Solved Scans requested by BRONI- RE: "Hardware Interruptions" - Part 1

And the fun continues... lol

oooh, pues!...heeeeeeeere we go again. haha!

1. DISABLE anti-virus. 2. Update VIA INTERNET. I love this fun.

Okay. Well it FINALLY got done. Sorry it took so long, Kaspersky gave me the run-around. I couldn't use the main Online scanner as it's being updated and revamped. I tried the link you posted, but it seemed to work REALLY slowly, and at first- the Java platform kept getting disconnected and interrupting all the updating even though Java itself was updated. So I took a different route. I did all of the other scans required and got ALL of the logs saved. Then cleaned the computer out with ALL of the different cleaners that I've had on here for a while....including (*grumbles*)....T-F- "F(*^&% "-C Cleaner. Functionally, I can see why people like the way it works...but it keeps messing my computer UUUUUP! It messes up Firefox, undoes computer settings- it's just not my favorite prog. hehe, I use that as a very LAST resort. But I followed directions and I had to go back and reinstall Firefox a few times to get this right, and...and get the Kp scanner to work. I would run and update it- which INITIALLY took all night, but after the first hurtle, it would just update in a few minutes, since I guess none of the cleaners would touch...wherever it cached the definitions at. Which worries me, because now I have all this extra Kp scanner **** taking up space on my harddrive and no idea where it's at. Eh! I'll take virus definitions over virus any day. lol If only I could incorporate that into AVAST.

At first I was confused because KP would update, and I would have AVAST fully disabled, but the viral scanner was STILL deactivated. So I kept re-cleaning over, double checking Java and firefox, reinstalling things, reupdating, and trying again and it STILL wasn't working! THEN I go back and read your directions....and apparently as it reads, I guess it's supposed to be that way, lol. Good job-RAVN! PAY ATTENTION KID! haha. So It ran, and updated uninterrupted (finally ) but not before I took the long way around and scanned with PANDA AV, ESET NOD-32, and AVAST. So I have logs for all of them on file as well. Panda picked up a minor suspicious file, and ESET found cookies. AVAST and KP were both completely clean, but logs on both of those as well. So I tried... heh.

 

OTL: Run fix Scan

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso4.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control Win32 Classes Reg Error: Key error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Win32 Classes Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Win32 Classes Reg Error: Key error.\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: HP Authorized Custom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11595931 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 219577563 bytes
->Flash cache emptied: 15781 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temporary Internet Files folder emptied: 32902 bytes

User: Administrator
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 221.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: HP Authorized Custom
->Flash cache emptied: 0 bytes

User: NetworkService

User: LocalService

User: Administrator

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.14.0 log created on 09202010_134354

Files\Folders moved on Reboot...
File\Folder E:\WINDOWS TEMPS\TEMP\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

 

Security Check Scan

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.4
Mozilla Firefox (3.6.3) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

Kaspersky Scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 21, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 21, 2010 19:39:17
Records in database: 4235783
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
M:\
N:\

Scan statistics:
Objects scanned: 45401
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:42:25

No threats found. Scanned area is clean.

Selected area has been scanned.

 

Just missed, haha.

Yeah, I got your replies. I tried using PSI on the fam's laptop, and for whatever reason it didn't register at all. It wasn't working right. Is there any other alternative program I can use in place of it?

It didn't label it Trojan, just that it was suspicious. I forget which scanner that was, but I deleted it. I'll reinstall SAS and run both of those malware scanners.

And YEEAAAH...haha, I get hasseled a lot on my RAM. But I think I've made piece that for this old fogie, it's about the best that it's gonna get because out-sourced and out-dated RAM is pretty hard to find, and pricey. So I can deal with a little drag. For now...

Aside from the KP scanner using up ALL of my RAM to run, it's moving at a decent speed. I just need to set up some decent defense progs (HIPS, malware, file safe, etc) and learn how to configure SANDBOXIE (any ideas on that? Lotta options ). But so far, everything LOOKS okay. Only time will tell.

I was wondering, where exactly do you learn how to decipher all of these scans? I know some of these are seemingly self-explanatory, but some of these others....yikes.


Thank you for sticking it out with me BRONI, I really appreciate all of this. I'll post the OTL scans in a few minutes.

 

Everything installed...

Ok, Everything that you posted worked. I was using a .iso version of the PSI program from another website, and it wasn't registering. This version's a lot easier. lol. Everything worked.

Here's the OTL scans:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: HP Authorized Custom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5397303 bytes
->Java cache emptied: 234039 bytes
->FireFox cache emptied: 26543408 bytes
->Google Chrome cache emptied: 19432693 bytes
->Flash cache emptied: 1100 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temporary Internet Files folder emptied: 32902 bytes

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 868 bytes

Total Files Cleaned = 49.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: HP Authorized Custom
->Flash cache emptied: 0 bytes

User: NetworkService

User: LocalService

User: Administrator

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.14.0 log created on 09212010_234222

Files\Folders moved on Reboot...
File\Folder E:\WINDOWS TEMPS\TEMP\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

 

typo...

I meant "PEACE." hehe.