly remeder your system inoperable using it, if you don't know exactly what you are doing.
How do I know if this process is injected svchost?
THere are all sorts of applications that inject themselves into svchost, some are mosta re legitimate, some are not.
How do I avoid attacks Meta Spolit attack!
By practicing safe computing habits.

You don't need any of these programs, and frankly some of them are do right dangerous to use.

AntiCrash 3.6.1
Auslogics BoostSpeed
Panda Cloud Cleaner
SUPERAntiSpyware
Anvi Smart Defender 1.6
BullGuard
Comodo Dragon
HitmanPro 3.6
Kingsoft Antivirus 2012
Mz RAM Booster
WinASO EasyTweak 3.0.3
WinASO Registry Optimizer 4.7.7

Unistall all the programs listed above.

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
    O32 - AutoRun File - [2012/09/11 19:05:16 | 000,000,000 | R-SD | M] - D:\autorun.inf -- [ NTFS ]
    [2012/09/16 23:03:22 | 000,000,000 | ---D | C] -- C:\New Folder (2)
    [2012/09/16 22:54:48 | 000,000,000 | ---D | C] -- C:\New Folder
    [2012/09/10 05:00:05 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
    [2012/09/10 05:00:05 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
    [2012/09/10 05:00:05 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
    [2012/09/10 05:00:05 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
    [2012/09/10 05:00:05 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
    [2012/09/10 05:00:05 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
    [2012/09/10 05:00:05 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
    [2012/09/07 21:03:55 | 000,000,000 | ---D | C] -- C:\New Folder (4)
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [ResetHosts]
    [Reboot]

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

but MR KEVIN

Panda Cloud Cleaner

SUPERAntiSpyware

Anvi Smart Defender 1.6

Comodo Dragon

HitmanPro 3.6

Kingsoft Antivirus 2012

why these program not important?

super anti spy ware the best program that discover bad cookies

kingsoft +panda

best cloud program

i just use king soft as real time protection its light program

hitman also great program it just scan on demand

so why the are not important?

Link to comment
Share on other sites

if i use super anti spy ware+king soft+hitman pro

if i use them as scan on demand

consume RAM and processor?

All modern protection applications ubstall services that runs at startup. So they consume resources. regradless if they are providing 'Real Time' protection are not.

how can i disable them? by msconfig? i want to stop these programs services

and use them just on demand

Msconfig is a diagnotic tool, not a startup manager.

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

DO not provide me with logs I did not ask you to provide.

You are not running OTL from the Desktop, as specified in the instructions (START HERE, if you don't we are just going to send you back to this thread)

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

ok :)

this is my pictures i need them

i will transfer them to other folder its not important dont care about them just ignore them

if there any think you want just tell me

also i want to ask you about Windows Script Host Settings File Someone advised me to delete it because it is considered vulnerability

Link to comment
Share on other sites

Whoever told you to disable Windows Script Host, gave you bad advice.

There is no compelling reason to change the default settings in the View tab of Folder Options.

Download Windows Repair by Tweaking.com to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Repair Windows Firewall
    • Repair Internet Explorer
    • Remove Policies Set By Infections
    • Repair Winsock & DNS Cache
    • Repair Proxy Settings
    • Repair Windows Updates
    • Repair Volume Shadow Copy Service
    • Set Windows Services To Default Startup

    Note: Leave everything else unchecked

    [*]Put a checkmark in Restart System When Finished

    [*]Now click the Start button (bottom right)

Link to comment
Share on other sites

Change Firefox Download File Location

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

  • Save it to your desktop, extract the contents, then double click the runscanner icon this will run the program.
  • You will notice several entries in red and in blue.
  • Click the button at the top called Item Fixer
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    DRV - (esihdrv) -- C:\DOCUME~1\LLLLLL~1\LOCALS~1\Temp\esihdrv.sys File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
    O32 - AutoRun File - [2012/09/11 19:05:16 | 000,000,000 | R-SD | M] - D:\autorun.inf -- [ NTFS ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2012/10/03 18:44:53 | 000,302,592 | ---- | M] () -- C:\xo3u572e.exe
    (C:\Documents and Settings\All Users\Start Menu\Programs\????? ?????? - ????? ??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\برامج العريس - سلسلة اللغات
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTLO32 - AutoRun File - [2012/09/11 19:05:16 | 000,000,000 | R-SD | M] - D:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (MACHINE BootExecut)
    [2012/09/07 07:53:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2012/10/04 23:41:53 | 030,603,490 | ---- | M] () -- C:\Homemade Kuwaiti sex -.flv
    [2012/10/04 21:04:39 | 000,249,563 | ---- | M] () -- C:\.zip
    [2012/10/04 22:35:44 | 006,163,248 | ---- | M] ()(C:\????????...????? ???? ?????? ?? ?????? ??????? ?????.flv) -- C:\بالفيديو...هيفاء وهبي مستاءة من مغادرة الجمهور حفلها.flv
    [2012/10/04 22:35:43 | 006,163,248 | ---- | C] ()(C:\????????...????? ???? ?????? ?? ?????? ??????? ?????.flv) -- C:\بالفيديو...هيفاء وهبي مستاءة من مغادرة الجمهور حفلها.flv
    [2012/10/04 21:49:12 | 011,766,284 | ---- | M] ()(C:\???? ???? ?????? ?? ?????? - YouTube.FLV) -- C:\‫كيف تحمل المرأه من الرجل‬ - YouTube.FLV
    [2012/10/04 21:49:09 | 011,766,284 | ---- | C] ()(C:\???? ???? ?????? ?? ?????? - YouTube.FLV) -- C:\‫كيف تحمل المرأه من الرجل‬ - YouTube.FLV
    [2012/10/04 21:46:29 | 003,052,225 | ---- | M] ()(C:\?????? ????? G - spot ?? ????__ ????? ??? ?? 18??? __? - YouTube.FLV) -- C:\‫منطقة ونقطة G - spot جي سبوت__ ممنوع اقل من 18سنة __‬ - YouTube.FLV
    [2012/10/04 21:46:28 | 003,052,225 | ---- | C] ()(C:\?????? ????? G - spot ?? ????__ ????? ??? ?? 18??? __? - YouTube.FLV) -- C:\‫منطقة ونقطة G - spot جي سبوت__ ممنوع اقل من 18سنة __‬ - YouTube.FLV
    (C:\Documents and Settings\All Users\Start Menu\Programs\????? ?????? - ????? ??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\برامج العريس - سلسلة اللغات
    @Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [ResetHosts]
    [Reboot]

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

blue screen comes from time to time

Dump File : Mini092412-01.dmp

Crash Time : 9/24/2012 13:36:57

Bug Check String : IRQL_NOT_LESS_OR_EQUAL

Bug Check Code : 0x0000000a

Parameter 1 : 0x000061a8

Parameter 2 : 0x00000002

Parameter 3 : 0x00000001

Parameter 4 : 0x80724a2a

Caused By Driver : hal.dll

Caused By Address : hal.dll+2a2a

File Description : Hardware Abstraction Layer DLL

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 5.1.2600.5512 (xpsp.080413-2111)

Processor : 32-bit

Crash Address : TUKERNEL.EXE+9abe

Stack Address 1 : hal.dll+2a2a

Stack Address 2 : TUKERNEL.EXE+1bc6f

Stack Address 3 : ్ﵯ㙌+4942

Computer Name :

Full Path : C:\WINDOWS\Minidump\Mini092412-01.dmp

Processors Count : 2

Major Version : 15

Minor Version : 2600

Dump File Size : 65,536

==================================================

==================================================

Dump File : Mini092312-02.dmp

Crash Time : 9/23/2012 12:57:41

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xe0000001

Parameter 2 : 0xf77e7925

Parameter 3 : 0xa10ba45c

Parameter 4 : 0x00000000

Caused By Driver :

Caused By Address :

File Description :

Product Name :

Company :

File Version :

Processor : 32-bit

Crash Address :

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\WINDOWS\Minidump\Mini092312-02.dmp

Processors Count : 2

Major Version : 15

Minor Version : 2600

Dump File Size : 65,536

==================================================

==================================================

Dump File : Mini092312-01.dmp

Crash Time : 9/23/2012 11:16:40

Bug Check String : IRQL_NOT_LESS_OR_EQUAL

Bug Check Code : 0x0000000a

Parameter 1 : 0x00000004

Parameter 2 : 0x0000001c

Parameter 3 : 0x00000000

Parameter 4 : 0x804d9cb5

Caused By Driver :

Caused By Address :

File Description :

Product Name :

Company :

File Version :

Processor : 32-bit

Crash Address :

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\WINDOWS\Minidump\Mini092312-01.dmp

Processors Count : 2

Major Version : 15

Minor Version : 2600

Dump File Size : 65,536

==================================================

Link to comment
Share on other sites

i dont have tune up know

put i think there is left over files

who can i find the left over files by?

(tuneup)

also>>

ll processes killed

Error: Unable to interpret <:OTLO32 - AutoRun File - [2012/09/11 19:05:16 | 000,000,000 | R-SD | M] - D:\autorun.inf -- [ NTFS ]> in the current context!

Error: Unable to interpret <O34 - HKLM BootExecute: (MACHINE BootExecut)> in the current context!

Error: Unable to interpret <[2012/09/07 07:53:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL> in the current context!

Error: Unable to interpret <[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!

Error: Unable to interpret <[2012/10/04 23:41:53 | 030,603,490 | ---- | M] () -- C:\Homemade Kuwaiti sex -.flv> in the current context!

Error: Unable to interpret <[2012/10/04 21:04:39 | 000,249,563 | ---- | M] () -- C:\.zip> in the current context!

Error: Unable to interpret <[2012/10/04 22:35:44 | 006,163,248 | ---- | M] ()(C:\????????...????? ???? ?????? ?? ?????? ??????? ?????.flv) -- C:\بالفيديو...هيفاء وهبي مستاءة من مغادرة الجمهور حفلها.flv> in the current context!

Error: Unable to interpret <[2012/10/04 22:35:43 | 006,163,248 | ---- | C] ()(C:\????????...????? ???? ?????? ?? ?????? ??????? ?????.flv) -- C:\بالفيديو...هيفاء وهبي مستاءة من مغادرة الجمهور حفلها.flv> in the current context!

Error: Unable to interpret <[2012/10/04 21:49:12 | 011,766,284 | ---- | M] ()(C:\???? ???? ?????? ?? ?????? - YouTube.FLV) -- C:\‫كيف تحمل المرأه من الرجل‬ - YouTube.FLV> in the current context!

Error: Unable to interpret <[2012/10/04 21:49:09 | 011,766,284 | ---- | C] ()(C:\???? ???? ?????? ?? ?????? - YouTube.FLV) -- C:\‫كيف تحمل المرأه من الرجل‬ - YouTube.FLV> in the current context!

Error: Unable to interpret <[2012/10/04 21:46:29 | 003,052,225 | ---- | M] ()(C:\?????? ????? G - spot ?? ????__ ????? ??? ?? 18??? __? - YouTube.FLV) -- C:\‫منطقة ونقطة G - spot جي سبوت__ ممنوع اقل من 18سنة __‬ - YouTube.FLV> in the current context!

Error: Unable to interpret <[2012/10/04 21:46:28 | 003,052,225 | ---- | C] ()(C:\?????? ????? G - spot ?? ????__ ????? ??? ?? 18??? __? - YouTube.FLV) -- C:\‫منطقة ونقطة G - spot جي سبوت__ ممنوع اقل من 18سنة __‬ - YouTube.FLV> in the current context!

Error: Unable to interpret <(C:\Documents and Settings\All Users\Start Menu\Programs\????? ?????? - ????? ??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\برامج العريس - سلسلة اللغات> in the current context!

Error: Unable to interpret <@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B> in the current context!

Link to comment
Share on other sites

emsisoft anti mlware cant remove these files

0 Value: hkey_users\s-1-5-21-1409082233-2077806209-725345543-1004\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\access password recovery genie -> Order Trace.Registry.Access Password Recovery Genie 3.0 (A)

1 Key: hkey_users\s-1-5-21-1409082233-2077806209-725345543-1004\software\toolbar Trace.Registry.WebSearchToolbar (A)

i remove them

put when i make new scan i found the same files i try to quarantine them but also its not work

Link to comment
Share on other sites

Use this fix for OTL:

:OTL
O32 - AutoRun File - [2012/09/11 19:05:16 | 000,000,000 | R-SD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (MACHINE BootExecut)
[2012/09/07 07:53:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2012/10/04 23:41:53 | 030,603,490 | ---- | M] () -- C:\Homemade Kuwaiti sex -.flv
[2012/10/04 21:04:39 | 000,249,563 | ---- | M] () -- C:\.zip
[2012/10/04 22:35:44 | 006,163,248 | ---- | M] ()(C:\????????...????? ???? ?????? ?? ?????? ??????? ?????.flv) -- C:\بالفيديو...هيفاء وهبي مستاءة من مغادرة الجمهور حفلها.flv
[2012/10/04 22:35:43 | 006,163,248 | ---- | C] ()(C:\????????...????? ???? ?????? ?? ?????? ??????? ?????.flv) -- C:\بالفيديو...هيفاء وهبي مستاءة من مغادرة الجمهور حفلها.flv
[2012/10/04 21:49:12 | 011,766,284 | ---- | M] ()(C:\???? ???? ?????? ?? ?????? - YouTube.FLV) -- C:\‫كيف تحمل المرأه من الرجل‬ - YouTube.FLV
[2012/10/04 21:49:09 | 011,766,284 | ---- | C] ()(C:\???? ???? ?????? ?? ?????? - YouTube.FLV) -- C:\‫كيف تحمل المرأه من الرجل‬ - YouTube.FLV
[2012/10/04 21:46:29 | 003,052,225 | ---- | M] ()(C:\?????? ????? G - spot ?? ????__ ????? ??? ?? 18??? __? - YouTube.FLV) -- C:\‫منطقة ونقطة G - spot جي سبوت__ ممنوع اقل من 18سنة __‬ - YouTube.FLV
[2012/10/04 21:46:28 | 003,052,225 | ---- | C] ()(C:\?????? ????? G - spot ?? ????__ ????? ??? ?? 18??? __? - YouTube.FLV) -- C:\‫منطقة ونقطة G - spot جي سبوت__ ممنوع اقل من 18سنة __‬ - YouTube.FLV
(C:\Documents and Settings\All Users\Start Menu\Programs\????? ?????? - ????? ??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\برامج العريس - سلسلة اللغات
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

:Commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[ResetHosts]
[Reboot]

emsisoft anti mlware cant remove these files

0 Value: hkey_users\s-1-5-21-1409082233-2077806209-725345543-1004\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\access password recovery genie -> Order Trace.Registry.Access Password Recovery Genie 3.0 (A)

1 Key: hkey_users\s-1-5-21-1409082233-2077806209-725345543-1004\software\toolbar Trace.Registry.WebSearchToolbar (A)

i remove them

put when i make new scan i found the same files i try to quarantine them but also its not work

You can not remove registry entires that are actively in use.

Don't worry about the dump file being emprty.

there is many missing (runscanner+extra stuff+all autostart items)

I did not ask you to run runscanner. Stop using runscanner.
Link to comment
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save ComboFix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on Combo-Fix & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Do not run anything I have not asked you to run, you are going to break something I can not fix.

Stop downloading files, you are cluttering your logs with new files; making it harder to find the stuff that should be removed or fixed.

I see 1 more new file in your logs, or tool being ran, I did not ask you to run, I will terminate this support thread.

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...