5 Hours of Complete Pain XP Security 2011

[essexboy]

Yes - sorry not quite clear was it

Download and run the programme
Reboot to safe mode
Run OTS

[Probzzie]

when right clicking then pressing install brings open with... up

[essexboy]

OK would you be game to work outside of windows ?

Do you have access to a system with a cd burner ?

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

• Download OTLPENet.exe to your desktop
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  
  
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads   
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Double-click on the OTLPE icon.
  
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive. 
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.
  

[Probzzie]

I'm downloading and attempting it. She doesn't have a second computer however the laptop has a dvd burner, I'm going to attempt too burn with infected machine....

[essexboy]

When you run it to burn - run as administrator

[Probzzie]

Okay all worked, until it tried running imgburn.exe the it said open with.

BUT!!!!!!!!!!!!
Rogue Killer ran once i unchecked the check mark stating do not let file change system.

here is the log

iller V4.3.7 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date : 04/06/2011 16:34:59

Bad processes: 0

Registry Entries: 5
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command :  ("C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command :  ("C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command :  ("C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command :  ("C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command :  ("C:\Documents and Settings\Owner\Local Settings\Application Data\ppd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND

HOSTS File:
127.0.0.1       localhost


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[essexboy]

You should now be able to run OTS

I need to see what updates tgzy has done

[essexboy]

Oops did you run roguekiller with option 2

[Probzzie]

delete option? no do i just re-run it with delete option?

[Probzzie]

here also this is what its reading even when runnin as administer

[essexboy]

Run it with option 2   If that fails I will create a batch file

[Probzzie]

With option 2 it fails, OTL though is now running log will follow.

[essexboy]

Progress 

I am only halfway through the batch file at the moment - maybe I won't need it

[Probzzie]

here the log, only one showed up

[Probzzie]

I should have mentioned earlier but the desktop is not accessible for download location and all files currently on desktop will not work.