Solve : Spybot Blocked?

1.	Solve : Spybot Blocked?
Answer» Quote from: diggerdave on February 11, 2009, 04:27:34 PM I haven't had zone alarm security suite running for at least 6 months. I am running the free zone alarm fire wall. Seems to be running well. OK, it must be seeing the security center as having the Security Suite installed. No problem. -- You are going to have to remove the CRACKS & Keygens before I can continue helping. Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As ADMINISTRATOR. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :files C:\DOCUME~1\David\Application Data\uTorrent\Adobe Acrobat 9 PRO Extended + Crack (PTB-ITA-ESP-NL) (iso).rar.torrent C:\DOCUME~1\David\Application Data\uTorrent\ConvertXtoDVD-V3 DivX-V6 Nero-V8 WinRar-V3-Full PATCH And Keygen's -2- MAXIMODIS.zip.torrent C:\DOCUME~1\David\Application Data\uTorrent\keygen.exe.torrent C:\DOCUME~1\David\Application Data\uTorrent\Nero 9 Ver. C Iso + Cracks & Apps.rar.torrent C:\DOCUME~1\David\Application Data\uTorrent\Nero 9. Ultra NEW RELEASE Including+Keygen Valildation Crack.rar.torrent C:\DOCUME~1\David\Application Data\uTorrent\nero_8_keygen__serials_reg__activation.rar.torrent C:\DOCUME~1\David\Application Data\uTorrent\RegCure 1.5 with crack.rar.torrent :Commands [purity] [emptytemp] [start explorer] [Reboot] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.Here's the log: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso).rar.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\ConvertXtoDVD-V3 DivX-V6 Nero-V8 WinRar-V3-Full Patch And Keygen's -2- MAXIMODIS.zip.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\keygen.exe.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Nero 9 Ver. C Iso + Cracks & Apps.rar.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Nero 9. Ultra NEW RELEASE Including+Keygen Valildation Crack.rar.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\nero_8_keygen__serials_reg__activation.rar.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\RegCure 1.5 with crack.rar.torrent not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_QcjCX8zRcMQq3Ps9d45X scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_QcjCX8zRcMQq3Ps9d45X-journal scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_u59Ra7VKA7IFF7KLQAw4 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\~DF9103.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\gnserv.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_770.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\spnserv.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\spserv.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT06db8.TMP scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\OfflineCache\index.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_154245 Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixLog attached [attachment deleted by admin]Everything looks OK. How is the computer running now?It's taking well over a minute at boot up to get from the post to the memory check.Has this just started happening? Yes. I believe it started after running OTMoveIt3.All that did was remove temporary files. Everything else said "Not found." Try Dial-a-fix. Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder. Open the folder and run Dial-a-fix.exe 2 windows will open. Close the one in the background labeled Restrictive Policies Check the box in section 1, Empty temp folders. Check the box in section 2, Fix Windows Installer. Check the box in section 3, Fix Windows Update. Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked Check all boxes in section 5, labeled Registration Center. Click Go OK any error messages if received, but write them down and post them here. Restart the computer when done. . How is it now?Dial-a-fix has been stuck on the same task for about an hour and a half.Can you see which one it is?Stopping CRYPTSVC...OK stop it and uncheck box 4, labeled SSL/HTTPS/Cryptography Now run it again please with the other boxes checked.I'm still getting the lengthy delay at boot up.A computer can be slow to start up after cleaning the cache which is what we did when running OTMoveIt. After a few more restarts see if it is still running slow. We should check for any more malware also as it could be that as well. Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and LET it finish. . When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: Text file [.txt]* Then, click: Save . Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Answer»

Quote from: diggerdave on February 11, 2009, 04:27:34 PM

I haven't had zone alarm security suite running for at least 6 months. I am running the free zone alarm fire wall. Seems to be running well.

OK, it must be seeing the security center as having the Security Suite installed. No problem.

--

You are going to have to remove the CRACKS & Keygens before I can continue helping.

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As ADMINISTRATOR.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:files
C:\DOCUME~1\David\Application Data\uTorrent\Adobe Acrobat 9 PRO Extended + Crack (PTB-ITA-ESP-NL) (iso).rar.torrent
C:\DOCUME~1\David\Application Data\uTorrent\ConvertXtoDVD-V3 DivX-V6 Nero-V8 WinRar-V3-Full PATCH And Keygen's -2- MAXIMODIS.zip.torrent
C:\DOCUME~1\David\Application Data\uTorrent\keygen.exe.torrent
C:\DOCUME~1\David\Application Data\uTorrent\Nero 9 Ver. C Iso + Cracks & Apps.rar.torrent
C:\DOCUME~1\David\Application Data\uTorrent\Nero 9. Ultra NEW RELEASE Including+Keygen Valildation Crack.rar.torrent
C:\DOCUME~1\David\Application Data\uTorrent\nero_8_keygen__serials_reg__activation.rar.torrent
C:\DOCUME~1\David\Application Data\uTorrent\RegCure 1.5 with crack.rar.torrent

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.Here's the log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso).rar.torrent not found.
File/Folder C:\DOCUME~1\David\Application Data\uTorrent\ConvertXtoDVD-V3 DivX-V6 Nero-V8 WinRar-V3-Full Patch And Keygen's -2- MAXIMODIS.zip.torrent not found.
File/Folder C:\DOCUME~1\David\Application Data\uTorrent\keygen.exe.torrent not found.
File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Nero 9 Ver. C Iso + Cracks & Apps.rar.torrent not found.
File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Nero 9. Ultra NEW RELEASE Including+Keygen Valildation Crack.rar.torrent not found.
File/Folder C:\DOCUME~1\David\Application Data\uTorrent\nero_8_keygen__serials_reg__activation.rar.torrent not found.
File/Folder C:\DOCUME~1\David\Application Data\uTorrent\RegCure 1.5 with crack.rar.torrent not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_QcjCX8zRcMQq3Ps9d45X scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_QcjCX8zRcMQq3Ps9d45X-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_u59Ra7VKA7IFF7KLQAw4 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\~DF9103.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\gnserv.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_770.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\spnserv.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\spserv.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT06db8.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_154245
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixLog attached

[attachment deleted by admin]Everything looks OK.

How is the computer running now?It's taking well over a minute at boot up to get from the post to the memory check.Has this just started happening?

Yes. I believe it started after running OTMoveIt3.All that did was remove temporary files. Everything else said "Not found."

Try Dial-a-fix.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

Open the folder and run Dial-a-fix.exe
2 windows will open. Close the one in the background labeled Restrictive Policies
Check the box in section 1, Empty temp folders.
Check the box in section 2, Fix Windows Installer.
Check the box in section 3, Fix Windows Update.
Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
Check all boxes in section 5, labeled Registration Center.
Click Go
OK any error messages if received, but write them down and post them here.
Restart the computer when done.

.
How is it now?Dial-a-fix has been stuck on the same task for about an hour and a half.Can you see which one it is?Stopping CRYPTSVC...OK stop it and uncheck box 4, labeled SSL/HTTPS/Cryptography

Now run it again please with the other boxes checked.I'm still getting the lengthy delay at boot up.A computer can be slow to start up after cleaning the cache which is what we did when running OTMoveIt. After a few more restarts see if it is still running slow.

We should check for any more malware also as it could be that as well.

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and LET it finish.

.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

.
Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Solve : Spybot Blocked?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment