Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible Malware Infection

Unread postby Cas34 » April 30th, 2012, 4:40 am

When running ESET I do not get this option:

"When prompted allow the Add-On/Active X to install."

Here are the results of the ESET scan:

C:\Users\Computa\AppData\Local\Temp\SetupDataMngr_searchqu.exe Win32/Toolbar.SearchSuite application

This is the threat that was found the last time I ran ESET but it is appears to not have been removed or it has came back after being removed.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm
Advertisement
Register to Remove

Re: Possible Malware Infection

Unread postby torreattack » April 30th, 2012, 1:04 pm

Hi cas34 :

Since you are using Mozilla Firefox 4.0.1 (x86 en-GB), I will suggest you to download the latest version here.

After finish download, uninstall the "older" firefox and install the latest.

1. remove program
Some of the following programs are outdated, useless or not recommended to keep. Please uninstall them.
  • Click start>> Control Panel >> Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    Mozilla Firefox 4.0.1 (x86 en-GB)
  • Select the program above and click on Uninstall to uninstall it.
NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

RESTART your computer now.

After restart, please install the latest Firefox that you just download.



2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy the following text... do not include the quote box title "Quote'
    :OTL
    [2012/02/26 20:48:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)

    :Files
    ipconfig /flushdns /c
    C:\USERS\COMPUTA\COOKIES\SDS5LGSQ.TXT
    C:\USERS\COMPUTA\COOKIES\8TP9R1NO.TXT
    C:\USERS\COMPUTA\COOKIES\ODMCEHW7.TXT
    C:\USERS\COMPUTA\COOKIES\HLB5O6PS.TXT
    C:\USERS\COMPUTA\COOKIES\HGHWOF3E.TXT
    C:\USERS\COMPUTA\COOKIES\COMPUTA@QUESTIONMARKET[2].TXT
    C:\USERS\COMPUTA\COOKIES\OB06GV1U.TXT
    C:\Users\Computa\AppData\Local\Temp\SetupDataMngr_searchqu.exe

    :Commands
    [EmptyTemp]
    [CreateRestorePoint]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results.
  • Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.



3. SystemLook
Please download SystemLook from one of the links below, and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook_x64.exe and select "run as administrator" to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
This scan can take some time to run so please be patient.



4. Checklist
Please post:
  • OTL fix result
  • SystemLook log
  • An update on your problems

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby Cas34 » May 1st, 2012, 4:16 am

I have updated my adobe player and mozilla firefox. Please find below the scan results requested:

All processes killed
========== OTL ==========
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Computa\Desktop\cmd.bat deleted successfully.
C:\Users\Computa\Desktop\cmd.txt deleted successfully.
File\Folder C:\USERS\COMPUTA\COOKIES\SDS5LGSQ.TXT not found.
File\Folder C:\USERS\COMPUTA\COOKIES\8TP9R1NO.TXT not found.
File\Folder C:\USERS\COMPUTA\COOKIES\ODMCEHW7.TXT not found.
File\Folder C:\USERS\COMPUTA\COOKIES\HLB5O6PS.TXT not found.
File\Folder C:\USERS\COMPUTA\COOKIES\HGHWOF3E.TXT not found.
File\Folder C:\USERS\COMPUTA\COOKIES\COMPUTA@QUESTIONMARKET[2].TXT not found.
File\Folder C:\USERS\COMPUTA\COOKIES\OB06GV1U.TXT not found.
C:\Users\Computa\AppData\Local\Temp\SetupDataMngr_searchqu.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Computa
->Temp folder emptied: 571768985 bytes
->Temporary Internet Files folder emptied: 62536847 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12695004 bytes
->Flash cache emptied: 57572 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73521414 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 78461697 bytes

Total Files Cleaned = 762.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.0 log created on 05012012_090040

Files\Folders moved on Reboot...
C:\Users\Computa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Computa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLOCNPOJ\addons-tracker-v4[1].htm moved successfully.
C:\Users\Computa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLOCNPOJ\addons-v4[1].htm moved successfully.
C:\Users\Computa\AppData\Local\Mozilla\Firefox\Profiles\l3s0ge2h.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...
------------------------
END
------------------------

SystemLook 30.07.11 by jpshortstuff
Log created at 09:10 on 01/05/2012 by Computa
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\05012012_090040\C_Users\Computa\AppData\Local\Temp\SetupDataMngr_searchqu.exe --a---- 3620952 bytes [19:47 26/02/2012] [20:53 24/12/2011] C07EB61A681E82E45B495D796EB612CC

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05012012_090040\C_Users\Computa\AppData\Local\Temp\SetupDataMngr_searchqu.exe --a---- 3620952 bytes [19:47 26/02/2012] [20:53 24/12/2011] C07EB61A681E82E45B495D796EB612CC

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Microsoft\VisualStudio\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Microsoft\VisualStudio\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Microsoft\VisualStudio\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

I have not encountered any problems with my PC since doing this but the problems I had initially are not always visible.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby torreattack » May 1st, 2012, 6:03 pm

Hi cas34 :

I have not encountered any problems with my PC since doing this but the problems I had initially are not always visible.

If you encounter any problem, please let's me know.

I will remove some bad registry. Before we carry out, I want you to back up the registry once again.

Let's create a System Restore Point with Erunt.

1. ERUNT - Emergency Recovery Utility NT
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  • Please navigate to Start >> All Programs >> ERUNT, then right click ERUNT and select "run as administrator" from the menu. If UAC prompts, please allow it.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy the following text... do not include the quote box title "Quote'
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Trolltech]

    :Commands
    [EmptyTemp]
    [Emptyjava]
    [EmptyFlash]
    [CreateRestorePoint]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results.
  • Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


3. Any other problem?

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby Cas34 » May 2nd, 2012, 12:50 pm

User: Computa
->Temp folder emptied: 1782 bytes
->Temporary Internet Files folder emptied: 794807 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49300970 bytes
->Flash cache emptied: 689 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13472 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb


[EMPTYJAVA]

User: All Users

User: Computa
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Computa
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.0 log created on 05022012_173153

Files\Folders moved on Reboot...
C:\Users\Computa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Computa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOCVBMN6\addons-tracker-v4[1].htm moved successfully.
C:\Users\Computa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOCVBMN6\addons-v4[1].htm moved successfully.

Registry entries deleted on Reboot...

My PC does not seem to be exhibiting any suspect behaviour at the moment.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby torreattack » May 3rd, 2012, 5:42 am

Hi cas34 :

My PC does not seem to be exhibiting any suspect behaviour at the moment.
Sound good! Any way, you may come back to us if you find anything suspicious again.



This is my general post for when your logs show no more signs of malware.

Congratulations... your computer now appears to be malware free! :)
Please follow these simple guidelines in order to help keep your computer more secure:

Time for some housekeeping

Flush Restore Point
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy the following text... do not include the quote box title "Quote'
    :Commands
    [EmptyTemp]
    [ClearAllRestorePoints]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results.
  • Just close the notepad and do not need to post the contents of report.


Clean up with OTL
  • Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Your Internet Explorer is outdated
You can find information and install IE 9 from Here


Update your Antivirus programs and other programs regularly.
Secunia Software Inspector
F-secure Health Check


Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
What is Windows Update?
Microsoft Update Home



Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want.

WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from BillP Studios
Information about how WinPatrol works, is available Here
(The free version of WinPatrol... provides limited real-time protection)


MVPS Hosts
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Install MVPS Hosts File Here
You can Find the Tutorial HERE


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly



I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.


Happy surfing!

torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby Cas34 » May 3rd, 2012, 8:09 pm

I just wanted to thank you for your help and let you know that I really appreciate the work you are doing. :D
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby deltalima » May 4th, 2012, 12:50 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware