Solved Need help with malware removal, Followed the 7 steps

[chrisserra92]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: .TemporaryItems
->Temp folder emptied: 0 bytes

User: All Users

User: Chris
->Temp folder emptied: 22246 bytes
->Temporary Internet Files folder emptied: 7321146 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 162331 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: .TemporaryItems

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.24.0 log created on 06132011_202050

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Chris\AppData\Local\Temp\WER581B.tmp.resp.erc.xml not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\WER581C.tmp.resp not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\iframescript[1].htm not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\index[1].js not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\init[1].js not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\itxtcss_1304971413[1].css not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\lg_shadow_sprite[1].png not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\list.menu[1].css not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\logo[1].png not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\logo_disable_flash[1].png not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\no-pocket[2].css not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTJ7C2RN\ns-10123771289_1308010171,120af3cb9d026f0,itsesecu,ns.itsesecu_l;;ppos=ATF;kw=;tile=1;dcopt=ist;cmw=owl;sz=728x90;net=ns;ord1=195006;contx=itsesecu;dc=w;btg=ns[1].js not found!

Registry entries deleted on Reboot...

 

[chrisserra92]

I ran PSI and it said Sun Java JRE 1.6.x / 6.x is insecure and its threat rating is 4/5.. is that a problem? What should I do?

 

[chrisserra92]

Sorry, two more questions: How do I know if I had a trojan before? And what's defrag?

 

[Broni]

You have the latest Java installed. Disregard that Secunia warning.

I didn't see any trojans in your logs.

Windows 7 has build in defragmenter, so don't worry about it.

Any current issues?

 

[chrisserra92]

I just got the new service pack from the windows update and my computer's running good as new! I read the post on step 11, changed my internet security options accordingly, and downloaded SpywareBlaster too. Thank you so much for the help and time you put into this, you really saved my computer!

 

[Broni]

Way to go!!

Good luck and stay safe

 

[chrisserra92]

I think I counted my chickens before they hatched... I was just on Internet explorer, with Facebook being the only window up, and all of a sudden my computer started to drastically slow down, and I saw in the processes tab that iexplore.exe was taking up massive amounts of memory (almost 150,000 k), so I ended it. Windows continued to run this slow until I shut off my computer. I turned it back on again and the Windows startup was slow as well, with the Windows ding sounding glitchy... but as of right now the computer's acting fine. Sorry to be such a bother, but can you help me out again?

 

[Broni]

I'm not sure what else can we do here.
Possibly some IE add-ons are causing this.

Start IE, go Tools>Internet options>Advanced tab, click on "Reset" button.

Restart IE, try to use it for a while and see how it goes.

Another alternative would be to switch to Firefox and see if same issue happens there.

 

[chrisserra92]

Okay, I think I got it figured out. I ran Malwarebytes again and it found 2 new bugs, here's the log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6848

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/14/2011 12:06:30 AM
mbam-log-2011-06-14 (00-06-30).txt

Scan type: Quick scan
Objects scanned: 171980
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also ran TFC afterward, then reset Internet Explorer, seems better now.

 

[Broni]

Very well.
Keep me posted...

 

[chrisserra92]

Okay, will do. Thanks again

 

[Broni]

Sure thing