Solved Battling 0i763f66bz.exe

Please run OTL (I removed the Google Chrome User Data. The log should be shorter)
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the None button.
  • Under the Custom Scan box paste this in

    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %USERPROFILE%\AppData\Local\ /s
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
  • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open OTL.txt. Post it in your next reply, please.
 
OTL logfile created on: 17/07/2012 1:59:31 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mellissa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.98 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 58.92% Memory free
7.97 Gb Paging File | 6.14 Gb Available in Paging File | 77.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 850.25 Gb Free Space | 91.29% Space Free | Partition Type: NTFS
Drive E: | 854.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 662.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MELISSA-PC | User Name: Mellissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/11/20 11:06:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/10/31 14:18:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2012/01/08 01:44:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\asgard
[2011/10/31 14:18:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/08/06 01:24:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Calibre2
[2012/07/14 00:19:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/02/16 22:30:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2012/07/14 23:54:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2011/03/05 14:52:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIGABYTE
[2011/04/03 04:48:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0
[2011/11/20 10:42:01 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/03/05 14:52:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/06/14 07:18:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/10/31 14:19:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2012/07/07 16:05:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/01/08 01:42:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MagicDisc
[2012/07/11 20:24:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/20 01:08:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/25 23:10:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/05/15 04:32:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/05/15 03:54:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/24 00:33:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/24 18:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/03/27 02:00:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/03/05 15:06:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2011/03/05 14:59:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/03/25 23:11:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2012/01/22 19:40:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/03/05 14:50:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/03/05 14:51:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Renesas Electronics
[2012/06/24 00:38:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/03/05 14:51:01 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2012/02/21 07:49:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TWOFIVE_HIRAMEKI
[2009/07/14 14:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/14 15:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/06/24 00:36:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/08/20 01:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/08/20 01:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/08/20 01:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/08/20 01:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/08/20 01:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/04/22 14:14:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yuna Software

< %appdata%\*.* >

< End of report >
 
Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
Everything seems A-OK from the look of things apart from the uh, out of date software. I've completed all of the specified tasks and the Security Check log is as follows:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Quick Heal Total Security 12.00
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 33
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Quick Heal Quick Heal Total Security onlinent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Thanks!
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

See if you can get Quick Heal security program updated. Not sure how that works.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?
 

Similar threads

midian182
Scammer uses AI to pose as Brad Pitt, tricks woman into sending $850,000
Replies
12
Views
315
Che Cazzo
Che Cazzo
midian182
Coding boot camps fight for relevance in the era of generative AI and a shrinking job market
Replies
10
Views
361
gamerk2
gamerk2
Scorpus
Nvidia launches GeForce RTX 5060 series with three new GPUs, tries to hide the 8GB versions
2
Replies
33
Views
370
b3rdm4n
b3rdm4n

Latest posts

Back