How would I put a copy of my Event Viewer record on a thread, for evaluation, like it is done in a e-mail and what topic forum should I put it in.
Eagle4Ever
0
Light Poster
Recommended Answers
Jump to PostEagle, I cannot find any problems with those logs. You will have to elucidate the difficulty you are experiencing.
The 3 files removed by IoBit are adware delivery agents.
Jump to PostStart OTL.exe
Paste the text written inside the box into the Custom Scans/Fixes box located at the bottom of OTL:OTL @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4 [2011/02/11 03:03:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK :Commands [purity] [emptytemp] [Reboot]Click the …
Jump to PostEagle, was IoBit on your system when you did the earlier GMER run shown at the top of this page[to save me checking back...]?
That last OTL report is not right... could you restart OTL, and paste in what is shown in the box above [all of it] and then …
Jump to PostOkay, IoBit was on your system before the first GMER run.
You should remove that hidden is360.exe: start GMER again, when it is ready [after initial quick scan], expand the top tab lin by clicking on the >>>>. Choose processes, and when it lists select the is360.exe entry and press …
Jump to Post"I am sorry to say I could not open my outlook" Outlook? Do you mean Explorer[.exe]?
Are you talking about the Iobit file, is360.exe? Just do this to remove it, as I posted above:
Start GMER again, when it is ready [after initial quick scan], expand the top tab line …
All 35 Replies
gerbil
216
Industrious Poster
Easily enough. Expand the section you wish to present...eg. Applications. Then go Action tab > Export List, and save on your desktop as some .txt file. Make sure in Notepad that Format > Wordwrap is unchecked, select and paste to your post in this forum.
If there is a particular line error you wish us to comment upon you might rclick it, go Properties, and post what it says there. Otherwise we must research the error codes from the log. To post the content of that Error Properties window lclick the little button with the 2 pages shown on it : this copies the window contents to your clipboard. Paste into your post.
Eagle4Ever
0
Light Poster
My Os is XP and for some reason this is not working,I am doing exactly what you are saying to do, but the file name box stays blank, and it can't save into the desktop file. In other words the file is not exporting into the desktop folder and will not save into the file its self.
I hope I am making myself clear, sorry to be so much trouble, somehow I am not following the instructions right.
gerbil
216
Industrious Poster
You mean, you click Export List, and then you cannot type a filename into the Filename box? [Save as Type should be Text... .txt]
That window, if in Desktop, should show contained folders such as My Computer, My Docs.. Can you save any other .txt file from Notepad to your desktop?
Eagle4Ever
0
Light Poster
Dear Gerbil,
I am talking to someone who knows what they are doing and you are not, please have patience, I am learning.
In event viewer I go to action, I click on export list, and my Documents Folder pops up, on that screen there is the file name box, and below is and down below there is the save as box.
Now when I darken it, I can not remember the terminology, I right click it, and can past or copy, in this case Export the file, the file I am talking about is application, and in this case I get my Documents but that file will not transfer or copy in the file name box below.
I have done this a million times with other files, and if it does not transfer or copy into that file name box, and it will not export the file, I hope that is clear.
PS. I bet you get tired of dealing with us dummies, but this is one time I am stumped.
As you know this is done automatically, and then I transfer it into what ever folder I want to.
gerbil
216
Industrious Poster
:)... I do have patience... I must pick up your skill level as we go along, and adjust to it.
"Now when I darken it, I can not remember the terminology, I right click it, and can past or copy, in this case Export the file, the file I am talking about is application, and in this case I get my Documents but that file will not transfer or copy in the file name box below."
Ok, bit by bit...
"Now when I darken it" = select, with a lclick.
In many applications when one selects a file to "Save as" it automatically enters its, or some other, name in that filename box; Event Viwer will not do that. I don't know why; some difference in its programming. So just type in a name, make sure the file-type is .txt.
If you cannot actually type into that filename box then that is another problem altogether...
[even when a filanme is automatically entered into that filename box in other applications, you still, always, have the option of editing it].
I think there is some other faulty aspect in the rclick and Action menus of Event Viewer, but we can ignore those; it should work one way or another.
You can ignore the Action tab: just open EV, rclick Application, in the context menu that appears choose Save Log File as..., select a destination, type in a filename [any will do], AND give it type .txt.
eg filename of MyEVlog.txt
We'll get there. One aspect of Windows that can be both helpful and confusing is the often myriad ways of doing a particular task. Confusion arises when one is learning because some outcome occurs, and it didn't happen by following a previous, dimly remembered path. But that is everywhere in life. Here, you perhaps are somewhat daunted by the enormity and complexity of this OS. Fair enough... we all are.
gerbil
216
Industrious Poster
Whoa!! I was so wrong with this bit:
"You can ignore the Action tab: just open EV, rclick Application, in the context menu that appears choose Save Log File as..., select a destination, type in a filename [any will do], AND give it type .txt.
eg filename of MyEVlog.txt"
-if you follow that course the text file is a mess! For a human-readable log, you must do this [what I recommended in the first place]:
Open EV, expand Application by lclicking it in the LHS, then go Action tab, Export List, type in some filename with type .txt [the default type], eg filename = MyEVlog.txt"
Sorry about the added confusion, EagleE.
Eagle4Ever
0
Light Poster
Gerbil,
It worked,I have both application and system,Now how do I get it in the message box,the only icon on the tool bar is for links, and a tag for wrapping quotes, I am not sure I can copy and paste, you will need a file you can open, now if I copy and paste the whole file(that is both files)will it open and will the scroll bar work.
Thanks for taking your time with me, you are truly a friend. I don't have any points for helping anyone,but I just don't have enough knowledge to help anyone at the moment.
kinda makes me feel bad, people help me and I can't help anyone else.
gerbil
216
Industrious Poster
Good stuff. Now to get the file here. Because it is a text file I have no qualms about opening it if it is attached, so choose "Use Advanced Editor" button. Click Manage Attachments, use Choose to browse to your file on your sys, then press Upload. When that completes just Submit Reply. [the whole file will be sent, scroll bar use depends only upon how I choose to display it; I will not see your scroll bars].
And you don't have to help, it's just nice if you are able, that's all.
Eagle4Ever
0
Light Poster
I have office 2007 and Outlook 2007, and I am sorry but I have looked everywhere and I can't find the advanced editor button, I looked in word 2007 and outlook 2007 and I can't find it.
I am using word 2007 as my editor in outlook, although the text files are in My documents folder, even looked in the documents folder's tool bar nothing, even went to help and found nothing, sorry about that.
gerbil
216
Industrious Poster
Ooo... "Use Advanced Editor" is the button just below the box you type your post into.
Maybe 3" below these words, a tad to the right... :)
Eagle4Ever
0
Light Poster
Sorry my friend, I am not sure where you are talking about, what program are we discussing, are we talking word, outlook, or the forum itself, but on the message board, for the forum, I do not see anything like that on the tool bar, so surely your not discussing the message board on the forum, the only place I would type my post is here, on the forum, is that not correct.
gerbil
216
Industrious Poster
I am not talking about any other application, only this site, this thread.
Surely you can see the two buttons at the very foot of this shot?
Eagle4Ever
0
Light Poster
Ok here we go,
Event Log Application.txt
Event Log System .txt
I hope this works, I must warn you that one of my anti spy ware programs picked up three Trojans last week, they are still in quarantine if you would like me to write them in another thread, and where they are at of course.
Thank you for your patience and time, I must confess I am worried, I have never seen an attachment look like these two, so I might have to do it again.
gerbil
216
Industrious Poster
That worked just fine, Eagle. Apart from the connection problem could you give a rundown of your symptoms?
Run these tools, post their logs also, please.
==Download DDS by sUBs and save it to your Desktop. http://download.bleepingcomputer.com/sUBs/dds.scr
Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
Eagle4Ever
0
Light Poster
[ATTACH]19218[/ATTACH]
[ATTACH]19219[/ATTACH]
[ATTACH]19220[/ATTACH]
I am very sorry, I have been busy and haven't been able to get back to you
10bit Security 360 Anti Virus program, Quarantined and deleted: "Three Trojans"
1.Trojan.agent: C:\Windows\$NtServicePackUninstall$\ntbackup.exe 02\04\2011..02:51:05
2.Trojan.agent: C:\System Volume Information\restore{CD77296-FE58-49E3-818F-F3C1AD9068E6}
\RP15\A000 1820.Dll
3.Trojan.agent C:\System Volume Information\restore{CD77296-FE58-49E3-818F-F2C1AD9068E6}
\RP15\A000 3949.exe
Hope that will help you, in 10bit log all the way across, on two ran out of room
gerbil
216
Industrious Poster
Eagle, I cannot find any problems with those logs. You will have to elucidate the difficulty you are experiencing.
The 3 files removed by IoBit are adware delivery agents.
Eagle4Ever
0
Light Poster
I am concerned that a hacker has hacked through my programs and there is a root, a virus, and my anti virus programs are not picking it up, they ( the hacker) is coming through Outlook, and the reason for this is my printer and all programs relating to it are unplugged, along with external hard drive, I have several browsers I am using, I do not use internet explorer, at the moment Firefox, which is a Google program, as you can see he is interfering with Google Update, I do not feel there is a compatibility program, he is hitting SQL server hard, and for that reason My Contact Manager which is connected to Outlook will not work, it takes anywhere from a half a minute to a minute may be more to load, and I get a error message "do you want to work off line" I reply no and my outlook loads and I can receive and send messages.
I can format this computer and it will work perfectly, I have been there too many times, if it is a compatibility problem i do not know how to solve it, I have had this computer in the shop so many times, I could have bought a brand new computer, but they won't show me the problem, that is how they make there money.
That is about all I can tell you, I have disconnected several hardware and programs so the hacker will not have access to them, I am no good at reading logs, so that is why I have asked for help.
gerbil
216
Industrious Poster
Hi, Eagle,let's see what we can find, then.
First, clean with one of these two:
Either ==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it only to Open and Run from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option], and using the default settings select the Cleaner icon, press Run Cleaner.
Or ==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
==Next, run this rootkit scan and post the results. Do not use your computer during scan.
==Download gmer.zip from http://www.majorgeeks.com/GMER_d5198.html ...or the exe from http://www.gmer.net/download.php - it will have some obscure name.
-dclick on gmer.zip and unzip the file to its own folder or to your desktop.
-disconnect from the Internet and close all running programs.
-dclick the .exe to start it; wait for the intial scan to complete [a few seconds]. Press the Copy button, open Notepad and paste into it.
-Then, if you did NOT get a warning at startup about rootkit activity, place checkmarks ONLY at IAT/EAT, Devices, Modules, Processes, Threads; click the Scan button and wait for the scan to finish (do not use your computer during the scan); again press the Copy button, paste also into that Notepad.
-please post that log.
And finally scan for malware with one of these:
==Eset Online Scanner using IE only: http://www.eset.com/online-scanner
==Pandasoftware ActiveScan using IE or Firefox from http://www.pandasecurity.com/activescan/index/
==Bitdefender Online Scan using IE only: http://www.bitdefender.com/scanner/online/free.html - post the results, please.
PhilliePhan
171
Central Scrutinizer
Team Colleague
Hey Gerbil,
Not to get in your way or anything, but HERE is a little tool to look at recent event viewer entries.
It produce a nice and easy log.....
PP:)
Eagle4Ever
0
Light Poster
[ATTACH]19332[/ATTACH]
Here is the Log from Gmer,I exited all my programs from the tray,with the exceptions of my Anti Virus, and WD Smartware which is my exterior hardrive, my AVG will not just exit I have to totally remove and the Smart Ware did not have a means to exit from the tray, I hope I did not mess up the log.
I have Malwarebytes already and did a scan yesterday and got no results, will run another scan and see what happens.
I an considering deleting my Outlook and reloading it and see what happens, but want to wait till I here from you.
If there is a virus, hopefully by totally removing my Outlook and reloading it might take care of the problem, I am not sure.
gerbil
216
Industrious Poster
That GMer log shows clean, Eagle. Reinstalling Outlook will only spoil a very poor sort of virus; their function is to replicate as well as damage/interpose themselves, so there would be copies of it all through your system. But they would have to be hidden with a rootkit or two otherwise they would show in scans. I take it that the online scans showed nothing?
PP, feel very free to get in my way... :)
Eagle4Ever
0
Light Poster
My computer just crashed a few minutes ago, so what do I do next, or is there anything that can be done, and yes the scan was negative, it showed nothing, and so I am at ends wits.
PS. I thought the rootkit tool would expose it, I guess not, a Man's home is no longer his castle, it belongs crackers.
Eagle4Ever
0
Light Poster
Oh yes I should have mentioned, it was outlook that caused my computer to crash, I sure hate to re-format, it is such a pain, but he (the Cracker) just comes back.
Your a good guy gerbil, I just wish I could help you more, I just don't know what to do.
gerbil
216
Industrious Poster
Let's have a closer look, Eagle. Download to your desktop this scanner, http://oldtimer.geekstogo.com/OTL.exe.
Start it via the icon, and for an initial scan simply set the file age to scan at 60 days, then press Run Scan button.
Two logs will be produced, OTL and Extras. Please post both. If really long you might attach them via the Use Advanced Editor button.
Eagle4Ever
0
Light Poster
gerbil,
Here are the two Text Documents you requested, and again thank you for helping, also I need to break down this tread, its too long, Event Viewer, which we already have done, and I can send it to the forum as done, and this thread am not sure what to name it, got any suggestions.
I guess I will call it root kit, I am not sure.
gerbil
216
Industrious Poster
Start OTL.exe
Paste the text written inside the box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4
[2011/02/11 03:03:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
:Commands
[purity]
[emptytemp]
[Reboot]Click the Run Fix button; post the results of the log.
Does this file exist:
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mssqlsystemresource.mdf ?
It is probably overkill to run both IoBit and SAS services.
I could see no other problems in those logs you posted. If after running the above fix there is no improvement then I can only suggest this further tool:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : close other applications and save work, turn off your Antivirus, Antispyware and Firewall for the duration of this scan.
- to run it dclick the Combofix.exe icon and follow the prompts to start it. If you do not have it installed already, Combofix will want to download and install the Recovery Console on your system -agree.
A word of caution - do not touch your mouse/keyboard until the scan has completed [your computer will restart automatically] when a log, C:\Combofix.txt , will pop onto your desktop - post that log in your next reply.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Eagle4Ever
0
Light Poster
Hey gerbel,
GMER just come up with something, not sure what to do with it, will have the other stuff to you in few minutes.
Eagle4Ever
0
Light Poster
Here is the OTL Log file you requested yesterday
gerbil
216
Industrious Poster
Eagle, was IoBit on your system when you did the earlier GMER run shown at the top of this page[to save me checking back...]?
That last OTL report is not right... could you restart OTL, and paste in what is shown in the box above [all of it] and then press RUN FIX button, not the Run Scan button.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.