Free Malware Removal Forum

[larnault]

it seems to be better
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll not found.
HKU\S-1-5-21-4051198292-3032509420-350528711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\BC Native Housing\Desktop\cmd.bat deleted successfully.
C:\Users\BC Native Housing\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: BC Native Housing

User: Default

User: Default User

User: Kristin Hilder

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: BC Native Housing
->Flash cache emptied: 28903 bytes

User: Default

User: Default User

User: Kristin Hilder
->Flash cache emptied: 8306 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: BC Native Housing
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 223734238 bytes
->FireFox cache emptied: 54464709 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kristin Hilder
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 590093 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 847872 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 267.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.31.0 log created on 01102012_051833

Files\Folders moved on Reboot...
File\Folder C:\Users\BC Native Housing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(552)\Content.IE5\WUH1HC7M\55OX7Ag,XqdvJrbT4IqlllYFZWTUU6MuVO3g3349TG0vXs9oi7dTaJ7g2_rAlcYs9M0_bqWfjIb-omaMn8z3rKvu8WEAB8k9M8cSPHpjNjmJKZKjWN5klbgXxgyvBcGYJ-DqhOo8_ixVSA[1].gif not found!

Registry entries deleted on Reboot...

[askey127]

larnault,
Since you have had a rootkit infection, please understand that any Usernames, passwords, account numbers, etc. that have passed thru the machine are likely to have been stolen.
This is especially true of any financial info.
A rootkit can do anything it wants, undetected, while it is onboard.

For that reason, we can never be 100% sure that the machine is completely secure afterward.
You machine does look OK now, but its always possible that some security settings have been changed without our knowledge.

We will do one more scan. If it looks clean, we will do a cleanup and our job will be done.

-------------------------------------------------
Run the ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
You will, however, need to disable your current installed Anti-Virus. Additional information on how to do it is shown here.

Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.

• Please go here to run the scan.
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
askey127

[larnault]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=333431dec2fc7b47a1dd7efb917732a4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-10 11:32:49
# local_time=2012-01-10 03:32:49 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 162841810 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=142742
# found=0
# cleaned=0
# scan_time=4086

[askey127]

larnault,
Looks fine.
If you start OTL one more time, and click on the Clean Up button, it will remove itself and the tools we used.
You did a good job, and should be OK to go.

Glad we could help.
askey127

[askey127]

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.