128 replies to this topic

[macdoo]

All processes killed ========== SERVICES/DRIVERS ========== ========== FILES ========== C:\Users\Ted\Documents\vlcmediaplayer-setup.exe moved successfully. C:\Users\Ted\Music\PopularScreenSavers.exe moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\dplayx.dll moved successfully. File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\dplayx.dl not found. C:\TDSSKiller_Quarantine\01.03.2012_21.08.39\tdlfs0000 folder moved successfully. C:\TDSSKiller_Quarantine\01.03.2012_21.08.39 folder moved successfully. C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000\tdlfs0000 folder moved successfully. C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000\mbr0000 folder moved successfully. C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000 folder moved successfully. C:\TDSSKiller_Quarantine\01.03.2012_20.17.14 folder moved successfully. C:\TDSSKiller_Quarantine folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ted ->Temp folder emptied: 333343 bytes ->Temporary Internet Files folder emptied: 9548562 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 515 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3426 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 9.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.34.0 log created on 03022012_190947 Files\Folders moved on Reboot... C:\Users\Ted\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Ted\AppData\Local\Temp\~DF128ABC03B9A4B474.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DF350612785A0F537F.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DF3565080A9568068A.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DF8692F4FF06072921.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DFAB8E0CF606247ECA.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DFCDE901359CC24C70.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DFE087DBE97C9DB410.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DFFDC4BF89CCF71C31.TMP not found! C:\Users\Ted\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EA0UFQX7\iframe[1].htm moved successfully. C:\Users\Ted\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16SQ4POX\index[1].php moved successfully. C:\Users\Ted\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...

[oldman960]

Hi macdoo,

Any problems with the computer?

Double click on OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
• Do Not copy the word CODE
• please note the fix starts with the :

:Services

:Files
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\dplayx.dll

:reg

Then click the Run Fix button at the top

• Let the program run unhindered
• Please save the resulting log to be posted in your next reply.
• Reboot your computer

Please post the OTL fix log.

[macdoo]

No problems ========== SERVICES/DRIVERS ========== ========== FILES ========== File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\dplayx.dll not found. ========== REGISTRY ========== OTL by OldTimer - Version 3.2.34.0 log created on 03032012_062411

[oldman960]

Hi macdoo,

Not sure where that file went. let's make sure it's not there. This will be fairly quick and the log will be short, make sure to click the None button.

Next

Please open OTL if it is not opened after the reboot.

• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, click the None button near the top (it may looked greyed out)
  
• In the window under Custom Scans/Fixes copy and paste the following
  
  
  
  /md5start
  dplayx.dll
  /md5stop
  
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

[macdoo]

OTL logfile created on: 3/3/2012 12:39:42 PM - Run 6
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ted\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 54.11% Memory free
3.49 Gb Paging File | 1.75 Gb Available in Paging File | 50.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.37 Gb Total Space | 154.34 Gb Free Space | 70.68% Space Free | Partition Type: NTFS
Drive D: | 14.22 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.71 Mb Free Space | 96.50% Space Free | Partition Type: FAT32
Drive F: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TED-PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: DPLAYX.DLL >
[2012/02/19 07:52:21 | 000,116,224 | -HS- | M] () MD5=08995A604CA999FD0E70D391833662C0 -- C:\_OTL\MovedFiles\03022012_190947\C_Windows\System32\config\systemprofile\AppData\Local\dplayx.dll
[2009/07/13 20:15:12 | 000,213,504 | ---- | M] (Microsoft Corporation) MD5=19DFABF1712CA77C34EBD92A893E9B2E -- C:\Windows\SysWOW64\dplayx.dll
[2009/07/13 20:15:12 | 000,213,504 | ---- | M] (Microsoft Corporation) MD5=19DFABF1712CA77C34EBD92A893E9B2E -- C:\Windows\winsxs\x86_microsoft-windows-directx-directplay4_31bf3856ad364e35_6.1.7600.16385_none_76e6c1802136b090\dplayx.dll

< >

< End of report >

[oldman960]

Hi macdoo,

Looks like we got the infected one.

I don't see an antivirus program installed. I can give you some links to some very good free ones if you wish.


Everything looks good so we'll remove the tools.

From your desktop, please delete, if present

• any notepads/logs that we created
• TDSSKiller
• lmbr.zip
• mbr.dat
• aswMBR

Next

Click the Start button,in the search box type Run. At the top click run

Copy and paste the following line into the run box and click OK

Combofix /uninstall


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall.

Win7 firewall is pretty good provided it's turned on.
http://www.sevenforu...l-turn-off.html

You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.


- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System and Security > change settings


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE

Please post back if you have any problems.

[macdoo]

Thank you so much for everything. I will impress upon him the importance of protection. Especially with a young teen having free run all over the internet. Also, I will remind him that I can always not allow him on my network. lol . Thanks again

[oldman960]

Hi macdoo,

You're welcome.

If you need an antivirus program I suggest these

Avast
Help and support can be found here Avast Forum
Antivir PersonalEditionClassic
Help and support can be found here Avira Personal Support Forum
Microsoft Security Essentials
Support

Take care

[oldman960]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.