also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot

[Inactive] Google search redirected in safe mode

Discussion in 'Virus and Malware Removal' started by destyna26, Feb 23, 2011.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Broni Malware Annihilator

    Broni, Feb 26, 2011
    #21

  2. destyna26 Newcomer, in training

    I dont know if this becomes a problem, but my laptop is hanging up more often. Latest one is when after the reboot of the OTL. This is the 3rd time since the Malwarebytes check a while ago.

    Here are the logs. I will try to download the Java and continue with the scans.

    All processes killed
    ========== OTL ==========
    C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-4282951562-3757435101-538525854-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    C:\Documents and Settings\Ma Kimlyn\My Documents\~WRL3378.tmp deleted successfully.
    C:\WINDOWS\system32\ezsidmv.dat moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:85C0059D deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:87EF2A8F deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E9C9E8F deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C7EBDC3 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:178093AE deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:65665647 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:09B77012 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2397415 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:93C494CA deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7091055F deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:27F44544 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D03192E deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:EAEE7554 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:798A3728 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:15752405 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:60F5A2F7 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Ma Kimlyn
    ->Temp folder emptied: 21676517 bytes
    ->Temporary Internet Files folder emptied: 3928958 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 97111927 bytes
    ->Flash cache emptied: 1494 bytes

    User: Marc
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 458886 bytes
    ->Flash cache emptied: 618 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 68932 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 513536 bytes

    Total Files Cleaned = 118.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Ma Kimlyn
    ->Flash cache emptied: 0 bytes

    User: Marc
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.0 log created on 02252011_215421

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Ma Kimlyn\Local Settings\Temp\WCESLog.log moved successfully.
    File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_c3c.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_148.dat not found!

    Registry entries deleted on Reboot...

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Ma Kimlyn\Local Settings\Temp\WCESLog.log moved successfully.
    File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_c3c.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_148.dat not found!

    Registry entries deleted on Reboot...
    destyna26, Feb 26, 2011
    #22

  3. destyna26 Newcomer, in training

    Cant install it either. In the middle of installation, it's asking me for a Java (TM) 6 Update 18 disk.

    I'm going to continue with the scans.
    destyna26, Feb 26, 2011
    #23

  4. destyna26 Newcomer, in training

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    ESET Online Scanner v3
    Symantec Endpoint Protection
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 15
    Java(TM) 6 Update 18
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Norton ccSvcHst.exe
    ``````````End of Log````````````
    destyna26, Feb 26, 2011
    #24

  5. Broni Malware Annihilator

    Uninstall:
    Java(TM) 6 Update 15
    Java(TM) 6 Update 18
    Restart computer.
    Try to install the latest Java again.

    ========================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ========================================================================

    ...and Eset scan....
    Broni, Feb 26, 2011
    #25

  6. Broni Malware Annihilator

    Are you still out there?
    Broni, Mar 3, 2011
    #26

  7. destyna26 Newcomer, in training

    Yes. Our internet is just acting up thats why I was unable to do this.

    I was unsuccessful in removing the Java TM 6 Update 18. Its asking for a CD-ROM.

    The ESET scan always freezes my computer halfway. My laptop freezes when its on standby.
    destyna26, Mar 3, 2011
    #27

  8. Broni Malware Annihilator

    Regarding Java...
    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    Instead of Eset....
    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Free scan now button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View report.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
    Broni, Mar 3, 2011
    #28

  9. Broni Malware Annihilator

    Are you still out there?
    Broni, Mar 9, 2011
    #29
Page 2 of 2
Thread Status:
Not open for further replies.