Solve : Is My Computer Functioning??

1.	Solve : Is My Computer Functioning??
Answer» I have attached SAS/MBAM/HiJack logs. I'd like to know: 1) Is the computter functioning properly based on the results? 2) What steps to take and resolve? 3) Also I have: CCleaner/avast/SAS/MBAM/HiJack/Wpsetup/Avenger/Scotty on Patrol -Do I need any more protection...if so what...or do I need all of these? Thanks. [recovering disk space -- attachment deleted by admin]I want to check something as one of the entries is questionable. Download FindAWF.exe by Noadfear to your Desktop. Double-click FindAWF.exe to START the tool. If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Select option #1 - Scan for bak folders by typing 1 and press 'Enter' When the tool has COMPLETED, a report will open up in notepad. Please post the results of the awf.txt in your reply. . ---------- What is Wpsetup? Is this the WinPatrol setup file? If so DELETE it.here it is winptr deleted [recovering disk space -- attachment deleted by admin]You can delete FindAWF. Use the Kaspersky Online Scanner You must use Internet Explorer. Click Accept. Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & CONFIGURE to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer When the scan is done, in the Scan is complete window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As... Next, in the Save as prompt, Save in area, select: Desktop. In the File name area, use KScan, or something similar. In Save as type: click the drop arrow and select: *Text file [.txt] Then, click: Save Copy and paste the Kaspersky Online Scanner Report in your next reply.Can't do it....I used your link. It will not let me hit accept....it keeps saying I need Java 1.5 or later...I verified...and already have version 7.Hmm, I just tried it in IE and Firefox and it works. Try this. How do I enable Java in my web browser?Here is the scan....I didn't find the scan settings...only scan options...hopefully this wasn't a problem. [recovering disk space -- attachment deleted by admin] Quote from: bluecountry on July 11, 2008, 10:51:07 PM I didn't find the scan settings...only scan options...hopefully this wasn't a problem. Yes they have recently updated the site and a few things are different. I didn't even know until I went there to try it when you couldn't get it to load. Another canned speech I need to do some tweaking on..... The good news is that there are only a few files to take care of and you will be malware free! Download OTMoveIt2 by OldTimer Save it to your desktop. Double-click OTMoveIt2.exe to run it. Copy the lines in the codebox below. [/list]Code: [Select][kill explorer] C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe EmptyTemp [start explorer] Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste Click the red Moveit! button. Copy everything in the Results window (under the green bar) and paste it in your next reply. Close OTMoveIt2 . ---------- Next post add OTMoveIt log Also let me know how things are now. Was I supposed to check off Unregister Dll's and Ocx's and Zip Files After Move? I didn't...here are the results File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\HCCMP.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\ichk2.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\iChkSA.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\IWGen.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\kave.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\lha.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\L_llio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\mdb.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\minizip.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\MKavIO.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\msoe.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\nfio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\prKernel.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\prLoader.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\PrUtil.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\rar.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\ScanningProcess.exe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\sfdb.PPL scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\TempFile.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\thpimpl.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\UniArc.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\WDiskIO.ppl scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_021423 It deleted the temp files like it was supposed to but not the other ones. Open OTMoveIt again and copy then paste just these 3 lines to be moved. C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exeFile/Folder C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip not found. File/Folder C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe not found. File/Folder C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_025238OK looks good. How is everything now? 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start > Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore POINTS except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.** To prevent unknown applications from being installed on your computer install WinPatrol 2008 Using Winpatrol to protect your computer from malicious software Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.These are the results from cleaning on moveit2...I wanted you to see them before I go on with the rest of what you said. [recovering disk space -- attachment deleted by admin]Looks good. Everything is scheduled to be deleted on reboot.OK...so on my computer I have -AVast Anti-virrus -CCleaner -SAS -Malwarebytes Anti-Malware -SpywareBlaster -Win Pattrol -Site Advisor Is this all I need? Am I all set with proper programs meaning if I update/scan I should be alright? I don't need Hi-Jack this on the computer? Thanks.

Answer»

I have attached SAS/MBAM/HiJack logs.

I'd like to know:

1) Is the computter functioning properly based on the results?
2) What steps to take and resolve?
3) Also I have:
CCleaner/avast/SAS/MBAM/HiJack/Wpsetup/Avenger/Scotty on Patrol
-Do I need any more protection...if so what...or do I need all of these?

Thanks.

[recovering disk space -- attachment deleted by admin]I want to check something as one of the entries is questionable.

Download FindAWF.exe by Noadfear to your Desktop.

Double-click FindAWF.exe to START the tool.
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Select option #1 - Scan for bak folders by typing 1 and press 'Enter'
When the tool has COMPLETED, a report will open up in notepad.
Please post the results of the awf.txt in your reply.

.
----------

What is Wpsetup? Is this the WinPatrol setup file? If so DELETE it.here it is

winptr deleted

[recovering disk space -- attachment deleted by admin]You can delete FindAWF.

Use the Kaspersky Online Scanner

You must use Internet Explorer.

Click Accept.
Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & CONFIGURE to:
- Scan using the following Anti-Virus database:
- Extended
Scan Options:
Scan Archives
Scan Mail Bases

Click OK & have it scan My Computer

When the scan is done, in the Scan is complete window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As...

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area, use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.Can't do it....I used your link.
It will not let me hit accept....it keeps saying I need Java 1.5 or later...I verified...and already have version 7.Hmm, I just tried it in IE and Firefox and it works.

Try this. How do I enable Java in my web browser?Here is the scan....I didn't find the scan settings...only scan options...hopefully this wasn't a problem.

[recovering disk space -- attachment deleted by admin]

Quote from: bluecountry on July 11, 2008, 10:51:07 PM

I didn't find the scan settings...only scan options...hopefully this wasn't a problem.

Yes they have recently updated the site and a few things are different. I didn't even know until I went there to try it when you couldn't get it to load. Another canned speech I need to do some tweaking on.....

The good news is that there are only a few files to take care of and you will be malware free!

Download OTMoveIt2 by OldTimer

Save it to your desktop.

Double-click OTMoveIt2.exe to run it.
Copy the lines in the codebox below.

[/list]Code: [Select][kill explorer]
C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip
C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe
EmptyTemp
[start explorer]

Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
Close OTMoveIt2

.
----------

Next post add
OTMoveIt log

Also let me know how things are now.

Was I supposed to check off Unregister Dll's and Ocx's and Zip Files After Move?

I didn't...here are the results

File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_021423
It deleted the temp files like it was supposed to but not the other ones.

Open OTMoveIt again and copy then paste just these 3 lines to be moved.

C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip
C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exeFile/Folder C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip not found.
File/Folder C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe not found.
File/Folder C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_025238OK looks good. How is everything now?

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore POINTS except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.

If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

To prevent unknown applications from being installed on your computer install WinPatrol 2008
Using Winpatrol to protect your computer from malicious software

Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*Using SpywareBlaster to protect your computer from Spyware and Malware
*If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.These are the results from cleaning on moveit2...I wanted you to see them before I go on with the rest of what you said.

[recovering disk space -- attachment deleted by admin]Looks good. Everything is scheduled to be deleted on reboot.OK...so on my computer I have

-AVast Anti-virrus
-CCleaner
-SAS
-Malwarebytes Anti-Malware
-SpywareBlaster

-Win Pattrol
-Site Advisor

Is this all I need?
Am I all set with proper programs meaning if I update/scan I should be alright?

I don't need Hi-Jack this on the computer?
Thanks.

Solve : Is My Computer Functioning??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment