Welcome to GeekPolice!
HomeRoot Kit....Zero Access
Page 26 of 26 • 
1 ... 14 ... 24, 25, 26
- Dr Jay
Head Admin
-
Power of Youth! 
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15091
Rubies : 288416
Likes : 149 
Dr Jay on 30th June 2012, 10:24 am
Please run OTL
- Under the Custom Scans/Fixes box at the bottom, copy and paste in the following::otl
SRV - File not found [On_Demand | Stopped] -- -- (MpsSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- -- (BFE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\UP_date\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKCU\..\SearchScopes,DefaultScope = {21475A23-BD73-3152-6CAC-741072CD9B98}
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - Startup: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O4 - Startup: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
:files
C:\WINDOWS\SYSTEM32\SYSPREP
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269
C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
C:\Users\JonEJet\AppData\Local\Temp28.html
C:\Users\JonEJet\AppData\Local\Temp1.html
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions\abb@amazon.com.xpi
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions\cooijlurcq@cooijlurcq.org.xpi
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\6llx2x2q.default\extensions\cooijlurcq@cooijlurcq.org.xpi
:commands
[emptytemp]
[reboot] - Then click the Run Fix button at the top.
- Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
- Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
- JonEJet
Senior
-
OS : XP
Posts : 210
Rubies : 6105
Likes : 0 -
JonEJet on 30th June 2012, 5:30 pm
We are close my man....I'm getting a bit verklempt 
hahahahaha
All processes killed
========== OTL ==========
Service MpsSvc stopped successfully!
Service MpsSvc deleted successfully!
Service MozillaMaintenance stopped successfully!
Service MozillaMaintenance deleted successfully!
File C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe not found.
Service BFE stopped successfully!
Service BFE deleted successfully!
Service Tosrfcom stopped successfully!
Service Tosrfcom deleted successfully!
Service SVRPEDRV stopped successfully!
Service SVRPEDRV deleted successfully!
File C:\Windows\System32\sysprep\UP_date\PEDrv.sys not found.
Service IO_Memory stopped successfully!
Service IO_Memory deleted successfully!
File C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC37B0C6-1699-454D-815B-74DB6873EE31}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC37B0C6-1699-454D-815B-74DB6873EE31}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
C:\WINDOWS\SYSTEM32\sysprep\Panther folder moved successfully.
C:\WINDOWS\SYSTEM32\sysprep\en-US folder moved successfully.
Folder move failed. C:\WINDOWS\SYSTEM32\sysprep scheduled to be moved on reboot.
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269\webapps folder moved successfully.
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269\minidumps folder moved successfully.
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269\bookmarkbackups folder moved successfully.
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269 folder moved successfully.
File\Folder C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk not found.
C:\Users\JonEJet\AppData\Local\Temp28.html moved successfully.
C:\Users\JonEJet\AppData\Local\Temp1.html moved successfully.
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions\abb@amazon.com.xpi moved successfully.
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions\cooijlurcq@cooijlurcq.org.xpi moved successfully.
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\6llx2x2q.default\extensions\cooijlurcq@cooijlurcq.org.xpi moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: JonEJet
->Temp folder emptied: 20072949 bytes
->Temporary Internet Files folder emptied: 128210 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 731179890 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 19088 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 743713 bytes
RecycleBin emptied: 227760 bytes
Total Files Cleaned = 718.00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 06302012_131424
hahahahahaAll processes killed
========== OTL ==========
Service MpsSvc stopped successfully!
Service MpsSvc deleted successfully!
Service MozillaMaintenance stopped successfully!
Service MozillaMaintenance deleted successfully!
File C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe not found.
Service BFE stopped successfully!
Service BFE deleted successfully!
Service Tosrfcom stopped successfully!
Service Tosrfcom deleted successfully!
Service SVRPEDRV stopped successfully!
Service SVRPEDRV deleted successfully!
File C:\Windows\System32\sysprep\UP_date\PEDrv.sys not found.
Service IO_Memory stopped successfully!
Service IO_Memory deleted successfully!
File C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC37B0C6-1699-454D-815B-74DB6873EE31}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC37B0C6-1699-454D-815B-74DB6873EE31}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
C:\WINDOWS\SYSTEM32\sysprep\Panther folder moved successfully.
C:\WINDOWS\SYSTEM32\sysprep\en-US folder moved successfully.
Folder move failed. C:\WINDOWS\SYSTEM32\sysprep scheduled to be moved on reboot.
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269\webapps folder moved successfully.
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269\minidumps folder moved successfully.
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269\bookmarkbackups folder moved successfully.
C:\Users\JonEJet\Documents\1aan0j2r.default-1340996399269 folder moved successfully.
File\Folder C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk not found.
C:\Users\JonEJet\AppData\Local\Temp28.html moved successfully.
C:\Users\JonEJet\AppData\Local\Temp1.html moved successfully.
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions\abb@amazon.com.xpi moved successfully.
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions\cooijlurcq@cooijlurcq.org.xpi moved successfully.
C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\6llx2x2q.default\extensions\cooijlurcq@cooijlurcq.org.xpi moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: JonEJet
->Temp folder emptied: 20072949 bytes
->Temporary Internet Files folder emptied: 128210 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 731179890 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 19088 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 743713 bytes
RecycleBin emptied: 227760 bytes
Total Files Cleaned = 718.00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 06302012_131424
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15091
Rubies : 288416
Likes : 149 -
Dr Jay on 30th June 2012, 7:35 pm
How are things running overall?
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15091
Rubies : 288416
Likes : 149 -
Dr Jay on 30th June 2012, 8:02 pm
Redirects are gone?
Clean up System Restore
Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
You now have a clean restore point, to get rid of the bad ones:
Run OTC to remove our tools
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
Purge old temporary files
Please download TFC by OldTimer to your desktop
Security Check
Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
Clean up System Restore
Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
- Select Start > All Programs > Accessories > System tools > System Restore.
- On the dialogue box that appears select Create a Restore Point
- Click NEXT
- Enter a name e.g. Clean
- Click CREATE
You now have a clean restore point, to get rid of the bad ones:
- Select Start > All Programs > Accessories > System tools > Disk Cleanup.
- In the Drop down box that appears select your main drive e.g. C
- Click OK
- The System will do some calculation and the display a dialogue box with TABS
- Select the More Options Tab.
- At the bottom will be a system restore box with a CLEANUP button click this
- Accept the Warning and select OK again, the program will close and you are done
Run OTC to remove our tools
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
- Save it to your Desktop.
- Double click OTC.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
Purge old temporary files
Please download TFC by OldTimer to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion. - Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Security Check
Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
- JonEJetSenior
-
OS : XP
Posts : 210
Rubies : 6105
Likes : 0 -
JonEJet on 30th June 2012, 9:10 pm
Have you just given my computer an enema? lol
Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 1 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Rootkit Unhooker LE 3.8 SR 2
Malwarebytes Anti-Malware version 1.61.0.1400
Java(TM) 6 Update 32
Java(TM) 6 Update 2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 1 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Rootkit Unhooker LE 3.8 SR 2
Malwarebytes Anti-Malware version 1.61.0.1400
Java(TM) 6 Update 32
Java(TM) 6 Update 2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15091
Rubies : 288416
Likes : 149 -
Dr Jay on 1st July 2012, 5:21 pm
Time to do some updating. :wink:
Remove old versions of the programs that need updated, and then follow instructions for updating below that.
Please go to Start > Control Panel > [Programs and Features and remove the following (if present):
Adobe Reader and Flash Updates!
Please download and install the new updates from http://www.adobe.com
Java Update!
Please download the newest version of Java from Java.com.
It would probably be best to obtain the latest Microsoft Updates for Windows Vista. Also, plan to install Vista's Service Pack 2: http://support.microsoft.com/kb/935791
By getting all these patches done, you're protecting your computer from threats. Many malware can exploit these out-of-date versions (vulnerabilities).
Read about Secunia PSI (on my company's blog), an automatic software updating tool: http://secureconnexion.wordpress.com/2012/06/29/secunia-personal-software-inspector-updates-v-3/
See this page for more info about malware and prevention.
Other than that, see my signature for information about contributing to our projects.
Your computer is clean, and make sure it stays that way! Kudos!
Remove old versions of the programs that need updated, and then follow instructions for updating below that.
Please go to Start > Control Panel > [Programs and Features and remove the following (if present):
- All Google Chrome 19 versions (not version 20)
- All Adobe Flash versions
- All Adobe Reader versions
- All Java versions
Adobe Reader and Flash Updates!
Please download and install the new updates from http://www.adobe.com
Java Update!
Please download the newest version of Java from Java.com.
It would probably be best to obtain the latest Microsoft Updates for Windows Vista. Also, plan to install Vista's Service Pack 2: http://support.microsoft.com/kb/935791
By getting all these patches done, you're protecting your computer from threats. Many malware can exploit these out-of-date versions (vulnerabilities).
Read about Secunia PSI (on my company's blog), an automatic software updating tool: http://secureconnexion.wordpress.com/2012/06/29/secunia-personal-software-inspector-updates-v-3/
See this page for more info about malware and prevention.
Other than that, see my signature for information about contributing to our projects.
Your computer is clean, and make sure it stays that way! Kudos!
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15091
Rubies : 288416
Likes : 149 -
Dr Jay on 2nd July 2012, 5:49 am
I know! And thanks!
=>Topic closed.
=>Topic closed.
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Page 26 of 26 • 1 ... 14 ... 24, 25, 26
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 26 of 26
Permissions in this forum:
You can reply to topics in this forum
