Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help to rid of virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help to rid of virus

Unread postby pgmigg » February 2nd, 2013, 12:54 am

Hello lmilchin,

Great results! :D
Will continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
    "path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
    @=""
    
    :Files
    C:\Program Files\Babylon
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Need help to rid of virus

Unread postby lmilchin » February 2nd, 2013, 2:57 pm

A. I do not have any problems executing the instructions?

B. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\\C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\\path deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}\\@|"" /E : value set successfully!
========== FILES ==========
C:\Program Files\Babylon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lev Milchin
->Temp folder emptied: 81146906 bytes
->Temporary Internet Files folder emptied: 567238 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44307404 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1908 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7013707 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 10699750 bytes

Total Files Cleaned = 137.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lev Milchin
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lev Milchin
->Java cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02022013_075805

Files\Folders moved on Reboot...
C:\Users\Lev Milchin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\mcafee_DRCLyAv75dGvORb not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
lmilchin
Regular Member
 
Posts: 16
Joined: January 29th, 2013, 9:51 pm

Re: Need help to rid of virus

Unread postby lmilchin » February 2nd, 2013, 2:59 pm

C. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=3d25bcb3426cdc4591f48d3fa29bce59
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-02 02:39:18
# local_time=2013-02-02 09:39:18 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5122 16777213 100 90 2106875 108490554 0 0
# compatibility_mode=5893 16776574 100 94 6153801 111359408 0 0
# scanned=150760
# found=2
# cleaned=0
# scan_time=4633
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C84695491FB500FD20F0A57023887F9B93E17DCE I
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application D4BEE8D54CABFE67C0F1AFF793673054FC7736C8 I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=3d25bcb3426cdc4591f48d3fa29bce59
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-02 06:47:00
# local_time=2013-02-02 01:47:00 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5122 16777213 100 90 2118137 108505416 0 0
# compatibility_mode=5893 16776574 100 94 6165063 111374270 0 0
# scanned=303916
# found=10
# cleaned=0
# scan_time=14692
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C84695491FB500FD20F0A57023887F9B93E17DCE I
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application D4BEE8D54CABFE67C0F1AFF793673054FC7736C8 I
C:\Windows\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi a variant of Win32/Bundled.Toolbar.Ask application 82487B76948FC977CE533F4E4A040DAC9429917A I
C:\Windows\Installer\6e39a.msi a variant of Win32/Bundled.Toolbar.Ask application 82487B76948FC977CE533F4E4A040DAC9429917A I
N:\Programs\Any Video Converter\avc-free.exe Win32/OpenCandy application F36B7F5DE08DB46883D6BAD5604046C01E7DF1B9 I
N:\Programs\Subtitle Workshop\SoftonicDownloader31575.exe a variant of Win32/SoftonicDownloader.A application 0CE4D7AF9B8E9B08BAC1F0410CBC25EA851220AE I
N:\Programs\USD (Universal Share Downloader) 1.3.6.7\sborka_blackmanos_13_67_indosharing.zip a variant of Win32/Packed.ExeScript.F trojan B43D7E36CDEE4281314BABDD6E43B34E0B612244 I
N:\Programs\Audacity Sound Editor\audacity-win-unicode-1.3.13.exe a variant of Win32/HotDownloads application 8BF8BA9C0FC16634C418A3402A9E610A9FA822C7 I
N:\Programs\DAEMON Tools Lite v4.45.3 (with SPTD 1.80)\DTLite4453-0297.exe Win32/OpenCandy application 3B5FA247BC20BCE3FDF362C7D4E78A49C1CD56EB I
N:\Programs\Subtitle Workshop 2.51\SoftonicDownloader_for_subtitle-workshop.exe a variant of Win32/SoftonicDownloader.E application 7C9FF20FCAC27789386EB19783AD0453C124AB6C I

D. I do not see any changes in computer behavior?
lmilchin
Regular Member
 
Posts: 16
Joined: January 29th, 2013, 9:51 pm

Re: Need help to rid of virus

Unread postby pgmigg » February 2nd, 2013, 6:30 pm

Hello lmilchin,

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 2.
Upload File/Files for testing
  1. Please go to jotti.org or Virustotal
  2. Copy/Paste the following files to upload them one by one for scanning:
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
    C:\Windows\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi
    C:\Windows\Installer\6e39a.msi
    N:\Programs\Any Video Converter\avc-free.exe
    N:\Programs\Subtitle Workshop\SoftonicDownloader31575.exe
    N:\Programs\USD (Universal Share Downloader) 1.3.6.7\sborka_blackmanos_13_67_indosharing.zip
    N:\Programs\Audacity Sound Editor\audacity-win-unicode-1.3.13.exe
    N:\Programs\DAEMON Tools Lite v4.45.3 (with SPTD 1.80)\DTLite4453-0297.exe
    N:\Programs\Subtitle Workshop 2.51\SoftonicDownloader_for_subtitle-workshop.exe
  3. Press Submit - this will submit the file for testing.
    Note: If you will see a message "File already analysed", please click on "Reanalyse" button.
  4. Please wait for all the scanners to finish.
  5. Then copy and paste every permalink (web address) in your next response.
    Example of web address:
    Image

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help to rid of virus

Unread postby lmilchin » February 2nd, 2013, 9:54 pm

A. I do not have any problems executing the instructions.

B. The resulting web links after online file scan by Virus Total.

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
Permalink:
http://virusscan.jotti.org/en/scanresul ... 939a442ed6

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
Permalink:
http://virusscan.jotti.org/en/scanresul ... 3772c13b72

C:\Windows\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi
Permalink:
http://virusscan.jotti.org/en/scanresul ... 7b6f44cc1e

C:\Windows\Installer\6e39a.msi
Permalink:
http://virusscan.jotti.org/en/scanresul ... 3b9a83e55c

N:\Programs\Any Video Converter\avc-free.exe
Permalink:
http://virusscan.jotti.org/en/scanresul ... 6dba240f0c

N:\Programs\Subtitle Workshop\SoftonicDownloader31575.exe
Permalink:
http://virusscan.jotti.org/en/scanresul ... 8580bc7017

N:\Programs\USD (Universal Share Downloader) 1.3.6.7\sborka_blackmanos_13_67_indosharing.zip
Permalink:
http://virusscan.jotti.org/en/scanresul ... 008ae59354

N:\Programs\Audacity Sound Editor\audacity-win-unicode-1.3.13.exe
Permalink:
http://virusscan.jotti.org/en/scanresul ... 57854dd6ab

N:\Programs\DAEMON Tools Lite v4.45.3 (with SPTD 1.80)\DTLite4453-0297.exe
Permalink:
http://virusscan.jotti.org/en/scanresul ... e52cc68563

N:\Programs\Subtitle Workshop 2.51\SoftonicDownloader_for_subtitle-workshop.exe
Permalink:
http://virusscan.jotti.org/en/scanresul ... d1fe1aee25

C. I do not see any changes in computer behavior.
lmilchin
Regular Member
 
Posts: 16
Joined: January 29th, 2013, 9:51 pm

Re: Need help to rid of virus

Unread postby pgmigg » February 3rd, 2013, 12:21 pm

Hello lmilchin,

Very good research! :D let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    N:\Programs\Subtitle Workshop\SoftonicDownloader31575.exe
    N:\Programs\USD (Universal Share Downloader) 1.3.6.7\sborka_blackmanos_13_67_indosharing.zip
    N:\Programs\Audacity Sound Editor\audacity-win-unicode-1.3.13.exe
    N:\Programs\Subtitle Workshop 2.51\SoftonicDownloader_for_subtitle-workshop.exe
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and Internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator..." to run it.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the log file at C:\AdwCleaner[S1].txt as well.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the C:\AdwCleaner[S1].txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help to rid of virus

Unread postby lmilchin » February 3rd, 2013, 1:26 pm

A. I do not have any problems executing the instructions.

B. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
N:\Programs\Subtitle Workshop\SoftonicDownloader31575.exe moved successfully.
N:\Programs\USD (Universal Share Downloader) 1.3.6.7\sborka_blackmanos_13_67_indosharing.zip moved successfully.
N:\Programs\Audacity Sound Editor\audacity-win-unicode-1.3.13.exe moved successfully.
N:\Programs\Subtitle Workshop 2.51\SoftonicDownloader_for_subtitle-workshop.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lev Milchin
->Temp folder emptied: 128055534 bytes
->Temporary Internet Files folder emptied: 887629 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65976431 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2127 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7010139 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1706932 bytes

Total Files Cleaned = 194.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02032013_120805

Files\Folders moved on Reboot...
C:\Users\Lev Milchin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\mcafee_7CdelgeLI6bCTva not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C. Contents of the C:\AdwCleaner[S1].txt log file

# AdwCleaner v2.109 - Logfile created 02/03/2013 at 12:17:27
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Lev Milchin - LEVMILCHIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Lev Milchin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Lev Milchin\AppData\Roaming\Mozilla\Firefox\Profiles\ctwh2mlj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Lev Milchin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2464 octets] - [03/02/2013 12:17:27]

########## EOF - C:\AdwCleaner[S1].txt - [2524 octets] ##########

D. I do not see any changes in computer behavior.
lmilchin
Regular Member
 
Posts: 16
Joined: January 29th, 2013, 9:51 pm

Re: Need help to rid of virus

Unread postby pgmigg » February 4th, 2013, 12:31 am

Hello lmilchin,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps

Step 1.
I would like you to do the following:
  • Change your email Password.
  • Change your Secret Question & Answer (if it possible).
  • Change your alternative email.

Step 2.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u13) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x64, click on the associated file name, then save the file to your Desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From Desktop please right-click on jre-7u13-windows-x64.exe select "Run As Administrator..." to install the newest version.
  3. Follow the on-screen directions. When installation is completed successfully, please reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

Step 3.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 4.
OTL-Cleanup
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Then:
Please don't forget to enable all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help to rid of virus

Unread postby lmilchin » February 4th, 2013, 7:23 pm

After cleaning I sill have on my desktop JRE.exe, JRE.txt, esetsmartinstaller_enu.exe, ESET_log.txt, SystemLook_x64.exe, adwcleaner.exe, CCleaner. Do I need them or may try to uninstall thrugh Control Panel or delit from desktop?
lmilchin
Regular Member
 
Posts: 16
Joined: January 29th, 2013, 9:51 pm

Re: Need help to rid of virus

Unread postby pgmigg » February 4th, 2013, 7:41 pm

Hello lmilchin,
After cleaning I sill have on my desktop JRE.exe, JRE.txt, esetsmartinstaller_enu.exe, ESET_log.txt, SystemLook_x64.exe, adwcleaner.exe, CCleaner. Do I need them or may try to uninstall thrugh Control Panel or delit from desktop?
Good question! :)
You need to delete from your Desktop the following:
  1. JRE.exe
  2. JRE.txt
  3. esetsmartinstaller_enu.exe
  4. ESET_log.txt
  5. SystemLook_x64.exe
  6. adwcleaner.exe

The CCleaner is application was installed before we start out treatment. You can keep it if you use it... If you would like to delete it - it is only one which needs uninstalling via Control Panel.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help to rid of virus

Unread postby lmilchin » February 4th, 2013, 8:13 pm

Thank you. Everything deleted.
lmilchin
Regular Member
 
Posts: 16
Joined: January 29th, 2013, 9:51 pm

Re: Need help to rid of virus

Unread postby pgmigg » February 4th, 2013, 11:17 pm

You are welcome lmilchin! :D

The work is done. If you don't have more questions, this topic will be closed.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help to rid of virus

Unread postby NonSuch » February 8th, 2013, 12:29 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware