also @ TechSpot: Blizzard talks Diablo 3 facts, nerfing and buffs for legendary items

TechSpot

[Solved] \\system 32\\00006fd7 virus or malware?

Discussion in 'Virus and Malware Removal' started by Sariika, Feb 6, 2012.

Page 2 of 2

  1. Broni Malware Annihilator

    Broni, Feb 7, 2012
    #21

  2. Sariika Newcomer, in training

    Java installed now, here is the OTL log, the rest to follow in a bit:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gCnHHwIyAjV.exe deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1433771089-290694152-3090030198-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\spchecker deleted successfully.
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL deleted successfully.
    C:\ProgramData\35m47855uuxj27cq2i6qu55325u50tlx6thhtc0wvu85 moved successfully.
    C:\ProgramData\t2ybcc7v0fo3v477kk270ad moved successfully.
    C:\ProgramData\r0t835ni0n1t18aj4n071sa4s7m moved successfully.
    C:\Windows\System32\xshhp32.dll moved successfully.
    C:\Windows\System32\ovovinh.dll moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\promotion folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\browser folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\LimeWire folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\xml\data folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\xml folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\promotion folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\certificate folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\browser folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
    C:\Users\Janine\AppData\Roaming\LimeWire folder moved successfully.
    ADS C:\ProgramData\Temp:6E7A5A95 deleted successfully.
    ADS C:\ProgramData\Temp:DDBA1B03 deleted successfully.
    ADS C:\ProgramData\Temp:330B710D deleted successfully.
    ADS C:\ProgramData\Temp:28CC72D6 deleted successfully.
    ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
    ADS C:\ProgramData\Temp:4A74A9A7 deleted successfully.
    ADS C:\ProgramData\Temp:2AF40C07 deleted successfully.
    ADS C:\ProgramData\Temp:C76BA037 deleted successfully.
    ADS C:\ProgramData\Temp:3939CF5F deleted successfully.
    ADS C:\ProgramData\Temp:E3314716 deleted successfully.
    ADS C:\ProgramData\Temp:51EFAA18 deleted successfully.
    ADS C:\ProgramData\Temp:4B6543DE deleted successfully.
    ADS C:\ProgramData\Temp:B9B2111D deleted successfully.
    ADS C:\ProgramData\Temp:36EEEDAC deleted successfully.
    ADS C:\ProgramData\Temp:1BEAD68C deleted successfully.
    ADS C:\ProgramData\Temp:6611AB82 deleted successfully.
    ADS C:\ProgramData\Temp:E7730732 deleted successfully.
    ADS C:\ProgramData\Temp:EBFD4E6F deleted successfully.
    ADS C:\ProgramData\Temp:D53D29CC deleted successfully.
    ADS C:\ProgramData\Temp:6DA18708 deleted successfully.
    ADS C:\ProgramData\Temp:E6540C35 deleted successfully.
    ADS C:\ProgramData\Temp:3D0C4F47 deleted successfully.
    ADS C:\ProgramData\Temp:B203B914 deleted successfully.
    ADS C:\ProgramData\Temp:30E8F700 deleted successfully.
    ADS C:\ProgramData\Temp:0824CCE8 deleted successfully.
    ADS C:\ProgramData\Temp:E6A94ABF deleted successfully.
    ADS C:\ProgramData\Temp:969736FD deleted successfully.
    ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
    ADS C:\ProgramData\Temp:A1CD17F9 deleted successfully.
    ADS C:\ProgramData\Temp:5EE52088 deleted successfully.
    ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
    ADS C:\ProgramData\Temp:15D9664E deleted successfully.
    ADS C:\ProgramData\Temp:D29B16C5 deleted successfully.
    ADS C:\ProgramData\Temp:94124B85 deleted successfully.
    ADS C:\ProgramData\Temp:34296815 deleted successfully.
    ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
    ADS C:\ProgramData\Temp:BB24555F deleted successfully.
    ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
    ADS C:\ProgramData\Temp:AA2A4FE5 deleted successfully.
    ADS C:\ProgramData\Temp:81BA5807 deleted successfully.
    ADS C:\ProgramData\Temp:14DFF9B1 deleted successfully.
    ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
    ADS C:\ProgramData\Temp:9CD3B6D1 deleted successfully.
    ADS C:\ProgramData\Temp:FE53E4F7 deleted successfully.
    ADS C:\ProgramData\Temp:7D371AB2 deleted successfully.
    ADS C:\ProgramData\Temp:27E4D052 deleted successfully.
    ADS C:\ProgramData\Temp:814B9485 deleted successfully.
    ADS C:\ProgramData\Temp:ADE16379 deleted successfully.
    ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 170724 bytes
    ->Temporary Internet Files folder emptied: 19597948 bytes
    ->Java cache emptied: 25493434 bytes
    ->Flash cache emptied: 2316 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 75 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Janine
    ->Temp folder emptied: 6604873 bytes
    ->Temporary Internet Files folder emptied: 315394369 bytes
    ->Java cache emptied: 285476 bytes
    ->Google Chrome cache emptied: 6553568 bytes
    ->Flash cache emptied: 3135059 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 75 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 256617232 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 41035 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 605.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Janine
    ->Java cache emptied: 0 bytes

    User: postgres

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Janine
    ->Flash cache emptied: 0 bytes

    User: postgres
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02072012_193614

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    Sariika, Feb 7, 2012
    #22

  3. Sariika Newcomer, in training

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG 2012
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Java(TM) 6 Update 30
    Adobe Flash Player ( 10.0.12.36) Flash Player Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````




    Farbar Service Scanner Version: 05-02-2012
    Ran by Administrator (administrator) on 07-02-2012 at 21:24:42
    Running from "C:\Users\Administrator\Desktop"
    Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2009-10-20 12:33] - [2009-04-10 23:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2009-10-20 12:32] - [2009-04-10 23:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
    Sariika, Feb 7, 2012
    #23

  4. Sariika Newcomer, in training

    Eset

    ESET scan:

    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined


    That's everything on the list :)
    Sariika, Feb 8, 2012
    #24

  5. Broni Malware Annihilator

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    =============================================================

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Feb 8, 2012
    #25

  6. Sariika Newcomer, in training

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 592970 bytes
    ->Temporary Internet Files folder emptied: 44672977 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 675 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Janine
    ->Temp folder emptied: 112029 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33393 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 43.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Janine
    ->Flash cache emptied: 0 bytes

    User: postgres
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Janine
    ->Java cache emptied: 0 bytes

    User: postgres

    User: Public

    Total Java Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.31.0 log created on 02082012_110406

    Files\Folders moved on Reboot...
    C:\Users\Administrator\AppData\Local\Temp\~DF509A.tmp moved successfully.
    File\Folder C:\Users\Administrator\AppData\Local\Temp\~DFD839.tmp not found!
    File\Folder C:\Users\Administrator\AppData\Local\Temp\~DFD83F.tmp not found!
    File\Folder C:\Users\Administrator\AppData\Local\Temp\~DFD886.tmp not found!
    File\Folder C:\Users\Administrator\AppData\Local\Temp\~DFD88B.tmp not found!
    File\Folder C:\Users\Administrator\AppData\Local\Temp\~DFD8B4.tmp not found!
    File\Folder C:\Users\Administrator\AppData\Local\Temp\~DFD8B9.tmp not found!
    C:\Users\Administrator\AppData\Local\Temp\~DFD9D1.tmp moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L82E99IO\12[1].htm moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L82E99IO\ads[1].htm moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L82E99IO\facebook_com[1].htm moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L82E99IO\fastbutton[1].htm moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GDQFO4PD\likebox[3].htm moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GDQFO4PD\topic177197-2[2].html moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6ZSYVZX\ads[2].htm moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CHRSC3Z\ai[6].htm moved successfully.

    Registry entries deleted on Reboot...
    Sariika, Feb 8, 2012
    #26

  7. Sariika Newcomer, in training

    Everything seems to being looking good, thanks again so much for your awesome help :)
    Sariika, Feb 8, 2012
    #27

  8. Broni Malware Annihilator

    Way to go!! [IMG]
    Good luck and stay safe :)
    Broni, Feb 8, 2012
    #28

  9. Sariika Newcomer, in training

    Actually, just so you know, I still have GMER, aswMBR, AppRemover, unhide, FSS. TFC and SecurityCheck on my desktop, is there anything else to do to remove these?
    Sariika, Feb 8, 2012
    #29

  10. Broni Malware Annihilator

    You can simply delete those.
    They don't install.
    Broni, Feb 8, 2012
    #30

  11. Sariika Newcomer, in training

    Ok :) You are absolutely awesome, and I commend the pro bono work you do! I will be sending a donation your way tho! Take care!
    Sariika, Feb 8, 2012
    #31

  12. Broni Malware Annihilator

    You're very welcome [IMG]
    Broni, Feb 8, 2012
    #32

  13. Sariika Newcomer, in training

    Hey Broni, Sorry to bug you again, but for some reason I'm having problems with my Adobe Flash. A few sites say that I don't have it. I've uninstalled and reinstalled twice now, but still the same thing...just wondering if you'd know what that would be? Thanks!
    Sariika, Feb 10, 2012
    #33

  14. Broni Malware Annihilator

    Create new topic in Windows forum.
    Broni, Feb 10, 2012
    #34
Page 2 of 2