Solve : Do I need to worry??

1.	Solve : Do I need to worry??
Answer» Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services :reg [-HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] [-HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}] [-HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32] [HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel] "C:\WINDOWS\SYSTEM32\OPNLIAWW.DLL"=- [-HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}] :files c:\docume~1\Name\LOCALS~1\Temp\MSBNDO~1\ISLNDIS5.SYS :Commands [purity] [emptytemp] [start explorer] [Reboot] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose YES. If not, reboot anyway.SAS says I'm clean! Thank you very much for sticking with me through this. You've been terrific. Latest results below: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== UNABLE to delete registry key HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ . Registry key HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\\ not found. Registry key HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32\\ not found. Registry key HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel not found. Registry key HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\\ not found. ========== FILES ========== File/Folder c:\docume~1\Name\LOCALS~1\Temp\MSBNDO~1\ISLNDIS5.SYS not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Name\LOCALS~1\Temp\etilqs_8VQSSUFCa5j9sWe2ehxF scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_74.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12262008_152429 Files moved on Reboot... File C:\DOCUME~1\Name\LOCALS~1\Temp\etilqs_8VQSSUFCa5j9sWe2ehxF not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_74.dat not found! C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\XUL.mfl moved successfully. There seems to be a problem I think because the file has been partly removed so the scanner is having a hard time fully deleting the rest of it. I'm going to have to have you go to the SAS forums and have them have a look at the log and suggest what to do next. First let's clean up a little but. Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. ---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator Under Main: Select Files to Delete choose: Select All. Click the Empty Selected button. If you use Firefox browser click Firefox at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt. If you use Opera browser click Opera at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt. Click Exit on the Main menu to close the program. Note that your system will run slower for a reboot or two after having used this tool so don't PANIC. ---------- Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. Important: Restart the computer before continuing. ---------- Now register at http://forums.superantispyware.com/index.php Post the log and explain that the entries are not being deleted in this forum http://forums.superantispyware.com/viewforum.php?f=2I'm confused. I need to keep working on this, even though all my scanners say my computer is clean?Aren't you telling me that SUPERAntiSpyware keeps finding those registyr keys each time you scan?Here's what I wrote at the top of post #16, just above the OTMoveit results: SAS says I'm clean! Thank you very much for sticking with me through this. You've been terrific. Latest results below: Again, I really appreciate your help.Quote SAS says I'm clean! Thank you very much for sticking with me through this. You've been terrific. Latest results below: I totally over looked that and started reading the log Good to hear though Final suggestions. Let me know if you have any questions. Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to ENABLE thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown APPLICATIONS from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Safe surfing...

Answer»

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:services

:reg
[-HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}]
[-HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32]
[HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel]
"C:\WINDOWS\SYSTEM32\OPNLIAWW.DLL"=-
[-HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}]

:files
c:\docume~1\Name\LOCALS~1\Temp\MSBNDO~1\ISLNDIS5.SYS

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose YES. If not, reboot anyway.SAS says I'm clean! Thank you very much for sticking with me through this. You've been terrific. Latest results below:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
UNABLE to delete registry key HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ .
Registry key HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\\ not found.
Registry key HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32\\ not found.
Registry key HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel not found.
Registry key HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\\ not found.
========== FILES ==========
File/Folder c:\docume~1\Name\LOCALS~1\Temp\MSBNDO~1\ISLNDIS5.SYS not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Name\LOCALS~1\Temp\etilqs_8VQSSUFCa5j9sWe2ehxF scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_74.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12262008_152429

Files moved on Reboot...
File C:\DOCUME~1\Name\LOCALS~1\Temp\etilqs_8VQSSUFCa5j9sWe2ehxF not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_74.dat not found!
C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Name\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkw7nd69.default\XUL.mfl moved successfully.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't PANIC.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

Important: Restart the computer before continuing.

----------

Now register at http://forums.superantispyware.com/index.php

Post the log and explain that the entries are not being deleted in this forum http://forums.superantispyware.com/viewforum.php?f=2I'm confused. I need to keep working on this, even though all my scanners say my computer is clean?Aren't you telling me that SUPERAntiSpyware keeps finding those registyr keys each time you scan?Here's what I wrote at the top of post #16, just above the OTMoveit results:

SAS says I'm clean! Thank you very much for sticking with me through this. You've been terrific. Latest results below:

Again, I really appreciate your help.Quote

SAS says I'm clean! Thank you very much for sticking with me through this. You've been terrific. Latest results below:

I totally over looked that and started reading the log

Good to hear though

Final suggestions. Let me know if you have any questions.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to ENABLE thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown APPLICATIONS from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Safe surfing...

Solve : Do I need to worry??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment