Inactive Slender Man virus

[daveed12vas]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2174916 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20297 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12172012_192755

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_49c.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[daveed12vas]

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 26
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

 

[daveed12vas]

The link for FSS only takes to a download of other products like 'Reimage'

 

[daveed12vas]

ESET online scanner found no threats.

 

[Broni]

The link for FSS only takes to a download of other products like 'Reimage'

No. C'mmon...
Uploaded it for you here: http://www.filedropper.com/tfc

=========================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

========================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

 

[daveed12vas]

Adobe Reader does not install, I only get an error message. I still can not use internet explorer without my PC freezing, I still can not use a double mouse click to open any programs, and Norton360 still stalls and stops running when I try to run scans.

 

[Broni]

Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
Make sure you follow ALL steps listed there.
See how IE works afterwards.

As I said before reinstall Norton and see how it goes.

We'll go from there.

 

[daveed12vas]

You said to get FSS from the link above, but the link takes me to a download of TFC.
I have uninstalled & then reinstalled Norton360, but Norton stills stalls out after 2000-2900 files scanned.
I have uninstalled my Internet Explorer, but the new download will not Install and stalls out like norton360, or it will open and then quickly snap closed.
And still programs will not open with a left mouse click. (Example: left click mouse on Start button, move mouse pointer up to All Programs, move mouse pointer up to Mozilla and a left mouse click will no longer open Mozilla; or any other program either. Start Menu closes.)

 

[daveed12vas]

I can not run Windows Updates. I think because of the bad Internet Explorer virus or registry errors or what ever.

 

[daveed12vas]

The Fixit download will not run. I get an error message: ! The Windows Installer program could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support for personal assistance.

 

[daveed12vas]

I followed the instructions on how to reset internet explorer settings by myself. Doing this did not fix the problems on my PC.

 

[daveed12vas]

I have -I guess- successfully uninstalled Internet Explorer 8 for XP. However, my new IE8 download will not install, and will not download Windows Updates. The install program just runs endlessly. I tried to run the new install many, many times. One time I let the installation run for over 12 hours... nothing installed. I could only force a reboot of my PC by pressing & holding the power button.

 

[daveed12vas]

A friend said to run Malwarebytes in Safe Mode. Here is the log file of that scan. It took only an hour.


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.16.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 7.0.5730.13
Administrator :: GX620 [administrator]

12/18/2012 12:47:14 PM
mbam-log-2012-12-18 (12-47-14).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227858
Time elapsed: 58 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

IMPORTANT! In addition checkmark also:
- Repair icons
- Repair .lnk (Shortcuts) File Association

Click on box next to the Restart System when Finished. Then click on Start.

 

[daveed12vas]

Sorry, but I can not run the Windows Repair (All in One). I only get an error message: 'could not create uninstall shortcut: C:/Documents and settings/ all users/ start menu/ programs/ tweaking.com/ windows repair (all in one)/ uninstall tweaking.com - windows repair (all in one).ink'

 

[Broni]

I'm afraid we'll need Windows XP CD. Do you have/can borrow one?

 

[daveed12vas]

Dang. I have no CD. The PC came with XP installed. What happened?

 

[daveed12vas]

It's okay. I'll just upgrade, to Windows 7 or Vista. Thanks Broni. Happy Holidays. Keep the Yuletide Gay.

 

[Broni]

It looks like Windows installation is corrupted.
Ask around. Try to borrow Windows CD.

 

[Broni]

Merry Christmas