also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

[Solved] Google Redirect Issue

Discussion in 'Virus and Malware Removal' started by oltraff, Nov 26, 2010.

Thread Status:
Not open for further replies.
Page 4 of 4

  1. oltraff Newcomer, in training

    Yes sir. Lesson learned. Here's the first OTL log. Should I make the updates in post 58 and then create the new restore point?

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Hitman Pro 3.5 folder moved successfully.
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe moved successfully.
    C:\Program Files\Mozilla Firefox\fjhdyfhsn.bat moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\ZangoShoppingReport2.zip moved successfully.
    File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\ZangoShoppingReport2.zip not found.
    C:\Users\Ashish\Desktop\GooredFix Backups\C\Users\Ashish\AppData\Local\{8EFC8277-0EFC-4A19-B9E5-C385FF2EB0DB}\chrome\content\overlay.xul moved successfully.
    C:\Users\Ashish\DoctorWeb\Quarantine\plugin-enaqypjmfriuc.pdf moved successfully.
    C:\Users\Ashish\DoctorWeb\Quarantine\plugin-kqilatdpkrysft.pdf moved successfully.
    C:\Users\Ashish\DoctorWeb\Quarantine\plugin-krklcqxththmivh.pdf moved successfully.
    C:\Users\Ashish\DoctorWeb\Quarantine\plugin-libtiff.pdf moved successfully.
    C:\Users\Ashish\DoctorWeb\Quarantine\plugin-pmwp.pdf moved successfully.
    C:\Users\Ashish\DoctorWeb\Quarantine\plugin-uhgnc.pdf moved successfully.
    C:\Users\Ashish\DoctorWeb\Quarantine\plugin-xzxugwbpdmxmgqc.pdf moved successfully.
    C:\Users\Ashish\Downloads\Hawthorne Heights-Fragile Future\03-hawthorne_heights-until_the_judgement_day.mp3 moved successfully.
    C:\Users\Ashish\Downloads\Hitman Pro v3.5.5 Build 98 (32-bit) + Crack [RH]\HMP.3.5.5.98_[RH].rar moved successfully.
    C:\Users\Ashish\Downloads\Hitman Pro v3.5.5 Build 98 (32-bit) + Crack [RH]\Hitman Pro v3.5.5 Build 98 (32-bit)\Crack\HitmanPro35.exe moved successfully.
    C:\Users\Ashish2\Desktop\GooredFix Backups\C\Users\Ashish\AppData\Local\{8EFC8277-0EFC-4A19-B9E5-C385FF2EB0DB}\chrome\content\overlay.xul moved successfully.
    C:\Users\Ashish2\DoctorWeb\Quarantine\plugin-enaqypjmfriuc.pdf moved successfully.
    C:\Users\Ashish2\DoctorWeb\Quarantine\plugin-kqilatdpkrysft.pdf moved successfully.
    C:\Users\Ashish2\DoctorWeb\Quarantine\plugin-krklcqxththmivh.pdf moved successfully.
    C:\Users\Ashish2\DoctorWeb\Quarantine\plugin-libtiff.pdf moved successfully.
    C:\Users\Ashish2\DoctorWeb\Quarantine\plugin-pmwp.pdf moved successfully.
    C:\Users\Ashish2\DoctorWeb\Quarantine\plugin-uhgnc.pdf moved successfully.
    C:\Users\Ashish2\DoctorWeb\Quarantine\plugin-xzxugwbpdmxmgqc.pdf moved successfully.
    C:\Users\Ashish2\Downloads\Hawthorne Heights-Fragile Future\03-hawthorne_heights-until_the_judgement_day.mp3 moved successfully.
    C:\Users\Ashish2\Downloads\Hitman Pro v3.5.5 Build 98 (32-bit) + Crack [RH]\HMP.3.5.5.98_[RH].rar moved successfully.
    C:\Users\Ashish2\Downloads\Hitman Pro v3.5.5 Build 98 (32-bit) + Crack [RH]\Hitman Pro v3.5.5 Build 98 (32-bit)\Crack\HitmanPro35.exe moved successfully.
    C:\Users\Public\Documents\Server\hlp.dat moved successfully.
    File\Folder C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV \JnteZavorp1cal0.pyZoU2773a43bHb9038ec7V03009f35002R45a2c145108Tf2e4d2feQ00 0002fa901801F002a000aJ10000601l0409325 not found.
    File\Folder C:\_OTL\MovedFiles\11272010_142039\C_Users\Ashish\AppData\Roaming\025EE4953 3BAB044CB74A2A78C0E406A\enemies-names.txt not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: ADMIN
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Ashish
    ->Temp folder emptied: 49732 bytes
    ->Temporary Internet Files folder emptied: 37294 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 48738359 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 1047 bytes

    User: Ashish2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 37756 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 47.00 mb


    [EMPTYFLASH]

    User: ADMIN
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Ashish
    ->Flash cache emptied: 0 bytes

    User: Ashish2
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11282010_172350

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    oltraff, Nov 28, 2010
    #61

  2. Broni Malware Annihilator

    Follow instructions from my reply #60 and a new restore point will be created by OTL.
    Broni, Nov 28, 2010
    #62

  3. oltraff Newcomer, in training

    Understood but I was wondering if I should update to SP2 and then remove Java remnants before creating the restore point using the method in post #60. Thanks
    oltraff, Nov 28, 2010
    #63

  4. Broni Malware Annihilator

    Java first, then the rest.
    First OTL script will remove all old restore points and it'll create clean, fresh one.
    That's important BEFORE attempting SP3 installation.
    Just follow all steps in exact order and you'll be fine :)
    Broni, Nov 28, 2010
    #64

  5. oltraff Newcomer, in training

    OTL Log 2:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: ADMIN
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Ashish
    ->Temp folder emptied: 50187 bytes
    ->Temporary Internet Files folder emptied: 37294 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 33800572 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 793 bytes

    User: Ashish2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 37756 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 32.00 mb


    [EMPTYFLASH]

    User: ADMIN
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Ashish
    ->Flash cache emptied: 0 bytes

    User: Ashish2
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.17.3 log created on 11282010_182512

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    oltraff, Nov 28, 2010
    #65

  6. oltraff Newcomer, in training

    Java done, OTL restore point script done and SP update done. Thanks
    oltraff, Nov 28, 2010
    #66

  7. Broni Malware Annihilator

    Cool [IMG]
    Good luck and stay safe :)
    Broni, Nov 28, 2010
    #67

  8. oltraff Newcomer, in training

    Thanks for your help and patience.
    oltraff, Nov 28, 2010
    #68

  9. Broni Malware Annihilator

    You're very welcome [IMG]
    Broni, Nov 28, 2010
    #69
Page 4 of 4
Thread Status:
Not open for further replies.