Solved Need help with computer cleanup

Status
Not open for further replies.
All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...1/mcinsctl.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2007/03/12 20:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint> in the current context!
Error: Unable to interpret <[2010/11/03 09:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voneta\Application Data\Registry Mechanic> in the current context!
Error: Unable to interpret <[2007/02/15 20:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voneta\Application Data\Viewpoint> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Voneta\Desktop\install_flash_player_active_x.exe:SummaryInformati on> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 213126 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Voneta
->Temp folder emptied: 9516449 bytes
->Temporary Internet Files folder emptied: 22725762 bytes
->Java cache emptied: 52510 bytes
->Flash cache emptied: 1204 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1152968 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 594078 bytes
RecycleBin emptied: 205540 bytes

Total Files Cleaned = 33.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Voneta
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot]Then click the Run Fix button > in the current context!

OTL by OldTimer - Version 3.2.17.2 log created on 11042010_092905

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFBB91.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFBBC3.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFBC67.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFBCC7.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFBF05.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFBF30.tmp not found!
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\Y6WBDO9Q\like[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\Y6WBDO9Q\szcc_mc_cdv_upsell[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\Y6WBDO9Q\topic156014-2[1].html moved successfully.
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WHL1G5RN\8597E8BE-B1C3-11DD-8E46-2F8F1A66B302[1].htm not found!
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WHL1G5RN\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WHL1G5RN\mail[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\U1CDK2P2\01[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\U1CDK2P2\adq[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\U1CDK2P2\iframe3[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\TFIQD29O\adq[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\TFIQD29O\like[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\JMIOUO58\sh26[1].html moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\HAFB6E68\blankHistory[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\HAFB6E68\radioplayer[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\HAFB6E68\st[1] moved successfully.

Registry entries deleted on Reboot...
 
Wasn't able to do step (Java Quick Starter) wasn't able to get passed Java and go to Advanced from the control panel. System cannot find registry key message appears. But after I rebooted from OTL step a new icon appeared on desktop (JavaSetup 6u22.exe. Do I need to run this? I'll continue in you instructions.
 
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.0.12.36
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
I'm doing step: ESET Online Scanner. clicked start for download, download starts then a message comes up: can not get update. Is proxy configured. Then it seems to stall. What should I do?
 
First of all, OTL fix log is incorrect.
Most likely, you didn't copy my whole script, especially a "colon" in front of "OTL" (first line).
Please, redo.

Post fresh SecurityCheck log.

Instead of Eset....

Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\TMP0001.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Voneta\Application Data\Registry Mechanic folder moved successfully.
C:\Documents and Settings\Voneta\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Voneta\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Voneta\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Voneta\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Voneta\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Voneta\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Voneta\Application Data\Viewpoint folder moved successfully.
Unable to delete ADS C:\Documents and Settings\Voneta\Desktop\install_flash_player_active_x.exe:SummaryInformati on .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Voneta
->Temp folder emptied: 316809 bytes
->Temporary Internet Files folder emptied: 47179574 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1272 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Voneta
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.2 log created on 11042010_162245

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFB275.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFB291.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFB3B2.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFB3CB.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFB4EA.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DFB54E.tmp not found!
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WE0O6XLF\01[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WE0O6XLF\blankHistory[4].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WE0O6XLF\iframe3[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WE0O6XLF\mail[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WE0O6XLF\topic156014-2[1].html moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\WE0O6XLF\topic156014-2[2].html moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\adq[3].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\B2343920[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\DtCol[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\p=WRCB;wncid=13446496;wnad44=worldnow;wnad41=worldnow;wnad43=worldnow;wnad52=worldnow;wnad1=wrcb;wnad49=worldnow;apptype=platform;env=production;ord=61333868[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\sh26[1].html moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\story[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\story[2].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\story[3].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\M0DHAR4B\story[4].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\8597E8BE-B1C3-11DD-8E46-2F8F1A66B302[1].htm moved successfully.
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\8597E8BE-B1C3-11DD-8E46-2F8F1A66B302[2].htm not found!
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\adq[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\like[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\like[2].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\like[3].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\mail[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\story[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\st[1] moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FFCJT2DF\szcc_mc_cdv_upsell[3].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\adq[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\adq[2].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\blankHistory[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\getInPage[2].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\like[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\like[2].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\like[3].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\radioplayer[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\st[1] moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\st[2] moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\FCFSODU9\szcc_mc_cdv_upsell[1].htm moved successfully.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.0.12.36
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
BitDefender. log

BitDefender Online Scanner



Scan report generated at: Thu, Nov 04, 2010 - 17:47:32





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;







Statistics

Time
00:55:35

Files
144582

Folders
6186

Boot Sectors
0

Archives
2123

Packed Files
4894




Results

Identified Viruses
2

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3




Engines Info

Virus Definitions
6282309

Engine build
AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)

Scan plugins
18

Archive plugins
44

Unpack plugins
10

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Voneta\My Documents\My Music\track001\play_mp3_setup.exe
Infected with: Gen:Variant.Delf.4

C:\Documents and Settings\Voneta\My Documents\My Music\track001\play_mp3_setup.exe
Deleted

C:\Program Files\Ascentive\Performance Center\ApcMain.exe
Detected with: Spyware.3609

C:\Program Files\Ascentive\Performance Center\ApcMain.exe
Deleted

C:\System Volume Information\_restore{D42FA5A3-BB93-4CC6-B21E-31F0FF8BF997}\RP2\A0000277.exe
Detected with: Spyware.3609

C:\System Volume Information\_restore{D42FA5A3-BB93-4CC6-B21E-31F0FF8BF997}\RP2\A0000277.exe
Deleted
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Voneta
->Temp folder emptied: 9386180 bytes
->Temporary Internet Files folder emptied: 9193233 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 7304 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Voneta
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.2 log created on 11042010_181043

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DF4C6A.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DF4C82.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DF4CF5.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DF4D0D.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DF4D55.tmp not found!
File\Folder C:\Documents and Settings\Voneta\Local Settings\Temp\~DF4D6D.tmp not found!
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\S17C2VCX\getInPage[2].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\K4UJAK1I\like[2].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\K4UJAK1I\radioplayer[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\K4UJAK1I\topic156014-2[1].html moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\J3XEQO2Z\8597E8BE-B1C3-11DD-8E46-2F8F1A66B302[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\J3XEQO2Z\adq[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\J3XEQO2Z\blankHistory[2].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\J3XEQO2Z\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\J3XEQO2Z\like[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\J3XEQO2Z\mail[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\J3XEQO2Z\sh26[1].html moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\J3XEQO2Z\st[1] moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\G3CQU8RU\adq[1].htm moved successfully.
C:\Documents and Settings\Voneta\Local Settings\Temporary Internet Files\Content.IE5\G3CQU8RU\szcc_mc_cdv_upsell[1].htm moved successfully.

Registry entries deleted on Reboot...
 
It seems to be doing fine. So far it is a little slow booting up. But I haven't been able to play with it. I'm going to turn off and on and go into some programs and sites several times and I'll let you know. Also, tomorrow I will try to go buy some more ram. Thank you for ALL your help and I'll get back to you later.
Voneta
 
Cool
dancing_dude.gif

Good luck and stay safe :)
 
Questions

Still seems to be loading slow, I'm guessing it might be due to the ram. I'll look into that today. Should I keep all my old cleanup programs sense we used new ones. Like SuperAnti Spyware, Smart Defrag, Advanced System Care. Also, should I delete OTL, Security Check, Java Setup 2u22, Java RA Combofix off the desktop. And in Hippo do you recommend always downloading updates like ATI (I did and it looks like a game program), QuickTime player, Windows Live Messenger. Same with Beta updates, 2 for Flash Player.

I'm trying to clean up desktop and any programs I don't need. So no confussions. Don't know which programs I need to have running at startup. This would help startup time.

I really appreciate all your help.
Voneta
 
I'm guessing it might be due to the ram
Click to expand...
As I told you :)

Most tools, we used should be gone after using OTL Cleanup.
Whatever is left, you can delete.
I wouldn't be using Advanced System Care since it deals with registry, which may be dangerous.
All you need for cleanup, is TFC tool, we used.
You can surely keep Superantispyware, which along with Malwarebytes should be enough to keep your computer clean, if you run both tools once in a while.

As for Hippo updater, never install any betas.
As for other updates, you need to use your judgment.
If some program has some minor update, say from 3.11 to 3.12 version, I wouldn't bother, but, if there is some major update, like from 3.1 to 3.5, I'd go for it.

Here are your startups:

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EXSHOW95.EXE] C:\WINDOWS\System32\exshow95.exe (Kensington Technology Group)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

As I said before, you can safely uninstall Advanced System Care.
Then, you can disable last two (in bold) as startups.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E
B
Help with "special permissions" please
Replies
1
Views
511
Nelson28
N
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back