TechSpot

8-step Viruses/Spyware/Malware Preliminary Removal Instructions Help!

By Megcx
Nov 21, 2010
  1. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Meghan
    ->Temp folder emptied: 8089 bytes
    ->Temporary Internet Files folder emptied: 45764788 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 765 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12978 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 44.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Meghan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 11242010_132713

    Files\Folders moved on Reboot...
    C:\Users\Meghan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  2. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    I'm still getting redirected ): It was really good the other day, but for some reason today it's a lot worse
     
  3. Broni

    Broni Malware Annihilator Posts: 52,623   +340

    Go Start>Run ("Start search" in Vista), type in:
    cmd
    Click OK (hit Enter in Vista).

    At Command Prompt, paste this:
    ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
    Hit Enter.

    Copy and paste what you see in Notepad into a Reply here.
     
  4. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    A blanks Notepad opens. It says it cannot find the file and asks if I want to create a new file
     
  5. Broni

    Broni Malware Annihilator Posts: 52,623   +340

    Go Start>Run ("Start search" in Vista).
    Type in:
    cmd
    Click OK (press Enter in Vista)

    At command prompt, type in:
    ipconfig /all (<-----watch for "space" after "ipconfig")
    Press Enter.

    Click the icon on the menubar on the left and then Edit>Select all
    Click the icon in the menubar again then Edit>Copy

    [​IMG]

    This copies all the text to the clipboard.

    Paste the output into your next reply.
     
  6. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\Meghan>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Meghan-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : lan

    Wireless LAN adapter Wireless Network Connection 2:

    Connection-specific DNS Suffix . : lan
    Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter
    Physical Address. . . . . . . . . : 90-4C-E5-5D-6A-C9
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::3075:3789:c2c7:2a97%12(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : November-24-10 10:04:50 PM
    Lease Expires . . . . . . . . . . : November-26-10 8:40:37 AM
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 328223973
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9D-C7-58-00-26-22-8D-14-6F

    DNS Servers . . . . . . . . . . . : 192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Contro
    ller (NDIS 6.20)
    Physical Address. . . . . . . . . : 00-26-22-8D-14-6F
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.lan:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : lan
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{2BE7B38B-9ACF-414D-B060-E9CD1C76DF17}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:186b:20c8:5231:feb0(Pref
    erred)
    Link-local IPv6 Address . . . . . : fe80::186b:20c8:5231:feb0%13(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Users\Meghan>
     
  7. Broni

    Broni Malware Annihilator Posts: 52,623   +340

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
     
  8. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    Before I do any of this, is it possible to not reset the router... or is that neccessary? The last time I reset it my internet connection got lost, so I had to call my service's tech people and they fixed it after a few hours, but they told me to not do that again and to only turn it off by pulling the cord...so yeah...):
     
  9. Broni

    Broni Malware Annihilator Posts: 52,623   +340

    Unfortunately, I see no other way to make sure, your router is not hijacked.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...