also @ TechSpot: Blizzard talks Diablo 3 facts, nerfing and buffs for legendary items

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Internet explorer/crypted.exe virus in Temp folder (log files attached)

Discussion in 'Virus and Malware Removal' started by bhebepau, Nov 1, 2009.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Bobbye Helper on the Fringe

    Okay, sorry- I had two lines in the uninstall directions that I removed.

    You do not need to copy the quote in the reply, but see if the revised direction works: this is just the part that is above the image.

    • * Click START then RUN
      * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    If it doesn't, we'll handle it Monday.
    Bobbye, Nov 7, 2009
    #21

  2. bhebepau Newcomer, in training

    its the same, space between X and /

    it doesnt work
    bhebepau, Nov 7, 2009
    #22

  3. kritius Newcomer, in training

    Here is the fix for the OTS log.

    Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
    kritius, Nov 9, 2009
    #23

  4. bhebepau Newcomer, in training

    All Processes Killed
    [Registry - Safe List]
    HOSTS file reset successfully!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    [Files/Folders - Created Within 30 Days]
    C:\Combo-Fix\N_ folder moved successfully.
    C:\Combo-Fix\en-US folder moved successfully.
    C:\Combo-Fix folder moved successfully.
    C:\Windows\SWXCACLS.exe moved successfully.
    C:\Windows\SWREG.exe moved successfully.
    C:\Windows\SWSC.exe moved successfully.
    C:\Windows\NIRCMD.exe moved successfully.
    C:\Windows\ERDNT\Hiv-backup\Users\00000004 folder moved successfully.
    C:\Windows\ERDNT\Hiv-backup\Users\00000003 folder moved successfully.
    C:\Windows\ERDNT\Hiv-backup\Users\00000002 folder moved successfully.
    C:\Windows\ERDNT\Hiv-backup\Users\00000001 folder moved successfully.
    C:\Windows\ERDNT\Hiv-backup\Users folder moved successfully.
    C:\Windows\ERDNT\Hiv-backup folder moved successfully.
    C:\Windows\ERDNT folder moved successfully.
    C:\Qoobox\TestC folder moved successfully.
    C:\Qoobox\Test folder moved successfully.
    C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
    C:\Qoobox\Quarantine folder moved successfully.
    C:\Qoobox\LastRun folder moved successfully.
    C:\Qoobox\BackEnv folder moved successfully.
    C:\Qoobox folder moved successfully.
    [Files/Folders - Modified Within 30 Days]
    C:\Windows\PEV.exe moved successfully.
    C:\Windows\System32\coimtb.exe moved successfully.
    C:\Windows\System32\wwialc.exe moved successfully.
    C:\Windows\System32\bgdamv.exe moved successfully.
    C:\Windows\System32\fcsgmg.exe moved successfully.
    C:\Windows\MBR.exe moved successfully.
    [File - Lop Check]
    C:\Users\Admin\AppData\Roaming\BitTorrent folder moved successfully.
    C:\Users\Admin\AppData\Roaming\uTorrent folder moved successfully.
    [Empty Temp Folders]


    User: Admin
    ->Temp folder emptied: 91015981 bytes
    ->Temporary Internet Files folder emptied: 17376782 bytes
    ->Java cache emptied: 13817519 bytes
    ->FireFox cache emptied: 80295443 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 105689 bytes
    RecycleBin emptied: 7130649 bytes

    Total Files Cleaned = 200.03 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.4.0 fix logfile created on 11092009_174629

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    bhebepau, Nov 9, 2009
    #24

  5. bhebepau Newcomer, in training

    what would i have to do now? :(
    bhebepau, Nov 20, 2009
    #25

  6. kritius Newcomer, in training

    Run OTS again and post the log back here, how are things running?
    kritius, Nov 20, 2009
    #26

  7. bhebepau Newcomer, in training

    All Processes Killed
    [Registry - Safe List]
    HOSTS file reset successfully!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    [Files/Folders - Created Within 30 Days]
    File C:\Combo-Fix not found!
    File C:\Windows\SWXCACLS.exe not found!
    File C:\Windows\SWREG.exe not found!
    File C:\Windows\SWSC.exe not found!
    File C:\Windows\NIRCMD.exe not found!
    File C:\Windows\ERDNT not found!
    File C:\Qoobox not found!
    [Files/Folders - Modified Within 30 Days]
    File C:\Windows\PEV.exe not found!
    File C:\Windows\System32\coimtb.exe not found!
    File C:\Windows\System32\wwialc.exe not found!
    File C:\Windows\System32\bgdamv.exe not found!
    File C:\Windows\System32\fcsgmg.exe not found!
    File C:\Windows\MBR.exe not found!
    [File - Lop Check]
    File C:\Users\Admin\AppData\Roaming\BitTorrent not found!
    C:\Users\Admin\AppData\Roaming\uTorrent folder moved successfully.
    [Empty Temp Folders]


    User: Admin
    ->Temp folder emptied: 3599353 bytes
    ->Temporary Internet Files folder emptied: 29309094 bytes
    ->Java cache emptied: 15549742 bytes
    ->FireFox cache emptied: 88707472 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 546598 bytes
    RecycleBin emptied: 112560777 bytes

    Total Files Cleaned = 238.68 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.4.0 fix logfile created on 11202009_192303

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...



    ---------------------------------------------------------------

    i have no problem with my pc now. i guess this is the end of your support for me.

    thank you very much Bobbye and kritius for helping me!
    bhebepau, Nov 20, 2009
    #27

  8. kritius Newcomer, in training

    I meant a fresh log from it, not the fix again.
    kritius, Nov 20, 2009
    #28

  9. bhebepau Newcomer, in training

    oh sorry, here
    bhebepau, Nov 20, 2009
    #29

  10. kritius Newcomer, in training

    That looks ok.

    Open up OTS and hit the cleanup button.
    kritius, Nov 20, 2009
    #30

  11. bhebepau Newcomer, in training

    finished! thank you ! :)
    bhebepau, Nov 20, 2009
    #31

  12. kritius Newcomer, in training

    No problem.
    kritius, Nov 20, 2009
    #32
Page 2 of 2
Thread Status:
Not open for further replies.