Could you upload to Mediafire and post the sharing link. I never have any problem there ( famous last words )
You can access here –
http://eduspaces.net/mkistech/files/-1/29752/OTS.Txt
copy and paste okay - hmm big file, google docs only allows 500kb
i didnt install sp3 because everytime i try to install some new update i get new problems i dont know how to handle. Like internet explorer 8. I decided to update that and ever since then ive been haveing problems with it. Before i never had problems but once i updated tons of probs. Thats actually y i got avast a few months ago and then switched to firefox. Now my avast wont even do resident protection cause theres a problem somewhere. Also the kasperspy doesnt affect avast because i had that since 2007 i think and i removed it a while a go all thats left is probably a few remnants of code. Aside from all that every few days i update the viruse database. Safe mode doesnt work either as ive stated in earlier posts.So anything else.
Hi sfwx
Put plainly, you are expected to run SP3 with yr Windows, unless you are expert.
Auto updates and IE8 are optional. But, IE7 and at least notification of updates is advised.
Right now, yr computer appears badly infected, perhaps infested. So worry about above later on.
Managed to find yr OTS.txt file
I dont know what happened there, but I’m willing to give it a go, because there is a lot of stuff clogging up yr computer as well as the infection(s) - you obviously had a go wit everything, means you normal person - so we will have to sort that stuff out as well.
Take a while as well - but the weekend has just started here, so I should have some spare time
Essexboy might intervene which is okay, or supervise which be anything is all good.
How much of yr stuff can you re-install? - for example, Apple softwares, maybe MS Office, various media players - you mightn’t have to uninstall, but work out with all you know now (but wish you’d known then) what is yr ideal multimedia setup (fave players, etc…no oddballs, please), and we will see how easy to sort that out for you. Apple softwares best uninstalled for time being - is that big problem?
Oh make sure to disconnect from internet. I assume you have clean computer to work with.
So you dont have spare, clean computer? okay see if we can run a quick whammy
You may have had rootkit TDSS family of trojans - make sure you only do what Sophos recommends
download http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
download and read overview - down page to Further Information, there a few lines for info
http://www.sophos.com/support/knowledgebase/article/17026.html
Firstly - turn off yr System Restore as you seem to have exhausted all other options.
download and run ccleaner - http://www.filehippo.com/download_ccleaner/
Run only the two cleaners for now - Windows and Applications
Keep trying Malwarebytes when you can
You may have remnants from trying other security, and Kaspersky has been removed but dropped its lunch before it left, and the Kas fixit tool seems to be hidden away in Kas website somewhere. I will find it.
But I have to run, be back later - run the Sophos antirootkit if you can
if you have virtual cd program please uninstall it first.
just install it again after all the diagnose 
okay sfwx
if you want to start cleaning out the kaspersky leftovers
- you will have seen the extent of these in your OTS file - they KAVICHS
They apparently are not much bother - file information for when you re-install Kaspersky
but do seem to be referenced to the Startup folder - so best to run a removal
@Alternate Data Stream - 132 bytes → C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Anti-Hacker.lnk:KAVICHS
There are a few different removal tools - this Kaspersky Personal/Anti-Hacker seems to be 2006
Here’s the page on the Kaspersky site http://support.kaspersky.com/faq/?qid=193238621
Here is the relevant info –
The message: KAVICHS is on each file of the NTFS partition is nothing but service information recorded in the file stream. After Kaspersky Anti-Virus has been deinstalled this information is not deleted so it can be used during further Kaspersky Anti-Virus installations. If you would like to delete this information by some reasons, use a special utility that clears the stream file located on the NTFS partitions from the information entered by Kaspersky Anti-Virus.
To clear the stream files on the NTFS partitions, do the following:
Download the utility Klstreamremover.zip ftp://ftp.kaspersky.com/utils/klstreamremover/klstreamremover.zip
Unzip the archive in the root catalogue of the section where you are planning to clear the streams
Run Kl stream remover.exe with the parameter –r
Wait utility work to finish
Extract the exe file to Local Disk (C:) and run from there
Do you know how to run with parameter -r ?
Was computer allowed to run Sophos Ant-Rootkit?
TDSS malwares usually try prevent the running of security applications
Edit - you may need to go to Kaspersky website to download removal tool - my link may not work
I can try this a last time sfwx
why do I get the feeling that you have had the virus rather than you are fully infected now?
- you may not be that far off from return to normal running state
all of the following is to be expected with infection from TDSS
didnt install sp3 because everytime i try to install some new update i get new problems i dont know how to handle. Like internet explorer 8. I decided to update that and ever since then ive been haveing problems with it. Before i never had problems but once i updated tons of probs. Thats actually y i got avast a few months ago and then switched to firefox. Now my avast wont even do resident protection cause theres a problem somewhere. Also the kasperspy doesnt affect avast because i had that since 2007 i think and i removed it a while a go all thats left is probably a few remnants of code. Aside from all that every few days i update the viruse database. Safe mode doesnt work either as ive stated in earlier posts.So anything else.
OTS entries that show TDSS was (or is) on yr system
The following entry was amongst those those files that come with no name (no summary) - BAD
TDSSdxcp.dll → C:\WINDOWS\System32\TDSSdxcp.dll → [2009/01/16 05:42:53 | 000,002,201 | ---- | C] ()
entries amongst KAVICHS - either Kaspersky file information records or TDSS active amongst the records
- use removal tool to try rid yrself of all the kaspersky file information
@Alternate Data Stream - 36 bytes → C:\WINDOWS\System32\TDSSdxcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes → C:\WINDOWS\System32\TDSSkkai.log:KAVICHS
@Alternate Data Stream - 36 bytes → C:\WINDOWS\System32\TDSSmtve.dat:KAVICHS
You also may have been through this process - please let me know if you have tried these solutions
http://www.geekstogo.com/forum/links-yahoo-search-engine-hijacked-t224285.html&pid=1435551
as I said, you may not be too far off a clean computer but much tidy up top do - as well a yr Apple stuff - you have surplus toolbars, helpers (BHO) and remnants from uninstalled or removed stuff
You will need to run a HijackThis scan
- this will help sort out rubbish for removal
- a lot may already have been removed and what is left is records, which will also have to be removed
everyone i must say thanks you very much for all your help. I have to personally thank mkis for the whole sophis anti rootkit. it found about 128 hidden files. more than 16 of them began with h8srt which is what i figured was the problem. i Thought there was just 1 but there were way more. As soon as the anti rootkit ran itself and i deleted them all when my comp restarted my avast was working how it used to and i could use my resident scanner and ther are no more random internet explorer windows open. what sucks is my avast is expiered now lol. But my comps fixed and im happy. Now im trying to think about what t do next. Should i try malwarebytes just because. I dont know. Can you give me any suggestions on what i should do next.
what sucks is my avast is expiered now lolIs that a problem ?....there is a free version..... http://filehippo.com/download_avast_antivirus/
Should i try malwarebytes just because. I dont know.Why not.......remember to run update before you scan
Hi sfwx. You’re welcome.
With avast Free you can run Malwarebytes on demand for yr quick scan. You also have avast boot-time scan.
WinPatrol also runs well with avast5.
well i still have one prob. System restore doesnt load at all. My security centers back up and all. Thats my only prob that i can c for now. If i click it more than once i get the blank screen. if i leave it alone it wont open and nthing will pop up. any sugestions on that.
Hi sfwx sorry for not getting back to you - but I only received notification of your replies today ???
Enable hidden and system files in Explorer if you haven’t done so already. To do this, open Control Panel | Folder Options | View, and in Advanced Settings under Hidden Files and Folders, select “Show hidden files and folders,” Below that, uncheck “Hide protected operating system files.” (You will probably want to restore this option later.)
From Start | Run, type %SystemRoot%\inf and press Enter.
Find the file named sr.inf. Right click on it and select Install.
You may be prompted for your Windows installation media, or a directory on your hard drive that has the \i386 folder. If you installed Service Pack 2 (as opposed to installing a version of Windows XP with SP2 preinstalled), use the folder %SystemRoot%\ServicePackFiles\i386 .
Let me know how that goes - it should take no more than 10 minutes
%SystemRoot% is C:\windows
What is this supposed to do? also its not working. it keeps saying theres no sr.sys file.
I think differences will apply according to version of XP that is running, and maybe other condition…
The problem appears to arise because of following environment condition, (although this a bit dated)
http://forums.cnet.com/5208-6122_102-0.html?threadID=166385
This may or may be not be yr problem now, likely was to begin with. What essexboy has done is provide what is generally considered the fix, but does not always apply for various reasons, yr case obviously being example of one.
I’m trying to recall a standard routine for reload or reset of System Restore. Of course if you hv installation CD then can run Repair and that will reload and reconfigure yr OS.
it keeps saying theres no sr.sys file.Correct it is [b]sr.inf[/b] this will reinstall system restore if the files are present
no im saying it says that after i get to the i386 folder. whatevers supposed to be there isnt. The whole sr.inf is the first step thas fine its just afterwards getting past service pack files and such.
Ah ok with you now - that is showing us that a required system file is missing - you need to get a copy of that file and then put it in your sys32 folder and re-run sr.inf.
Unfortunately I am on 7 and my copy would be no good