Solved Sirefef, possibly related to Flash Installer virus

You're correct. Application Data is a hidden system folder. No need to access it.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
O4 - Startup: C:\Users\Taks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = File not found
O15 - HKU\.DEFAULT\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hulu.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: youtube.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hulu.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: youtube.com ([]* in Trusted sites)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
OTL Log follows. Downloading the other apps now.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-21-1954714350-379289342-1461462268-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
C:\Users\Taks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk moved successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hulu.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netflix.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\youtube.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hulu.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netflix.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\youtube.com\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56509 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Miguel
->Temp folder emptied: 32520 bytes
->Temporary Internet Files folder emptied: 4669997 bytes
->Java cache emptied: 255428 bytes
->FireFox cache emptied: 72021174 bytes
->Google Chrome cache emptied: 352202697 bytes
->Opera cache emptied: 59192933 bytes
->Flash cache emptied: 203571 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Taks
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 63657677 bytes
->FireFox cache emptied: 86281102 bytes
->Google Chrome cache emptied: 342801769 bytes
->Flash cache emptied: 33953 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119049888 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1438495519 bytes

Total Files Cleaned = 2,422.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Miguel
->Java cache emptied: 0 bytes

User: Public

User: Taks

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Miguel
->Flash cache emptied: 0 bytes

User: Public

User: Taks
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07082012_110522

Files\Folders moved on Reboot...
C:\Users\Miguel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM-3497201181\vmware-usbarb-SYSTEM-2832.log moved successfully.

PendingFileRenameOperations files...
File C:\Users\Miguel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\vmware-SYSTEM-3497201181\vmware-usbarb-SYSTEM-2832.log not found!

Registry entries deleted on Reboot...
 
SecurityCheck log:

Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 10
Out of date Java installed!
Adobe Flash Player (10.3.183.18) Flash Player Out of Date!
Mozilla Firefox (3.6.27) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
MediaMall PlayOn.exe
``````````End of Log````````````
 
FSS.txt:
Farbar Service Scanner Version: 02-07-2012
Ran by Miguel (administrator) on 08-07-2012 at 11:19:33
Running from "G:\temp\techspot"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-04-12 00:24] - [2009-04-12 00:24] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
C:\Windows\System32\drivers\afd.sys
[2009-04-12 00:23] - [2009-04-12 00:23] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-04-12 00:25] - [2009-04-12 00:25] - 1426408 ____A (Microsoft Corporation) 99D07AD0EF2C535610F6573C29BC045E
C:\Windows\System32\dnsrslvr.dll
[2009-04-12 00:23] - [2009-04-12 00:23] - 0117760 ____A (Microsoft Corporation) 21D16B37257370975C7457C3A5EFA530
C:\Windows\System32\mpssvc.dll
[2009-04-12 00:24] - [2009-04-12 00:24] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2009-04-12 00:24] - [2009-04-12 00:24] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-04-12 00:24] - [2009-04-12 00:24] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2009-04-12 00:23] - [2009-04-12 00:23] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2009-04-12 00:24] - [2009-04-12 00:24] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll
[2009-04-12 00:25] - [2009-04-12 00:25] - 2156544 ____A (Microsoft Corporation) CD13028318EEA85D461C82906E0312AC
C:\Windows\System32\qmgr.dll
[2009-04-12 00:24] - [2009-04-12 00:24] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2009-04-12 00:23] - [2009-04-12 00:23] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2009-04-12 00:24] - [2009-04-12 00:24] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-04-12 00:24] - [2009-04-12 00:24] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
**** End of log ****
 
And finally, the F-Secure log:

[FONT=verdana][FONT=Arial]Scanning Report[/FONT][/FONT]

[FONT=verdana][FONT=Arial]Sunday, July 8, 2012 12:05:43 - 12:16:57[/FONT][/FONT]

[FONT=verdana]Computer name: BADHORSE
Scanning type: Quick scan
Target: System[/FONT]
[FONT=verdana][FONT=Arial]7 malware found[/FONT][/FONT]

[FONT=verdana]TrackingCookie.Adinterax (spyware) [/FONT]
[FONT=verdana]
  • System (Disinfected)
[/FONT]
[FONT=verdana]TrackingCookie.2o7 (spyware) [/FONT]
[FONT=verdana]
  • System (Disinfected)
[/FONT]
[FONT=verdana]TrackingCookie.Atdmt (spyware) [/FONT]
[FONT=verdana]
  • System (Disinfected)
[/FONT]
[FONT=verdana]TrackingCookie.Doubleclick (spyware) [/FONT]
[FONT=verdana]
  • System (Disinfected)
[/FONT]
[FONT=verdana]TrackingCookie.Webtrends (spyware) [/FONT]
[FONT=verdana]
  • System (Disinfected)
[/FONT]
[FONT=verdana]TrackingCookie.Yieldmanager (spyware) [/FONT]
[FONT=verdana]
  • System (Disinfected)
[/FONT]
[FONT=verdana]TrackingCookie.BlueStreak (spyware) [/FONT]
[FONT=verdana]
  • System (Disinfected)
[/FONT]
[FONT=verdana][FONT=Arial]Statistics[/FONT][/FONT]

[FONT=verdana]Scanned: [/FONT]
[FONT=verdana]
  • Files: 5446
  • System: 5446
  • Not scanned: 0
[/FONT]
[FONT=verdana]Actions: [/FONT]
[FONT=verdana]
  • Disinfected: 7
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
[/FONT]
[FONT=verdana][FONT=Arial]Options[/FONT][/FONT]

[FONT=verdana]Scanning engines: [/FONT]
[FONT=verdana]Copyright © 1998-2009 Product support | Send virus sample to F-Secure[/FONT]

[FONT=verdana]F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. [/FONT]
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==========================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

========================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Thank you so much! I had been struggling with that stupid thing for days before I found this forum! I'm no longer getting those Flash installer popups, and the weird network issues are gone too! May I ask how you guys figured all this out? You're using all these tools that I've never seen before, and they did a way better job than any of the antivirus and anti-spyware programs I had installed.

Below is the OTL log. I just need to run the cleanup now.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Miguel
->Temp folder emptied: 482396382 bytes
->Temporary Internet Files folder emptied: 1308887 bytes
->Java cache emptied: 29784 bytes
->FireFox cache emptied: 2722463 bytes
->Google Chrome cache emptied: 10975713 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 379 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Taks
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2446 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 474.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Miguel
->Flash cache emptied: 0 bytes

User: Public

User: Taks
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Miguel
->Java cache emptied: 0 bytes

User: Public

User: Taks

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07082012_124805

Files\Folders moved on Reboot...
C:\Users\Miguel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Miguel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIIQOSU0\s[1].htm moved successfully.
C:\Users\Miguel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWXA029R\ads[1].htm moved successfully.
C:\Users\Miguel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWXA029R\ads[2].htm moved successfully.
File\Folder C:\Users\Miguel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWXA029R\s[1].htm not found!
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1148.log moved successfully.

PendingFileRenameOperations files...
File C:\Users\Miguel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Miguel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIIQOSU0\s[1].htm not found!
File C:\Users\Miguel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWXA029R\ads[1].htm not found!
File C:\Users\Miguel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWXA029R\ads[2].htm not found!
File C:\Users\Miguel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWXA029R\s[1].htm not found!
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1148.log not found!

Registry entries deleted on Reboot...
 
By the way, could you tell me what changes the cleaning tools made to the network config, if any? After cleaning it, I'm no longer able to share files. In fact, I can no longer even ping the machine. Its name shows up in the network, but clicking it just tells me to check the spelling of the computer name. I can't access it by its IP address either. I've got file sharing enabled, and checked the permissions on the shared folders, but it doesn't seem to be working. I even turned the firewall and AV off for a while, and I still wasn't able to ping it (though the machine can ping other computers)
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

M
Solved Sirefef.fc virus can't be deleted, need help removing
Replies
21
Views
6K
Broni
Broni
Elliah
Explorer.exe has encountered a problem and needs to close
Replies
3
Views
5K
gbhall
gbhall
Ineptrit
Inactive Infected with Sirefef virus
Replies
8
Views
5K
Jay Pfoutz
Jay Pfoutz

Latest posts

Back