Log files for RD to review [Archive]

Red Dragon

23rd September 2008, 04:35 PM

sorry for the delay looking over the logs now - I love MBAM more and more everyday - it saves so much time manually removing stuff. I don't have access to my normal computer right now - so please excuse the sloppy instuctions

1) Launch hijackthis -> select scan only -> put checks next to the following items:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\ARCHIV~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

Close all browsers and windows (including this one)

And select Fix checked

================================================== ==

2) We need to delete a service:

open Notepad, then copy the codes belows in the quote box:

@echo off
sc stop MyWebSearchService
sc delete MyWebSearchService
del service.cmd and exit

then paste them into the notepad file, name the file fix.cmd and change the "Save as Type" to "All File", then save it to your desktop.

Locate the file you just created on the desktop, and double-click to run it. It will look like

================================================== ==

3) OTMoveit2!
OTMoveit2 by OldTimer
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Archivos de programa\MYWEBSEARCH
purity
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

================================================== ==
4) http://i10.photobucket.com/albums/a117/justinlutzfl/f_Logo1m_7c1b64d.pngRun Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary.
Once the database has downloaded, click Next.
Click on "My Computer"
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply

Attach in your reply:
1) OTMoveit2! log
2) Kaspersky log
3) run a fresh hijackthis log