Author Topic: Emails scanned???  (Read 27304 times)

0 Members and 1 Guest are viewing this topic.

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #30 on: January 08, 2012, 10:05:00 PM »
Well, I think I'm done.  I've read and reread that link and it is still way too confusing for me.  It's not just download and run a scan and attach a log file.  There are about 10 black screens that make absolutely no sense.  Plus whatever to type in before the scan out of 20 or so lines?? I know very well that virus turned off my windows notification icon.  Microsoft can't even tell me how to turn it back on.  All they say is to do a complete system restore.  

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Re: Emails scanned???
« Reply #31 on: January 08, 2012, 10:23:43 PM »
sounds like you are still infected   ???


when you have downloaded OTL to your desktop, you click the OTL icon to run it, and this it what you see...click the attached screen shot to enlarge

at the lower section you see a green line where it say "Custom Scan/Fix"  belowe that line you copy and paste in this


COPY AND PASTE WHT YOU SEE BELOW____________





netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT






COPY AND PASE WHAT YOU SEE ABOVE_____________


Then you click the pink quick scan button you see at the top

« Last Edit: January 08, 2012, 10:27:47 PM by Pondus »

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #32 on: January 08, 2012, 10:24:50 PM »
Ok, I tried exactly what your said in your step by step instructions.  I have the two logs and will post them here.  Hope this is what you wanted to look at?  Thank you for being so patient with me.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Re: Emails scanned???
« Reply #33 on: January 08, 2012, 10:29:16 PM »
Perfect    ;)   no Essexboy will do the rest

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #34 on: January 08, 2012, 10:33:03 PM »
Oh no, don't say I might be still infested???  I've run avast many times, I've run Superantispyware and I've also ran Malwarebytes.  All show no infestations.  Plus all my programs work now, where not one worked before.  I have both my browsers taking me where I want to go, not where the virus wanted me to go.  It seems all I might have are some bad registry entries left behind.  I also run CCleaner and keep everything cleaned up.  Please don't say I'm still infected.  Now I won't sleep tonight!!!!!!!!!!!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46317
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Emails scanned???
« Reply #35 on: January 08, 2012, 10:39:45 PM »
Semper fidelis.  :) Rest easy.
If there is a problem, you're now at least in good hands an,
these hands really care and don't cost anything.  :)

Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #36 on: January 08, 2012, 10:41:11 PM »
Pardon me but I have to say a couple of things.  For Pondus, I live in a part of the US that has very large Scandinavian roots, especially with that of Norway.  In fact your King and Queen were here visiting just a short time ago.  My wife is also a quarter Norwegian.  During Christmas we always enjoy Norwegian holiday favorites and don't even ask me to try and spell their names here!  And for Essexboy, "Long Live Oasis!"  I love English rock and have all the way back to the early 60's. I'm starting to feel better now!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #37 on: January 08, 2012, 11:34:50 PM »
Hi OK as suspected the 3 registry keys that control that part of your system are missing

Quote
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s >

I will remove the remaining malware and construct some registry fixes

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    O3 - HKU\S-1-5-21-1328042321-976296846-4080170246-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-1328042321-976296846-4080170246-1000\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
    [2011/12/27 10:11:26 | 000,010,036 | -HS- | M] () -- C:\Users\Chunker\AppData\Local\06xp1102x88ndgc76kybh54u05b74u2o
    [2011/12/27 10:11:26 | 000,010,036 | -HS- | M] () -- C:\ProgramData\06xp1102x88ndgc76kybh54u05b74u2o
    [2011/12/26 15:32:49 | 000,010,036 | -HS- | C] () -- C:\Users\Chunker\AppData\Local\06xp1102x88ndgc76kybh54u05b74u2o
    [2011/12/26 15:32:49 | 000,010,036 | -HS- | C] () -- C:\ProgramData\06xp1102x88ndgc76kybh54u05b74u2o
    [2011/07/11 07:49:34 | 000,004,930 | ---- | C] () -- C:\ProgramData\ojobkspa.ako

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Once you have done this I will then give you the registry fixes.. As I have a 64bit win 7 I will export them from my registry

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #38 on: January 08, 2012, 11:59:17 PM »
Sorry Essexboy but I don't think your instructions worked for me?  I mean things didn't go as you had laid out.  It seemed that everything hung up and I ended up powering down my pc to get anything to work.  I did as you said, pasted your entries in and hit the fix button.  It ran about a minute then just seized up.  I now have two shortcut to desktop.ini files on my desktop.  I also have a desktop.ini  a cmd.txt and a cmd.bat file where the OTL is located.  Kind of lost what to do now?  Don't know what file you want me to post here and if they are good files or not?

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #39 on: January 09, 2012, 12:02:09 AM »
I rechecked and the two on the desktop are not shortcuts but actually .ini files but look to be grayed out?  Plus they are off two different sizes.

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #40 on: January 09, 2012, 12:09:15 AM »
Also forgot to mention that because of the freezing I haven't done the rerun of the OTL yet and I believe that is what you wanted me to post???  Don't know if I should do that or not suspecting that the fix run didn't complete properly??

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #41 on: January 09, 2012, 12:25:13 AM »
I'm sitting here wondering if I should delete all the files from my last attempt and try the entire fix process once again?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Re: Emails scanned???
« Reply #42 on: January 09, 2012, 12:27:57 AM »
Also forgot to mention that because of the freezing I haven't done the rerun of the OTL yet and I believe that is what you wanted me to post???  Don't know if I should do that or not suspecting that the fix run didn't complete properly??
I was probably hanging on "empty temp"

but you can do the rerun and attach the new log


Essexboy is on UK time and have logged out for today....but he will be back tommorow and continue   ;)

Offline Semper Fi

  • Jr. Member
  • **
  • Posts: 73
Re: Emails scanned???
« Reply #43 on: January 09, 2012, 01:03:53 AM »
Thank you Pondus for making me aware of that.  I just completed the new run and will attach the new file to this post.  This time there was only one file created, the OTL.txt file and no extras.txt file as in the first quick scan.  I also realize something that I had mentioned in my earlier posts about 2 .ini files on the desktop.  It seems that running the fix scan in OTL changes the view option to view all files and not hide system and hidden files.  Once I put the view back to hide, they are no longer visible.  They must be files that have always been there.  I still have the three files created by the aborted fix scan that somebody might want, but won't post them until asked for.  Thanks so much!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #44 on: January 09, 2012, 09:46:25 PM »
Just to confirm that I am repairing the correct entries could you do the following please

run farbar service scanner


Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.