lower left corner > additional options > attach
Attachments
Hi choirgirl1,
I see signs of a very nasty infection that we may not be able to clean. Is the option to reformat and reinstall the operating system a possibilty. We can clean up as much as possible and see how deep this goes.
If you are transfering files to the infected computer we will do this fix differently. It should be easier for you.
There are signs of an autorun infection on E:\ drive which is most likely a usb storage device such as a flashdrive. Is the flashdrive you are using recognized as E:? Leave the flash drive connected to the infected computer when you run the fix.
To protect your clean computer do this first:
On the clean computer with the flashdrive attached:
Download Flash_Disinfector.exe by sUBs(and save it to your desktop.
[]Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
[]The utility may ask you to insert your flash drive anl/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
[*]Wait until it has finished scanning and then exit the program.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder…it will help protect your drives from future infection.
Additional info: there is no user interface for this tool. You may see a black window briefly flash on the screen.
Next
Download the attached file, scan.txt, and transfer it to the desktop of the infected computer.
Next,
On the infected computer:
Please rename the copy of OTL that you renamed to svchost.exe.
Double click on svchost.exe
[*]Under the Custom Scans/Fixes box at the bottom, double click on the white window
[*]You will get a window asking if you want to load a custon scan, click ok
[*]Set the look in box at the top to your desktop and click open
[*]the box should now fill with text
[*]Then click the Run Fix button at the top
[]Let the program run unhindered
[]Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
How is the computer?
Hi - I’m here. Give me a couple of minutes to read your post and make sure I understand. Yes, reloading the OS is an option - I fairly recently backed up all my files to an external harddrive and my most recent work to a flash when this problem popped up, just to be safe - I didn’t want to infect the external. But I’d really rather not start fresh if it can be avoided - I have SO much work to do as soon as possible. Be right back…
Hi choirgirl1,
Take your time. If the one infection that I think may be there you may be looking at a reformat as there isn’t a manual removal for it at the present. But let’s take it one step at a time.
Question: I still have OTL open (I didn’t want to close it in case I needed it again) should I close it and reopen as the new name? Or can we use it as is?
Hi choirgirl1,
Give it a try as it is. Just make sure the white field at the bottom is empty before you import the file.
Never mind…I did the rename anyway and it’s scanning…
Yay! Computer rebooted with no recurrence of PP popup, I’m able to open the programs I couldn’t before, and my Avast tray icon is back! I haven’t reconnected to the internet yet - I’ll wait to see what you think. I’m scared to be too happy, but !!!
I’ve attached the fix log.
Hi
Before you connect to the internet please run this custom scan.
Rename OTL back to OTL.exe
Delete scan.txt from your desktop.
Download the attached file and transfer it to your infected computer’s desktop.
Use the same steps as before to import the file to OTL but this time click the Run Scan button.
Running…
Here’s the resulting file:
I also ran a thorough Malwarebytes scan and a custom (EVERYTHING) Avast scan and nothing was detected. I’m assuming everybody is shut down for the night, so I will too. Must do day job tomorrow, but will check back in the afternoon (Pacific time). I’ll work offline until I hear back from someone, but it looks clean. Thank you! 
Hi choirgirl1,
Were Avast and MBAM updated when you ran the scans? If they were then you must have been connected to the internet. Did you notice anything unusual in the computer’s behavior?
There are a couple of oddities in the log but I think that may be due to your operating system. When you post back please give me an update on the computer, ie it’s running fine, better etc.
Thanks
Hi OLdman
No, I had disconnected from our wireless and the programs didn’t update. The laptop seems to be working fine therwise, but I still haven’t tried internet yet. Should I go ahead, connect, then update Avast & MBAM? Is there anything I should watch out for that would hint at a lurking problem? Thanks for all your help!
Hi choirgirl1,
Yes, connect and update both programs. Please post the MBAM log.
Avast updated but MBAM wouldn’t - gave me an error message which I passed on to their support. I ran MBAM yesterday after starting up my laptop, so I’m attaching those logs. LAptop seems fine, and Firfox seems fine, but Internet Explorer isn’t - doesn’t load some pages or parts of pages. I think it had to do with Java script and I might have changed some settings, but have tried to put them back, so I don’t know. So I’m still a little nervous about using the internet for business, payments, etc. What do you think?
That is a very old version of MBAM
Malwarebytes’ Anti-Malware 1.40
Database version: 2551
The current version is 1.51.2.1300 and the database is at 8269
http://www.filehippo.com/download_malwarebytes_anti_malware
Please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
Hi choirgirl1 ,
I honestly don’t know what to tell you. Your Operating System is a sense is unique and there aren’t many of the tools we use that will run on it. For this reason many forums will not work on an XP 64bit machine. When xp64 came out it was thought of as “bullet proof” as it couldn’t be infected with a rootkit and only the 32bit side could become infected which could easily be cleaned. The foks that develop the tools must have decided for those reasons and the fact that the OS was rare that it wasn’t necessary to program the tools to deal with the OS. Even though it’s a 64bit system it is not quite the same as a Vista or Win7 64 system and some of the routines that the tools use will not work.
I’ve compared your log to the few I could find on the internet and they look the same as far as what is shown in your log. Going on that we can clean this machine as best we can.
MBAM being that old may have tried to overinstall itself during the update. I’ve had that happen, an uninstall reinstall set things right. Stick with the MBAM topic as it may well be something else.
Was IE working properly before the infection? You can try the steps in the link elow to see if restting IE will help. There is also some info on what a reset will do. I suggest you not use the Fixt Tool as it may not be compatible with the OS. The FixIt Tool is an automated version of the manual steps outlined.
Give it a try and let us know how it goes.
Thank you, I will. And yes, IE had been working okay - though maybe a little slow, but not buggy. I don’t have much time im the next couple of days, but I’ll see what MBAM has to say and follow your link, probably Thursday. I’ll let you know what I find out. Thanks so much for hangin’ in there with me!