Solved Help me please? My desktop has virus Win32:Bamital-AQ
- Thread starter JBEEZY
- Start date
- Status
OTL Log Results.
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\AVG10\scanlogs folder moved successfully.
C:\ProgramData\AVG10\log\IDP\log folder moved successfully.
C:\ProgramData\AVG10\log\IDP folder moved successfully.
C:\ProgramData\AVG10\log folder moved successfully.
C:\ProgramData\AVG10\cfgall folder moved successfully.
C:\ProgramData\AVG10\Cfg folder moved successfully.
C:\ProgramData\AVG10 folder moved successfully.
C:\Windows\System32\drivers\AVG folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4\Components folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4 folder moved successfully.
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Users\RaeJae\AppData\Local\0v128yg110yy544h80wqr2 moved successfully.
C:\ProgramData\0v128yg110yy544h80wqr2 moved successfully.
C:\Windows\System32\LAPRXYQ.dll moved successfully.
C:\Users\RaeJae\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\Users\RaeJae\AppData\Local\3KDlJfWHhxqk8US
0XruD21dPH8RG99Zx2A deleted successfully.
ADS C:\ProgramData\Temp74B6CF5 deleted successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
ADS C:\Users\RaeJae\AppData\Local\mhpZyXByCHO9WP:Fu8w9uaQQLrCJXEJHIpdfbnC deleted successfully.
ADS C:\Users\RaeJae\AppData\Local\Temp:SVSytjQYCf1FZESAvcJs0tQMN deleted successfully.
========== FILES ==========
C:\Program Files\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files\AskBarDis\bar\bin folder moved successfully.
C:\Program Files\AskBarDis\bar folder moved successfully.
C:\Program Files\AskBarDis folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ChaKotAshWai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: RaeJae
->Temp folder emptied: 64622585 bytes
->Temporary Internet Files folder emptied: 6894785 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 13701902 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 434 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2756128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 84.00 mb
[EMPTYFLASH]
User: All Users
User: ChaKotAshWai
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: RaeJae
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_140705
Files\Folders moved on Reboot...
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S4HHHJRZ\sh39[1].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S4HHHJRZ\topic164078-2[1].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLN512X2\background_button_green_full[1].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\AVG10\scanlogs folder moved successfully.
C:\ProgramData\AVG10\log\IDP\log folder moved successfully.
C:\ProgramData\AVG10\log\IDP folder moved successfully.
C:\ProgramData\AVG10\log folder moved successfully.
C:\ProgramData\AVG10\cfgall folder moved successfully.
C:\ProgramData\AVG10\Cfg folder moved successfully.
C:\ProgramData\AVG10 folder moved successfully.
C:\Windows\System32\drivers\AVG folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4\Components folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4 folder moved successfully.
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Users\RaeJae\AppData\Local\0v128yg110yy544h80wqr2 moved successfully.
C:\ProgramData\0v128yg110yy544h80wqr2 moved successfully.
C:\Windows\System32\LAPRXYQ.dll moved successfully.
C:\Users\RaeJae\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\RaeJae\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\Users\RaeJae\AppData\Local\3KDlJfWHhxqk8US
0XruD21dPH8RG99Zx2A deleted successfully.ADS C:\ProgramData\Temp
74B6CF5 deleted successfully.ADS C:\ProgramData\Temp
FC5A2B2 deleted successfully.ADS C:\Users\RaeJae\AppData\Local\mhpZyXByCHO9WP:Fu8w9uaQQLrCJXEJHIpdfbnC deleted successfully.
ADS C:\Users\RaeJae\AppData\Local\Temp:SVSytjQYCf1FZESAvcJs0tQMN deleted successfully.
========== FILES ==========
C:\Program Files\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files\AskBarDis\bar\bin folder moved successfully.
C:\Program Files\AskBarDis\bar folder moved successfully.
C:\Program Files\AskBarDis folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ChaKotAshWai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: RaeJae
->Temp folder emptied: 64622585 bytes
->Temporary Internet Files folder emptied: 6894785 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 13701902 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 434 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2756128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 84.00 mb
[EMPTYFLASH]
User: All Users
User: ChaKotAshWai
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: RaeJae
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_140705
Files\Folders moved on Reboot...
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S4HHHJRZ\sh39[1].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S4HHHJRZ\topic164078-2[1].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLN512X2\background_button_green_full[1].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Security Check Results.
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
``````````End of Log````````````
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
``````````End of Log````````````
Broni
Posts: 56,041 +516
I still can see two AV programs listed:
avast! Free Antivirus
Norton Internet Security
Did you run Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN ?
avast! Free Antivirus
Norton Internet Security
Did you run Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN ?
ESET Scan Results.
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.dll.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir Win32/Bamital.EQ trojan
C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir Win32/Bamital.EQ trojan
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application
C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url Win32/Adware.ADON application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR.rar a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT.rar probably a variant of Win32/Agent.HEPGPJJ trojan
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.cs-80v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.minimoog.v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\KeyGen.exe probably a variant of Win32/Agent.HEPGPJJ trojan
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\rob.papen.predator.vsti.v1.1.incl.keygen-air\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Documents\My DAP Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ORiON.zip a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Downloads\Hacking_eBook_AIO\Hacking_eBook_AIO\Hacking_eBook_AIO\Hacking e-Book.exe VBS/TrojanDownloader.Psyme.gen trojan
C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ORiON\keygen.exe a variant of Win32/Keygen.AD application
C:\Windows\Installer\2348c9e.msi Win32/Adware.Toolbar.Dealio application
C:\_OTL\MovedFiles\04222011_140705\C_Windows\System32\LAPRXYQ.dll a variant of Win32/Kryptik.LXF trojan
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.dll.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir Win32/Bamital.EQ trojan
C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir Win32/Bamital.EQ trojan
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application
C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url Win32/Adware.ADON application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR.rar a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT.rar probably a variant of Win32/Agent.HEPGPJJ trojan
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.cs-80v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.minimoog.v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\KeyGen.exe probably a variant of Win32/Agent.HEPGPJJ trojan
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\rob.papen.predator.vsti.v1.1.incl.keygen-air\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Documents\My DAP Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ORiON.zip a variant of Win32/Keygen.AD application
C:\Users\RaeJae\Downloads\Hacking_eBook_AIO\Hacking_eBook_AIO\Hacking_eBook_AIO\Hacking e-Book.exe VBS/TrojanDownloader.Psyme.gen trojan
C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ORiON\keygen.exe a variant of Win32/Keygen.AD application
C:\Windows\Installer\2348c9e.msi Win32/Adware.Toolbar.Dealio application
C:\_OTL\MovedFiles\04222011_140705\C_Windows\System32\LAPRXYQ.dll a variant of Win32/Kryptik.LXF trojan
Broni
Posts: 56,041 +516
Run OTL
=====================================================================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. Run defrag at your convenience.
11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
12. Please, let me know, how your computer is doing.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL :Services :Reg :Files C:\Program Files\Application Updater\ApplicationUpdater.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eBay.url C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR.rar C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT.rar C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.cs-80v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.minimoog.v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\keygen.exe C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\keygen.exe C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\KeyGen.exe C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\rob.papen.predator.vsti.v1.1.incl.keygen-air\keygen.exe C:\Users\RaeJae\Documents\My DAP Downloads\registrybooster.exe C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ ORiON.zip C:\Users\RaeJae\Downloads\Hacking_eBook_AIO\Hacking_eBook_AIO\Hacking_eBook _AIO\Hacking e-Book.exe C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ ORiON\keygen.exe C:\Windows\Installer\2348c9e.msi C:\_OTL\MovedFiles\04222011_140705\C_Windows\System32\LAPRXYQ.dll :Commands [purity] [emptytemp] [emptyflash] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
=====================================================================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. Run defrag at your convenience.
11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
12. Please, let me know, how your computer is doing.
OTL Custom Scan Log.
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eBay.url not found.
C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR.rar moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT.rar moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.cs-80v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.minimoog.v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\KeyGen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\rob.papen.predator.vsti.v1.1.incl.keygen-air\keygen.exe moved successfully.
C:\Users\RaeJae\Documents\My DAP Downloads\registrybooster.exe moved successfully.
File\Folder C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ ORiON.zip not found.
File\Folder C:\Users\RaeJae\Downloads\Hacking_eBook_AIO\Hacking_eBook_AIO\Hacking_eBook _AIO\Hacking e-Book.exe not found.
File\Folder C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ ORiON\keygen.exe not found.
C:\Windows\Installer\2348c9e.msi moved successfully.
C:\_OTL\MovedFiles\04222011_140705\C_Windows\System32\LAPRXYQ.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ChaKotAshWai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: RaeJae
->Temp folder emptied: 18320764 bytes
->Temporary Internet Files folder emptied: 17309320 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 107844855 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3020 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 2867 bytes
Total Files Cleaned = 137.00 mb
[EMPTYFLASH]
User: All Users
User: ChaKotAshWai
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: RaeJae
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04232011_142104
Files\Folders moved on Reboot...
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQXTEK2W\sh39[1].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9B37IV5N\partner[1].htm moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9B37IV5N\topic164078-2[5].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eBay.url not found.
C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR.rar moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT.rar moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.cs-80v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\arturia.minimoog.v.vsti.rtas.v1.6.incl.keygen-air\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\GForce.ImpOSCar.VSTi.RTAS.v1.0.1.incl.Keygen-AiR\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\KeyGen.exe moved successfully.
C:\Users\RaeJae\Desktop\Mess Clean After\Software VSTI's n Samples\VSTI's n Samples\rob.papen.predator.vsti.v1.1.incl.keygen-air\keygen.exe moved successfully.
C:\Users\RaeJae\Documents\My DAP Downloads\registrybooster.exe moved successfully.
File\Folder C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ ORiON.zip not found.
File\Folder C:\Users\RaeJae\Downloads\Hacking_eBook_AIO\Hacking_eBook_AIO\Hacking_eBook _AIO\Hacking e-Book.exe not found.
File\Folder C:\Users\RaeJae\Downloads\Native_Instruments_All_Products_Keymaker_v1.3_by_ ORiON\keygen.exe not found.
C:\Windows\Installer\2348c9e.msi moved successfully.
C:\_OTL\MovedFiles\04222011_140705\C_Windows\System32\LAPRXYQ.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ChaKotAshWai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: RaeJae
->Temp folder emptied: 18320764 bytes
->Temporary Internet Files folder emptied: 17309320 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 107844855 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3020 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 2867 bytes
Total Files Cleaned = 137.00 mb
[EMPTYFLASH]
User: All Users
User: ChaKotAshWai
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: RaeJae
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04232011_142104
Files\Folders moved on Reboot...
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQXTEK2W\sh39[1].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9B37IV5N\partner[1].htm moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9B37IV5N\topic164078-2[5].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ChaKotAshWai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: RaeJae
->Temp folder emptied: 193637 bytes
->Temporary Internet Files folder emptied: 1968860 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.00 mb
[EMPTYFLASH]
User: All Users
User: ChaKotAshWai
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: RaeJae
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04232011_142719
Files\Folders moved on Reboot...
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H4FL1JR2\sh39[1].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H4FL1JR2\topic164078-2[2].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ChaKotAshWai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: RaeJae
->Temp folder emptied: 193637 bytes
->Temporary Internet Files folder emptied: 1968860 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.00 mb
[EMPTYFLASH]
User: All Users
User: ChaKotAshWai
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: RaeJae
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04232011_142719
Files\Folders moved on Reboot...
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H4FL1JR2\sh39[1].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H4FL1JR2\topic164078-2[2].html moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\RaeJae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Oh sorry. Umm okay I guess,I havent really run or done anything on it yet aprt from running the scans and following your instructions. But it is connecting to the net obviously and Avast hasn't popped up with any warnings
I am just about to do the next step,remove all logs and tools used etc Should I leave Malwarebytes on it or wait til the end for you to suggest what tools/programs/security I should have?
I am just about to do the next step,remove all logs and tools used etc Should I leave Malwarebytes on it or wait til the end for you to suggest what tools/programs/security I should have?
Would it be better to keep Malwarebytes and get rid of Spybot? I dont know the difference but in your reply you have run Malware regulary so I guess that means Spybot isn't needed? Also do I need to have a Firewall or is there already one suitable?
You are a lifesaver and I am very appreciative for your time and help through this!! It can't be easy getting so many people like myself on your doorstep time after time needing help but once again THANK YOU!!
You are a lifesaver and I am very appreciative for your time and help through this!! It can't be easy getting so many people like myself on your doorstep time after time needing help but once again THANK YOU!!
- Status
