Solved MSN virus?

[dayslayer8]

Well, like the other topic, I have received the virus from msn. For some reason DDS just closes when it starts and I have disabled my antivirus. SO I am just going to upload the 2 logs, Malwarebtye and GMER, for now.
Oh and for GMER I had to disable devices.
Thnx.

And another thing was that I had one or a few virus prior to the msn virus as the computers from school gives a virus whenever I plug a USB in it.

Apparently DDS is a screensaver file, just letting you know.

 

[Bobbye]

Firstly, you do not have to disable the antivirus to run these preliminary logs, so please enable it again.

Second, you have a Backdoor.IRCBot. This is a type of Trojan that it also often referred to as a 'bot' that opens a back door that allows a remote attacker to take control of the compromised computer.It connects to Internet Relay Chat (IRC) channels to launch distributed denial of service (DDoS) attacks.

DDS is not a screensaver file- it is a FLEXIT Singleshot Survey Raw Data file. Please observe the following and run DDS again, leaving the log in your next reply:
You may have to disable any script protection running if the scan fails to run.

 

[dayslayer8]

Sorry, i don't know what to do to "disable any script protection running ". I am pretty sure i don't have anything blocking the programs; mabye i do but i really don't know.
I have right clicked it and went into propeties, and clicked the unblock thing. DDS still does not work.
When i open DDS, the cmd window opens up and then quickly closes. I am not sure if that's what it is supposed to do but i've waitied for an hour and still no logs.
Mabye i can use something alternate?
Thnx

 

[dayslayer8]

Oh and just incase if you need this.
Some of my symptoms are:
Internet Explorer cannot run or be started. I have to use Firefox instead.
Windows Media Player cannot be run or be started.
No more sound output. If i try to watch a video either on my computer or online, there will be no sound. I am pretty sure my speakers are connected correctly with volume turned up.
Internet Connection icon in system tray shows that there are no connection, even though i am connected to the internet.
Secruity Centre keeps giving me a security pop up message from system tray, every second.
And also DDS doesn't work, mabye it's blocked by the virus?

 

[Bobbye]

Please see the friendly infomation on this site for script blocker:
http://staffwww.fullcoll.edu/jchadwick/popup_blocker.htm

Then try DDS again.
Follow by running these:

Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
Re-enable your Antivirus software.
==============================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

============================
About this:

And another thing was that I had one or a few virus prior to the msn virus as the computers from school gives a virus whenever I plug a USB in it.

Someone needs to advise the school IT people that the USB drives are infected and need to be disinfected.

Why are you using a USB drive?

 

[dayslayer8]

Hi Thanks for the website. Unfortunately, it did not help me. Just like before, DDS will open up for just a fraction of a second then quickly close itself. Am I really hopeless now?
As for the USB thing, i use it to transfer my projects and homework.
Should i skip the DDS and continue with Combofix or is DDS a must?

 

[Bobbye]

Do you have No Script on Firefox? Open Firefox> Tools> Add-ons> Look for 'No Script'> if it's listed, disable it and restart Firefox. Then run DDS.

If you still can't do it, continue on with Combofix and the Eset scan.

 

[dayslayer8]

Hi! I checked firefox and there was no "No Script" addons. HOWEVER, during the ESET scan, DDS automatically started and it actually worked! I don't know why it just started, I never even clicked on it or anything, but it scanned and generated the 2 logs, which I will attach to this post with my other logs. As my ESET thing continues to scan, DDS started automatically again and generated the two logs for the second time. This is strange. I will attach my ComboFix log rather than pasting it as it is too long.

Thank you again for your continuous, persistant help.

Edit: errr, DDS has just automatically opened up and scanned again, is this going to be a problem?

 

[Broni]

Message from Bobbye:

Due to family matters that require my time and efforts, I am unable to continue helping with malware cleaning at this time. If and when these matters are resolved, I will return to the board.

Since the only other helper in the Virus and Malware forum is Broni, I will ask him to pickup the open threads I have going, if and when he can.

============================================================================

I don't see any AV program running. What happened to NOD32?

=======================================================================

Please, uninstall AskBarDis as it's considered as an adware.

=====================================================================

Combofix looks fine.
What are the current issues?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

======================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[dayslayer8]

Hi, thanks for taking over. I think I disabled my NOD32 during one of the scan but forgot to re-enable. As for AskBarDis, I don't know how to uninstall it. It is not in 'Program and Features' and when I searched for it, the only results were the two DDS logs; also it is not in my firefox addons.
My current problems are the same as before. I can not open/start internet explorer and windows media center. There are no more sound output anymore. Internet connection icon in system tray shows no connection with a red cross thing when clearly I do have internet. Security centre popup messages pops up every second saying I've disablled UAC which is true though.
Also before, windows automatic update would be disabled everytime I start up the computer. However, it has stopped for some reason.
Sorry I cannot post the 2 logs as they are too long, I will attach them instead.
Thanks.

 

[Broni]

As for AskBarDis we'll remove leftovers manually in a moment.

Security centre popup messages pops up every second saying i've disablled UAC which is true though.

See here: http://www.vistax64.com/tutorials/163857-security-center-specific-alert-notification.html how to disable that alert.

I can not open/start internet explorer and windows media center.

What does happen, when you try. Do you try to open them from desktop shortcut>
How about going Start>All Programs....?

There are no more sound output anymore.

Any sound? Internet, Windows sounds, music CD?

Internet connection icon in system tray shows no connection with a red cross thing when clearly i do have internet.

Are you posting from very same computer, using another browser, or....?

=========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  [1 C:\Users\zihao\Desktop\*.tmp files -> C:\Users\zihao\Desktop\*.tmp -> ]
  @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:586F1F7F
  @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:341E39B2
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\AskBarDis
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[dayslayer8]

Hi, thanx for the link and it fixed the security centre message problem.

Still, I cannot start internet explorer and windows media player (sorry its player; media center is fine); shortcut, start-menu or in the program's folder, it just doesn't start when I click on it.

Also, there are absolutely no sound whatso ever, online video, music, CD or even just programs' sounds, no sound output at all.

Yes I am using the same computer. The icon shows I have no internet connection and is not connected to the internet, while I am here using firefox to make a post-reply.

As for JAVA update, the installer kept giving me an error message.
'Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance'

here is my OTL fix log: (I will attach the scan log)

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\zihao\Desktop\~WRL0003.tmp deleted successfully.
ADS C:\ProgramData\TEMP:586F1F7F deleted successfully.
ADS C:\ProgramData\TEMP:341E39B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files\AskBarDis\bar\bin folder moved successfully.
C:\Program Files\AskBarDis\bar folder moved successfully.
C:\Program Files\AskBarDis folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 283173944 bytes
->Java cache emptied: 73708168 bytes
->FireFox cache emptied: 89351040 bytes
->Flash cache emptied: 22672 bytes

User: zihao
->Temp folder emptied: 960272 bytes
->Temporary Internet Files folder emptied: 732443 bytes
->Java cache emptied: 155784053 bytes
->FireFox cache emptied: 44754394 bytes
->Flash cache emptied: 61819 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 283885219 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 78977958 bytes

Total Files Cleaned = 965.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Desktop

User: Public

User: user
->Flash cache emptied: 0 bytes

User: zihao
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08072010_101612

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

i cannot start internet explorer and windows media player

Open Windows Explorer.
Navigate to C:\Program Files>Internet Explorer and double click on iexplore.exe.
Will IE start?

there are absolutely no sound whatso ever

Go Start>Control Panel>Device Manager
Do you have any errors there?

Regarding Java...
Run JavaRa first to uninstall old Java versions.
Then go my link to update Java, but make sure to download "offline" version and try to install it again by double clicking on downloaded file.

 

[dayslayer8]

Hi, unfortunately, iexplorer still does not start and there are no errors in device manager.
Java installer still gives the same error even after uninstalling the old version first.

 

[Broni]

Uninstall IE8.
Go Start>Control Panel>Programs & Features
Click on "View installed updates" in left pane.
Look for Windows Internet Explorer 8 and uninstall it.
It'll revert itself to IE7.
See, if IE7 will work.

 

[dayslayer8]

Hi, Unfortunately, windows internet explorer is not in program and features.
I just discovered that in uninstall an update section in programs and features, all the items has disappeared.

I've also checked in the Internet Explorer folder in Program Files and did not find an uninstaller

 

[Broni]

Try this: http://support.microsoft.com/kb/957700#ALTWin6
Alternative steps for Windows Vista or for Windows Server 2008

 

[dayslayer8]

uninstalled IE8 and internet explorer still does not start.

 

[Broni]

Go Start>Run ("Start Search" in Vista/7), type in:
sfc /scannow
Click OK (hold CTRL, and SHIFT, hit Enter in Vista/7).
Have Windows CD/DVD handy (with Vista/7, most likely, you won't need it).
If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista/7 case).

 

[dayslayer8]

Hi, i've done sfc /scannow. The cmd window closed itself after scan and i didn't pay attention and did not see any messages. I guess its all good? However, i still have the same problems as before. Does this mean that the virus is still on the computer?

 

[Broni]

No, by now, your computer should be pretty much clean by now, but it looks like you may have some Windows issues.

Let's finish cleaning process first...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[dayslayer8]

Hi, when i was running Security Check, during the preparing stage, there was an error:
'Line - 1: Error:Variable must be of type "object" ' I clicked ok and it continued to run. I'm not sure if it's will affect anything. Here's the report

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````



This is the Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 10, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 09, 2010 21:46:56
Records in database: 4131474
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan statistics:
Objects scanned: 195991
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:25:17


File name / Threat / Threats count
C:\downloads\Directlinks\CryptLoad_1.1.8-Nexxis.rar Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1

Selected area has been scanned.

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\downloads\Directlinks\CryptLoad_1.1.8-Nexxis.rar
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

========================================================================

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=======================================================================

Your computer is clean


1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI). The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[dayslayer8]

Hi thank you and bobbye for all the help.
Sorry but i kind of accidentally closed the OTL log without saving im so sorry.
I have done all the steps you've told me to do and I am happy that the computer is safe again.
However i still have the old symptoms, can't use iexplorer and windows media player, no sound output, etc which only occurred after i got the virus. So i guess there is no fix for them?
Thanks again for all the help it was much appreciated.

Another problem which i did not see before was that when i right-clicked my computer and went to properties, my system specs information has disappeared. For RAM and Processor it just says Not Avaliable and my rating thing is gone too.

So is it ok for me to try and reinstall iexplorer and windows media player?

 

[Broni]

Some of your system files could get corrupted during the infection.

In this forum, we make sure, your computer is free of malware.
The access to malware forum is very limited.
Your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck and stay safe