Solved \\.\PhysicalDrive0 Win7

Status
Not open for further replies.
No time. Most likely, some leftovers, which can be removed with one OTL script run.
 
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x64)_keygen.zip a variant of Win32/Nebuler.BR trojan
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen (1).zip a variant of Win32/Nebuler.BR trojan
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen (2).zip a variant of Win32/Nebuler.BR trojan
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen.zip a variant of Win32/Nebuler.BR trojan
C:\Users\Juan Felipe\Downloads\networkmon-debug.rar probably a variant of Win32/TrojanDownloader.Agent.LAETLCV trojan
C:\Users\Juan Felipe\Downloads\Assassins.Creed.II-SKIDROW\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\Juan Felipe\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
 
Downloading some illegal stuff?
Not good. That's the main source of infections.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x64)_keygen.zip 
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen (1).zip 
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen (2).zip 
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen.zip 
C:\Users\Juan Felipe\Downloads\networkmon-debug.rar 
C:\Users\Juan Felipe\Downloads\Assassins.Creed.II-SKIDROW\sr-acii.iso 
C:\Users\Juan Felipe\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x64)_keygen.zip moved successfully.
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen (1).zip moved successfully.
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen (2).zip moved successfully.
C:\Users\Juan Felipe\Downloads\Microsoft_Office_2010_(x86)_keygen.zip moved successfully.
C:\Users\Juan Felipe\Downloads\networkmon-debug.rar moved successfully.
C:\Users\Juan Felipe\Downloads\Assassins.Creed.II-SKIDROW\sr-acii.iso moved successfully.
C:\Users\Juan Felipe\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: juan

User: Juan Felipe
->Temp folder emptied: 412077 bytes
->Temporary Internet Files folder emptied: 5218339 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 75988620 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 937 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 78.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: juan

User: Juan Felipe
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11272010_211505

Files\Folders moved on Reboot...
C:\Users\Juan Felipe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: juan

User: Juan Felipe
->Temp folder emptied: 411376 bytes
->Temporary Internet Files folder emptied: 187051 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6757465 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: juan

User: Juan Felipe
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 11272010_212149

Files\Folders moved on Reboot...
C:\Users\Juan Felipe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\bcdc003b.$$$ not found!

Registry entries deleted on Reboot...
 
Way to go!!
p4193510.gif

Good luck and stay safe :)
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Graphics card makers believe the RTX 5090 and 5080 will ship in Q4 2024
Replies
24
Views
267
godrilla
godrilla
Daniel Sims
Microsoft may be working on a portable Xbox, similar to a Switch, worked by the Surface...
Replies
13
Views
294
Atmajaya2020
Atmajaya2020
D
Florida bans children under 14 from holding social media accounts
2
Replies
35
Views
461
texasrattler
T

Latest posts

Back