Solved Suspected Sirefef infection

All processes killed
========== OTL ==========
Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.selectedEngine
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\FRST\Quarantine\{fb385931-a35a-8865-4765-626513eb4459}\{fb385931-a35a-8865-4765-626513eb4459}\U folder moved successfully.
C:\FRST\Quarantine\{fb385931-a35a-8865-4765-626513eb4459}\{fb385931-a35a-8865-4765-626513eb4459}\L folder moved successfully.
C:\FRST\Quarantine\{fb385931-a35a-8865-4765-626513eb4459}\{fb385931-a35a-8865-4765-626513eb4459} folder moved successfully.
C:\FRST\Quarantine\{fb385931-a35a-8865-4765-626513eb4459}\U folder moved successfully.
C:\FRST\Quarantine\{fb385931-a35a-8865-4765-626513eb4459}\L folder moved successfully.
C:\FRST\Quarantine\{fb385931-a35a-8865-4765-626513eb4459} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\.Trashes:Mac_Metadata deleted successfully.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: nmradar
->Temp folder emptied: 852193525 bytes
->Temporary Internet Files folder emptied: 29562843 bytes
->Java cache emptied: 3130829 bytes
->FireFox cache emptied: 91995729 bytes
->Google Chrome cache emptied: 378394646 bytes
->Flash cache emptied: 96507 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142086 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33565 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 108551223 bytes
RecycleBin emptied: 5733283246 bytes

Total Files Cleaned = 6,864.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: LogMeInRemoteUser

User: nmradar
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: nmradar
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08112012_142804

Files\Folders moved on Reboot...
C:\Users\nmradar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\nmradar\AppData\Local\Temp\~DF1D3C2ABB841925F6.TMP not found!
File\Folder C:\Users\nmradar\AppData\Local\Temp\~PIE9BC.tmp not found!
File\Folder C:\Users\nmradar\AppData\Local\Temp\~PIE9EC.tmp not found!
File\Folder C:\Users\nmradar\AppData\Local\Temp\~PIEBC3.tmp not found!
C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{392AE208-91CC-4381-9D71-09519261E841}.tmp moved successfully.
C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{49B1FD25-37C4-4489-B435-5ECFFC15C903}.tmp moved successfully.
C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B3764D83-DE30-4814-B301-8C8DA5C37CF3}.tmp moved successfully.
File\Folder C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E0C7FEFA-1918-464B-940E-A622C906489A}.tmp not found!
C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E3E2F6CA-C799-47EB-8B6E-87A2CCF7D551}.tmp moved successfully.
C:\Windows\temp\vmware-SYSTEM-2851879344\vmware-usbarb-SYSTEM-3120.log moved successfully.
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\nmradar\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\nmradar\AppData\Local\Temp\~DF1D3C2ABB841925F6.TMP not found!
File C:\Users\nmradar\AppData\Local\Temp\~PIE9BC.tmp not found!
File C:\Users\nmradar\AppData\Local\Temp\~PIE9EC.tmp not found!
File C:\Users\nmradar\AppData\Local\Temp\~PIEBC3.tmp not found!
File C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{392AE208-91CC-4381-9D71-09519261E841}.tmp not found!
File C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{49B1FD25-37C4-4489-B435-5ECFFC15C903}.tmp not found!
File C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B3764D83-DE30-4814-B301-8C8DA5C37CF3}.tmp not found!
File C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E0C7FEFA-1918-464B-940E-A622C906489A}.tmp not found!
File C:\Users\nmradar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E3E2F6CA-C799-47EB-8B6E-87A2CCF7D551}.tmp not found!
File C:\Windows\temp\vmware-SYSTEM-2851879344\vmware-usbarb-SYSTEM-3120.log not found!
[2012/08/11 14:41:02 | 000,139,224 | ---- | M] () C:\Windows\temp\Pharos\UpdaterLog.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
iSpy
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (8.0). Thunderbird out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 06-08-2012
Ran by nmradar (administrator) on 11-08-2012 at 15:04:39
Running from "C:\Users\nmradar\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dlla variant of Win32/Toolbar.Babylon applicationcleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dllWin32/Toolbar.Babylon applicationcleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exeprobably a variant of Win32/Toolbar.Babylon applicationcleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dllWin32/Toolbar.Babylon applicationcleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dllWin32/Toolbar.Babylon applicationcleaned by deleting - quarantined
C:\Users\nmradar\Desktop\CD Backups\CarmenSandiegosThinkQuickChallengeActual.isoWin32/Adware.DSSAgent applicationdeleted - quarantined
C:\Users\nmradar\Desktop\CD Backups\TheClueFinders6thGrade.isoWin32/Adware.DSSAgent applicationdeleted - quarantined
C:\Users\nmradar\Desktop\CD Backups\Where In the USA Is Carmen Sandiego.isoWin32/Adware.DSSAgent applicationdeleted - quarantined
C:\Users\nmradar\Desktop\CD Backups\Where In The World Is Carmen Sandiego.isoWin32/Adware.DSSAgent applicationdeleted - quarantined
C:\Users\nmradar\Documents\Backup\Vaio\Downloads\mini-KMS_Activator_v1.053.exea variant of Win32/HackKMS.A applicationdeleted - quarantined
C:\Users\nmradar\Documents\FTP server\Software\Games\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.isoprobably a variant of Win32/Hupigon.CJKIBCX trojandeleted - quarantined
C:\Users\nmradar\Documents\FTP server\Software\Games\Windows Game Collection\Zuma Deluxe 1.0 (PopCap).zipprobably a variant of Win32/TrojanDownloader.Agent.HCVIJAK trojandeleted - quarantined
C:\Users\nmradar\Documents\FTP server\Software\Microsoft Office\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exea variant of Win32/HackKMS.A applicationdeleted - quarantined
C:\Users\nmradar\Documents\FTP server\Software\Microsoft Office\Microsoft Office 2010 Activator [ kk ]\Microsoft Office 2010 Activator [ kk ].rarWin32/HackKMS.A applicationdeleted - quarantined
C:\Users\nmradar\Documents\FTP server\Software\Microsoft Office\Microsoft Office 2010 Activator [ kk ]\mini-KMS_Activator_v1.051.exeWin32/HackKMS.A applicationcleaned by deleting - quarantined
C:\Users\nmradar\Documents\FTP server\Software\painter11\keygen\keygen.exeprobably a variant of Win32/Agent.LJDMZCB trojancleaned by deleting - quarantined
C:\Users\Public\Downloads\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.isoprobably a variant of Win32/Hupigon.CJKIBCX trojandeleted - quarantined
C:\_OTL\MovedFiles\08112012_142804\C_FRST\Quarantine\services.exeWin64/Patched.B.Gen trojandeleted - quarantined
F:\Laptop Backup\Users\nmradar\Downloads\medialab_psd2fla_v1.01r109withpatch.rarprobably a variant of Win32/Obfuscated.BXUJVMD trojandeleted - quarantined
F:\Laptop Backup\Users\nmradar\Downloads\mini-KMS_Activator_v1.053.exea variant of Win32/HackKMS.A applicationdeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 12.zipa variant of Win32/HackKMS.A applicationdeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 165.zipa variant of Win32/HackKMS.A applicationdeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 167.zipprobably a variant of Win32/Agent.LJDMZCB trojandeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 4170.zipprobably a variant of Win32/TrojanDownloader.Agent.HCVIJAK trojandeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 4258.zipWin32/HackKMS.A applicationdeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 7980.zipWin32/Adware.DSSAgent applicationdeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 8035.zipWin32/Adware.DSSAgent applicationdeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 8040.zipWin32/Adware.DSSAgent applicationdeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-06-17 190003\Backup files 8044.zipWin32/Adware.DSSAgent applicationdeleted - quarantined
I:\NMRADAR-PC\Backup Set 2012-06-17 190003\Backup Files 2012-08-05 190036\Backup files 8.zipWin64/Sirefef.W trojandeleted - quarantined
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.
 
Farbar Service Scanner Version: 06-08-2012
Ran by nmradar (administrator) on 12-08-2012 at 12:29:03
Running from "C:\Users\nmradar\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nmradar
->Temp folder emptied: 27027351 bytes
->Temporary Internet Files folder emptied: 6768780 bytes
->Java cache emptied: 92594 bytes
->FireFox cache emptied: 7259329 bytes
->Google Chrome cache emptied: 158134316 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9933 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 190.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: nmradar
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: LogMeInRemoteUser

User: nmradar
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08122012_124127

Files\Folders moved on Reboot...
C:\Users\nmradar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-5308.log moved successfully.
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\nmradar\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/08/12 12:45:07 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-5308.log not found!
[2012/08/12 12:46:01 | 000,002,397 | ---- | M] () C:\Windows\temp\Pharos\UpdaterLog.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
 
Hey Broni, thank you so much for your help throughout this! I am unfortunately out of town for about a week, but will able to complete the rest of these steps once I return.
 
You must log in or register to reply here.

Similar threads

AlexGrama7
Unable to Connect External Monitor via USB-C on Lenovo Legion 5 (15ARH05H)
Replies
3
Views
980
AlexGrama7
AlexGrama7
midian182
Hackers could have enslaved 3 million toothbrushes for DDoS attack
Replies
10
Views
326
Underdog
Underdog
Jimmy2x
AMD formally addresses rare driver bug suspected of bricking Windows installations
Replies
19
Views
855
AdamNovagen
AdamNovagen

Latest posts

Back