JT1314
1 Copper

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

Kevin,

The scan did not come back clean. It showed three infected files and per instructions left the box from the scan to clean them unchecked. Here is the log from the scan. I have not tried updating the OS.

C:\Adobe\plugs\mmc5894341.txt a variant of Win32/Kryptik.PQP trojan

C:\Adobe\plugs\mmc5898429.txt a variant of Win32/Kryptik.PNM trojan

C:\_OTM\MovedFiles\06282011_172928\c_windows\system32\config\systemprofile\appdata\local\enecdi.dll a variant of Win32/Kryptik.PQP trojan

0 Kudos
kevinf80
4 Tellurium

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

One of the entries is already contained, we`ll remove the other two and do some general clean up, as follows please:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy😞
    -------------------------------------------------------------------

    :Files
    ipconfig /flushdns /c
    C:\Adobe\plugs\mmc5894341.txt a variant of Win32/Kryptik.PQP trojan
    C:\Adobe\plugs\mmc5898429.txt a variant of Win32/Kryptik.PNM trojan
    :Commands
    [EmptyFlash]
    [ResetHosts]
    [EmptyTemp]
    [ClearAllRestorePoints]

    ---------------------------------------------------------------------

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red user posted image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Let me see the OTM log in your next reply. We`ll leave our tools in place for now, try to do the windows updates after OTM completes.

Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
JT1314
1 Copper

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

Kevin,

Was unable to update after OTM scan.  Also after the scan/during an error box popped up saying:

Invalid time flag! [kryptik.PQP trojan] must be numerical.

Once the scan finished I copied the log but the computer started acting strange and all I could see was the computer wallpaper, the computer then proceded to shut down. I restarted it and everything is working ok but when I went to look for the OTM log using the C:\_OTMove...there was  no file. Should I run the scan again?

0 Kudos
kevinf80
4 Tellurium

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

 

Re-run ESET Online Scanner, this time in the section "Remove found threats" Make sure that it is ticked (selected)

Let me see the log in your reply.

When ESET is finished do the following :-

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type sfc /scannow > then enter. ***Note the space between sfc and /scannow Type exit when its finished and re-boot your PC. See if the stand alone links I gave earlier for SP1 and SP2 will now work...

Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
JT1314
1 Copper

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

well things aren't looking so good. I ran the ESET scan again with the "remove found threats" checked this time and found the same three threats. I proceded to run the system scan and when it was finished recieved the following message:

Windows resourse protection found corrupt files but was unable to fix some of them. Details are included in the CBS.log windir\logs\CBS.log For Example C:\windows\logs\CBS\CBS.log

Rebooted the computer and tried the stand alone updates for the OS and recieved the same error 0x8007002.

Here is the ESET scan Log. I will not be able to respond until Tuesday 6-5-11. Thanks for your help so far.

C:\Adobe\plugs\mmc5894341.txt a variant of Win32/Kryptik.PQP trojan cleaned by deleting - quarantined

C:\Adobe\plugs\mmc5898429.txt a variant of Win32/Kryptik.PNM trojan cleaned by deleting - quarantined

C:\_OTM\MovedFiles\06282011_172928\c_windows\system32\config\systemprofile\appdata\local\enecdi.dll a variant of Win32/Kryptik.PQP trojan cleaned by deleting - quarantined

0 Kudos
kevinf80
4 Tellurium

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

OK, run the Windows Update Fixit Utility available Here See if the updates will run after the fix, let me know how you get on....
Make sure to delete the old version of Combofix and d/l a fresh copy from the original links.
Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
JT1314
1 Copper

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

Alright well I ran the Fixit Utility and it said it ran sucessfully but when I ran the standalone update again it still said "An internal error occured while installing the sercive packs Error Code 0x8007002.  The only diffference I noticed this time around is that the install bar made it to the end before the error showed up.

0 Kudos
kevinf80
4 Tellurium

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2






Here why  disabling autoruns is recommended.

*EXTRA NOTES*

       
  • If Combofix detects any Rootkit/Bootki...






[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
JT1314
1 Copper

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

I apologize for such a late reply but I did not notice your response. Never saw the email and I never logged on to check.  But I did download and install Combofix.  The problem I'm having is that this computer has AVG virus software on it and when I disabled it combofix still wouldnt run. So I went to uninstall AVG and was given this message.

AVG: Setup Error

Severity: Erro

Error Code: 0xC0070643

Error Message: General Internal Error

Additional Message: Service 'AVG Watchdog' AVGWDG could not be stopped. Verify that you have sufficient privleges to stop system services. (0xC0070781)

Context: MSI Action Failed.

Mind you this is the only admin account on the whole computer so I dont know what to do now. Any suggestions?

Also when writing this response I'm noticing a link to thespykiler.co.uk/index.php?page=20 is showing up when I move my cursor around the screen over your response. Should I be concerned about it.

0 Kudos
JT1314
1 Copper

Re: Recently had Windows CleanThis problem, occasional redirects, and unable to update.

Nevermind about that link. I saw it was an article about autorun, just thought it was wierd because it was showing up in my reply when i went to click and edit a portion of my response.

0 Kudos