Solved Pretty bad virus, possibly rootkits and trojans

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report09c1f04b\pxlhktrtssd.exe.xor	
  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report09c1f29c\pxlhktrtssd.exe.xor	
  C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\Report09c1f04b\pxlhktrtssd.exe.xor	
  C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\Report09c1f29c\pxlhktrtssd.exe.xor
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
  

 

[phillybtv]

RunFix:
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report09c1f04b\pxlhktrtssd.exe.xor moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report09c1f29c\pxlhktrtssd.exe.xor moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\Report09c1f04b\pxlhktrtssd.exe.xor not found.
File\Folder C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\Report09c1f29c\pxlhktrtssd.exe.xor not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 107040590 bytes
->Temporary Internet Files folder emptied: 615990 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 34961314 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 136.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07272010_232649

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

Very good

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

====================================================================

Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista/7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

 

[phillybtv]

Awesome!! Thank you so much for all of the help. The computer seems to be running great now. No problems from what I can tell.

=)

 

[Broni]

You're very welcome

Good luck and stay safe