Solved Win 7 7000 tmp files in document folder

From Sophos:

2016-06-18 13:43:37.750 Sophos Virus Removal Tool version 2.5.5
2016-06-18 13:43:37.750 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-18 13:43:37.751 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-18 13:43:37.751 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-06-18 13:43:37.752 Checking for updates...
2016-06-18 13:43:40.452 Update progress: proxy server not available
2016-06-18 13:43:48.307 Downloading updates...
2016-06-18 13:43:48.308 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-06-18 13:43:48.309 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-06-18 13:43:48.309 Update progress: [I49502] Found supplement IDE527 LATEST
2016-06-18 13:43:48.309 Update progress: [I49502] Found supplement IDE528 LATEST
2016-06-18 13:43:48.309 Update progress: [I49502] Found supplement IDE529 LATEST
2016-06-18 13:43:48.309 Update progress: [I49502] Found supplement IDE530 LATEST
2016-06-18 13:43:48.309 Update progress: [I49502] Found supplement IDE531 LATEST
2016-06-18 13:43:48.309 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-18 13:43:48.309 Update progress: [I19463] Syncing product SAVIW32 70
2016-06-18 13:43:51.052 Update progress: [I19463] Syncing product IDE527 142
2016-06-18 13:43:51.076 Option all = no
2016-06-18 13:43:51.076 Option recurse = yes
2016-06-18 13:43:51.076 Option archive = no
2016-06-18 13:43:51.076 Option service = yes
2016-06-18 13:43:51.076 Option confirm = yes
2016-06-18 13:43:51.076 Option sxl = yes
2016-06-18 13:43:51.077 Option max-data-age = 35
2016-06-18 13:43:51.077 Option EnableSafeClean = yes
2016-06-18 13:43:51.701 Update progress: [I19463] Syncing product IDE528 127
2016-06-18 13:43:51.701 Update progress: [I19463] Syncing product IDE529 135
2016-06-18 13:43:51.701 Update progress: [I19463] Syncing product IDE530 88
2016-06-18 13:43:51.812 Installing updates...
2016-06-18 13:43:52.290 Option vdl-logging = yes
2016-06-18 13:43:53.090 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-06-18 13:43:53.090 Machine ID: c8df74c0cd644ed1b3ed8c5b824718f6
2016-06-18 13:43:53.090 Component SVRTcli.exe version 2.5.5
2016-06-18 13:43:53.090 Component control.dll version 2.5.5
2016-06-18 13:43:53.090 Component SVRTservice.exe version 2.5.5
2016-06-18 13:43:53.090 Component engine\osdp.dll version 1.44.1.2250
2016-06-18 13:43:53.090 Component engine\veex.dll version 3.65.0.2250
2016-06-18 13:43:53.091 Component engine\savi.dll version 9.0.1.2250
2016-06-18 13:43:53.091 Component rkdisk.dll version 1.5.30.0
2016-06-18 13:43:53.091 Version info: Product version 2.5.5
2016-06-18 13:43:53.091 Version info: Detection engine 3.65.0
2016-06-18 13:43:53.091 Version info: Detection data 5.26
2016-06-18 13:43:53.091 Version info: Build date 4/5/2016
2016-06-18 13:43:53.091 Version info: Data files added 484
2016-06-18 13:43:53.091 Version info: Last successful update (not yet updated)
2016-06-18 13:43:53.091 Error level 1
2016-06-18 13:43:53.109 Update progress: [I19463] Syncing product IDE531 1
2016-06-18 13:43:59.185 Update successful
2016-06-18 13:44:14.537 Option all = no
2016-06-18 13:44:14.537 Option recurse = yes
2016-06-18 13:44:14.537 Option archive = no
2016-06-18 13:44:14.537 Option service = yes
2016-06-18 13:44:14.537 Option confirm = yes
2016-06-18 13:44:14.537 Option sxl = yes
2016-06-18 13:44:14.539 Option max-data-age = 35
2016-06-18 13:44:14.539 Option EnableSafeClean = yes
2016-06-18 13:44:14.584 Option vdl-logging = yes
2016-06-18 13:44:14.586 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-06-18 13:44:14.586 Machine ID: c8df74c0cd644ed1b3ed8c5b824718f6
2016-06-18 13:44:14.588 Component SVRTcli.exe version 2.5.5
2016-06-18 13:44:14.588 Component control.dll version 2.5.5
2016-06-18 13:44:14.588 Component SVRTservice.exe version 2.5.5
2016-06-18 13:44:14.588 Component engine\osdp.dll version 1.44.1.2250
2016-06-18 13:44:14.588 Component engine\veex.dll version 3.65.0.2250
2016-06-18 13:44:14.588 Component engine\savi.dll version 9.0.1.2250
2016-06-18 13:44:14.589 Component rkdisk.dll version 1.5.30.0
2016-06-18 13:44:14.589 Version info: Product version 2.5.5
2016-06-18 13:44:14.590 Version info: Detection engine 3.65.0
2016-06-18 13:44:14.590 Version info: Detection data 5.26
2016-06-18 13:44:14.590 Version info: Build date 4/5/2016
2016-06-18 13:44:14.590 Version info: Data files added 486
2016-06-18 13:44:14.590 Version info: Last successful update 6/18/2016 9:43:59 AM

2016-06-18 14:04:55.711 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\CmnClnt\_lck\_AVPAPP_{BB639333-810A-4bf8-85F5-C537857F55FC}1
2016-06-18 14:04:55.711 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\CmnClnt\_lck\_CSDK_ServiceG
2016-06-18 14:04:55.711 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\CmnClnt\_lck\_CSDK_Session1
2016-06-18 14:04:55.711 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\CmnClnt\_lck\_ICFMGR_{F34173A0-C9EA-45ab-B832-29D35E6D04EC}G
2016-06-18 14:04:55.711 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\CmnClnt\_lck\_RDRPluginG
2016-06-18 14:04:55.711 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\CmnClnt\_lck\_SNDPluginG
2016-06-18 14:04:55.711 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\CmnClnt\_lck\_SvcMgr-A2B50D70-5EA1-45a0-A983-0DB9E7101676G
2016-06-18 14:04:55.711 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\CmnClnt\_lck\_{4E9CB39A-5F78-4887-A3D6-2790DE9DDE11}1
2016-06-18 14:10:21.619 Could not check C:\Users\Jeff\Documents\All Startups\AllLiska\TRADES~1\HOMELA~1\CAPT_R~1.PPT (corrupt)
2016-06-18 14:11:22.317 Could not open C:\Users\Jeff\Downloads\2012-05-onone-signature-collection (1)\__MACOSX\._Read Me - Lightroom 4 Presets.pdf
2016-06-18 14:11:58.119 >>> Virus 'Mal/Kovter-O' found in file C:\Users\Jeff\Downloads\FlashPlayer.exe
2016-06-18 14:11:58.129 >>> Virus 'Mal/Kovter-O' found in file HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-06-18 14:11:58.129 >>> Virus 'Mal/Kovter-O' found in file HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-06-18 14:11:58.129 >>> Virus 'Mal/Kovter-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-06-18 14:18:46.544 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-18 14:18:46.544 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-18 14:18:48.084 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-18 14:18:48.084 Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-18 14:18:48.084 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-18 14:18:48.084 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-18 14:18:48.094 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-18 14:44:52.930 Could not open LOGICAL:000C:00000000
2016-06-18 14:44:52.930 Could not open M:\
2016-06-18 14:44:52.940 Could not open LOGICAL:000D:00000000
2016-06-18 14:44:52.940 Could not open N:\
2016-06-18 14:44:52.940 Could not open LOGICAL:000E:00000000
2016-06-18 14:44:52.940 Could not open O:\
2016-06-18 14:44:58.851 Could not open LOGICAL:0010:00000000
2016-06-18 14:44:58.851 Could not open Q:\
2016-06-18 14:47:35.092 Could not open PHYSICAL:0087:0000:0000:0001
2016-06-18 14:47:35.102 Could not open PHYSICAL:0088:0000:0000:0001
2016-06-18 14:47:35.102 Could not open PHYSICAL:0089:0000:0000:0001
2016-06-18 14:47:35.102 Could not open PHYSICAL:008A:0000:0000:0001
2016-06-18 14:47:35.102 The following items will be cleaned up:
2016-06-18 14:47:35.102 Mal/Kovter-O
 
redtarget.gif
Update Firefox to the current version :)

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Oh my goodness, what a process to clean up one computer!!! Thanks so much. I will try to keep up with your suggested regimen. When I went to run windows updates I discovered that wuapp had stopped working back in march of this year. As a result there were 144 updates to download, but wuapp would not download them. I tried downloading a few at a time, and just one, and it would only report that 0% had been downloaded. I read up on the problem and after I stopped and restarted the Application Experience service and the Windows Update service, the updates started working again. 132 downloaded today and 12 were not needed. Now MS wants me to upgrade to Win10, but after this ordeal I think I'll let things cool off for a while. Besides I'm really not happy with some of the changes MS made between 7 and 10. Things that have slowed my productivity.

Finally, I will make a donation to your cause (hoping you take paypal), and appreciate your diligence, knowledge, and patience through this. Thanks so much! Jeff
 
Broni, ironically I am a computer tech support person at a high school, and have over 500 computers under my purview. However, since everyone is networked and keeps their data on a central server, that is backed up daily, when a computer smells "fishy" I can just re-image it back to day one, and everything is all set. My home computer is another matter. That's the one that you helped me clean out. I thought that knowing about Adwcleaner, Combofix, and Malwarebytes was enough to keep any machine clean. Ha! Kudos to your knowledge! Best, Jeff
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back