Solved Help removing FBI Moneypak Virus

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [PlayNC Launcher] File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
[2012/10/06 19:39:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/04 18:31:16 | 000,030,720 | ---- | C] () -- C:\Users\Taylor\kytqetorjans.exe
[2012/07/16 06:17:24 | 000,004,140 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
@Alternate Data Stream - 251 bytes -> C:\ProgramData\Temp:33384BC0
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:CA8D6B60
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:88AE8AB0
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:D2A5A561
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:56C66609
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:AE2EA3C2
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:4A966CC2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:96646EC1
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:B1E64E47
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3BF63E4A
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:2F93516B
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:439E3411
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:EB5BDBB0
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:073139EC
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:02B823FE
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5F1019FF
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:B722BCE5
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:417B6FAC
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D8DB81DC
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:0DFE2AE1
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:BDF08FAF
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:63F8EC77
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:E5DE9C8F
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:0D52F295
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:0860D6D6
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:DF0BC727
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:FC60E0F8
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:6FD26134
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:6BD304B9
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:52E1DB1D
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:A688EF17
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:27C3CD07

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

====================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Taylor\kytqetorjans.exe moved successfully.
C:\ProgramData\mtbjfghn.xbe moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
ADS C:\ProgramData\Temp:33384BC0 deleted successfully.
ADS C:\ProgramData\Temp:CA8D6B60 deleted successfully.
ADS C:\ProgramData\Temp:88AE8AB0 deleted successfully.
ADS C:\ProgramData\Temp:A2B3764A deleted successfully.
ADS C:\ProgramData\Temp:C0A2E219 deleted successfully.
ADS C:\ProgramData\Temp:D2A5A561 deleted successfully.
ADS C:\ProgramData\Temp:56C66609 deleted successfully.
ADS C:\ProgramData\Temp:3790BACD deleted successfully.
ADS C:\ProgramData\Temp:22741C1F deleted successfully.
ADS C:\ProgramData\Temp:AE2EA3C2 deleted successfully.
ADS C:\ProgramData\Temp:4A966CC2 deleted successfully.
ADS C:\ProgramData\Temp:96646EC1 deleted successfully.
ADS C:\ProgramData\Temp:B1E64E47 deleted successfully.
ADS C:\ProgramData\Temp:3BF63E4A deleted successfully.
ADS C:\ProgramData\Temp:2F93516B deleted successfully.
ADS C:\ProgramData\Temp:439E3411 deleted successfully.
ADS C:\ProgramData\Temp:EB5BDBB0 deleted successfully.
ADS C:\ProgramData\Temp:073139EC deleted successfully.
ADS C:\ProgramData\Temp:02B823FE deleted successfully.
ADS C:\ProgramData\Temp:5F1019FF deleted successfully.
ADS C:\ProgramData\Temp:B722BCE5 deleted successfully.
ADS C:\ProgramData\Temp:417B6FAC deleted successfully.
ADS C:\ProgramData\Temp:D8DB81DC deleted successfully.
ADS C:\ProgramData\Temp:0DFE2AE1 deleted successfully.
ADS C:\ProgramData\Temp:BDF08FAF deleted successfully.
ADS C:\ProgramData\Temp:63F8EC77 deleted successfully.
ADS C:\ProgramData\Temp:E5DE9C8F deleted successfully.
ADS C:\ProgramData\Temp:393F7B1E deleted successfully.
ADS C:\ProgramData\Temp:0D52F295 deleted successfully.
ADS C:\ProgramData\Temp:0860D6D6 deleted successfully.
ADS C:\ProgramData\Temp:DF0BC727 deleted successfully.
ADS C:\ProgramData\Temp:FC60E0F8 deleted successfully.
ADS C:\ProgramData\Temp:6FD26134 deleted successfully.
ADS C:\ProgramData\Temp:6BD304B9 deleted successfully.
ADS C:\ProgramData\Temp:52E1DB1D deleted successfully.
ADS C:\ProgramData\Temp:A688EF17 deleted successfully.
ADS C:\ProgramData\Temp:27C3CD07 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Taylor
->Temp folder emptied: 907774497 bytes
->Temporary Internet Files folder emptied: 13281386 bytes
->Java cache emptied: 51872216 bytes
->FireFox cache emptied: 1144091987 bytes
->Google Chrome cache emptied: 484459257 bytes
->Flash cache emptied: 3872368 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 614437118 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,071.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Taylor
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Taylor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10062012_234300

Files\Folders moved on Reboot...
C:\Users\Taylor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\EngineDcServerlog.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\EngineServiceBridge.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Java(TM) 6 Update 32
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 19-09-2012
Ran by Taylor (administrator) on 06-10-2012 at 23:58:51
Running from "C:\Users\Taylor\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
# AdwCleaner v2.003 - Logfile created 10/06/2012 at 23:59:27
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Taylor - HOME
# Boot Mode : Normal
# Running from : C:\Users\Taylor\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Taylor\AppData\Local\APN
Folder Deleted : C:\Users\Taylor\AppData\Local\TempDir
Folder Deleted : C:\Users\Taylor\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\ConduitCommon
Folder Deleted : C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\CT2260173
Folder Deleted : C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\prefs.js

Deleted : user_pref("CT2260173..clientLogIsEnabled", true);
Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2260173.CT2260173", "CT2260173");
Deleted : user_pref("CT2260173.CurrentServerDate", "17-2-2012");
Deleted : user_pref("CT2260173.DSInstall", true);
Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Fri Feb 17 2012 05:01:37 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2260173.EMailNotifierPollDate", "Fri Feb 17 2012 05:01:46 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Fri Feb 17 2012 05:01:40 GMT-0600 (Central St[...]
Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Fri Feb 17 2012 05:01:40 GMT-0600 (Central St[...]
Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Deleted : user_pref("CT2260173.FirstServerDate", "17-2-2012");
Deleted : user_pref("CT2260173.FirstTime", true);
Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Deleted : user_pref("CT2260173.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2260173.HPInstall", false);
Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2260173.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2260173.Initialize", true);
Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2260173.InstallationType", "DirectDownload");
Deleted : user_pref("CT2260173.InstalledDate", "Fri Feb 17 2012 05:01:41 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2260173.InvalidateCache", false);
Deleted : user_pref("CT2260173.IsGrouping", false);
Deleted : user_pref("CT2260173.IsInitSetupIni", true);
Deleted : user_pref("CT2260173.IsMulticommunity", false);
Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Deleted : user_pref("CT2260173.IsProtectorsInit", true);
Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Fri Feb 17 2012 05:01:41 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2260173.LastLogin_3.9.0.3", "Fri Feb 17 2012 05:01:46 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2260173.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT2260173.Locale", "en");
Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2260173.MCDetectTooltipShow", false);
Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2260173.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT2260173.RadioIsPodcast", false);
Deleted : user_pref("CT2260173.RadioLastCheckTime", "Fri Feb 17 2012 05:01:46 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2260173.RadioMediaID", "9909");
Deleted : user_pref("CT2260173.RadioMediaType", "Media Player");
Deleted : user_pref("CT2260173.RadioMenuSelectedID", "EBRadioMenu_CT22601739909");
Deleted : user_pref("CT2260173.RadioShrinked", "expanded");
Deleted : user_pref("CT2260173.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.RadioStationName", "WQXR-FM%20NYC%20(Classical)");
Deleted : user_pref("CT2260173.RadioStationURL", "hxxp://htc-01.media.globix.net/COMP005996MOD1/meta/wqxr_live[...]
Deleted : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2260173.SearchBoxWidth", 27);
Deleted : user_pref("CT2260173.SearchCaption", "Swag Bucks Customized Web Search");
Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Swag Bucks Customized Web Search");
Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Fri Feb 17 2012 05:01:46 GMT-0600 (Central Stand[...]
Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2260173.SearchProtectorEnabled", true);
Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2260173.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Fri Feb 17 2012 05:01:36 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Fri Feb 17 2012 05:01:36 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2260173.SettingsLastUpdate", "1326723880");
Deleted : user_pref("CT2260173.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13");
Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Fri Feb 17 2012 05:01:36 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2260173.ToolbarDisabled", true);
Deleted : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2260173.UserID", "UN53565075773002837");
Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2260173.WeatherNetwork", "");
Deleted : user_pref("CT2260173.WeatherPollDate", "Fri Feb 17 2012 05:01:46 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2260173.WeatherUnit", "F");
Deleted : user_pref("CT2260173.alertChannelId", "657446");
Deleted : user_pref("CT2260173.approveUntrustedApps", false);
Deleted : user_pref("CT2260173.components.1000034", false);
Deleted : user_pref("CT2260173.components.1000082", false);
Deleted : user_pref("CT2260173.components.1000234", false);
Deleted : user_pref("CT2260173.components.128958821111237507", true);
Deleted : user_pref("CT2260173.components.129137782531242622", false);
Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Fri Feb 17 2012 05:01:37 GMT-0600 (Central [...]
Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.initDone", true);
Deleted : user_pref("CT2260173.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2260173.isFirstRadioInstallation", false);
Deleted : user_pref("CT2260173.myStuffEnabled", true);
Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2260173.revertSettingsEnabled", false);
Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.testingCtid", "");
Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Fri Feb 17 2012 05:01:36 GMT-0600 (Central S[...]
Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Fri Feb 17 2012 05:01:42 GMT-0600 (Central S[...]
Deleted : user_pref("CT2260173.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Taylor\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Feb 17 2012 05:01:41 GMT-0600 (Cen[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "8299ee9c-a4fb-46fc-9775-4b2e9aba32da");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2260173");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Feb 17 2012 05:01:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Feb 17 2012 05:01:45 GMT-060[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Feb 17 2012 05:01:36 GMT-0600 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "a1c7e002-76cb-4316-820a-d07a93722a0c");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&Sea[...]

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [15161 octets] - [06/10/2012 23:59:27]

########## EOF - C:\AdwCleaner[S1].txt - [15222 octets] ##########
 
ESET results
C:\Nexon\Mabinogi\Client.exe a variant of Win32/Packed.Themida application cleaned by deleting - quarantined
C:\Nexon\Mabinogi\Client.exe.bak a variant of Win32/Packed.Themida application cleaned by deleting - quarantined
C:\Users\Taylor\Documents\Iterra\xfbjjvj.dll Win32/Citirevo.AC trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10062012_234300\C_Users\Taylor\kytqetorjans.exe a variant of Win32/Kryptik.AMPO trojan cleaned by deleting - quarantined

I had no idea that the Nexon files would be bad. Guess they were? I dunno. How do things look to you Broni? Any more tests/scans? :)
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
  • Like
Reactions: Taycat
My computer's been doing GREAT since we started. Haven't had a single trouble with any Trojans since we started the process the other day. Thank you so much for helping me. Here's the final OTL log that you requested. I'll be sure to come back again if I have any more troubles, hopefully not, with my computers.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Taylor
->Temp folder emptied: 122482 bytes
->Temporary Internet Files folder emptied: 1565905 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 245005718 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3483 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9154 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 235.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Taylor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Taylor
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10072012_101945

Files\Folders moved on Reboot...
C:\Users\Taylor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\EngineDcServerlog.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\EngineServiceBridge.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

H
BSOD during youtube video - Windows 7 64 - suspected hardware malfunction
Replies
15
Views
2K
Kshipper
Kshipper
S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S
E
Win 10 PC keeps freezing
Replies
4
Views
2K
Emoon327
E

Latest posts

Back