Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help with malware removal

Unread postby mylittlepony » June 11th, 2013, 3:33 pm

Hi deltalima

Computer seems to be running ok and I am about to run the OTL Script. When I have done that and posted the output can I install my new version of MS Office?
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am
Advertisement
Register to Remove

Re: Help with malware removal

Unread postby deltalima » June 11th, 2013, 3:41 pm

Please wait until I give the "all clear" before installing anything.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby mylittlepony » June 11th, 2013, 3:57 pm

Hi deltalima

The computer seems to be running ok so can I install my new version of MS Office? The log from OTL is below



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BCF61B68-08FF-4B36-936E-B8AD31622187}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCF61B68-08FF-4B36-936E-B8AD31622187}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-21-3528189516-2229878515-3528017422-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3528189516-2229878515-3528017422-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_USERS\S-1-5-21-3528189516-2229878515-3528017422-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BCF61B68-08FF-4B36-936E-B8AD31622187}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCF61B68-08FF-4B36-936E-B8AD31622187}\ not found.
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=1083&systemid=1&sr=0&q=" removed from keyword.URL
C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} folder moved successfully.
C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}\defaults\preferences folder moved successfully.
C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}\defaults folder moved successfully.
C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}\chrome\content folder moved successfully.
C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}\chrome folder moved successfully.
C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403} folder moved successfully.
C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\searchplugins\Search_Results.xml moved successfully.
File C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npvsharetvplg.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3528189516-2229878515-3528017422-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Data Array

User: Default
->Temp folder emptied: 3632168 bytes
->Temporary Internet Files folder emptied: 200057860 bytes
->Java cache emptied: 256871 bytes
->FireFox cache emptied: 58305926 bytes
->Google Chrome cache emptied: 131458927 bytes
->Flash cache emptied: 501 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Prism Setup Folder

User: Public

User: User_1
->Temp folder emptied: 8096861 bytes
->Temporary Internet Files folder emptied: 44459657 bytes
->Java cache emptied: 256871 bytes
->FireFox cache emptied: 107838613 bytes
->Google Chrome cache emptied: 266834708 bytes
->Flash cache emptied: 9856567 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1073646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4137779240 bytes

Total Files Cleaned = 4,740.00 mb


[EMPTYFLASH]

User: All Users

User: Data Array

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Prism Setup Folder

User: Public

User: User_1
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Data Array

User: Default
->Java cache emptied: 0 bytes

User: Default User
->Java cache emptied: 0 bytes

User: Prism Setup Folder

User: Public

User: User_1
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06112013_203957

Files\Folders moved on Reboot...
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User_1\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.5176.log moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User_1\AppData\Local\Trusteer\Rapport\user\logs\koan.5176.log moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User_1\AppData\Local\Trusteer\Rapport\user\logs\koanlight.5176.log moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S6L7WAZ8\ads[2].htm moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RI1XAJM1\DroidSans[1].woff moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RI1XAJM1\frame[2].htm moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RI1XAJM1\viewtopic[1].htm moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1PCBJR2\zrt_lookup[1].htm moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\User_1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby mylittlepony » June 11th, 2013, 3:59 pm

Sorry didn't see your post. Will wait to hear from you before installing anything.
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby deltalima » June 11th, 2013, 4:15 pm

Hi mylittlepony,

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X.
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.


Clear restore points

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [clearallrestorepoints] 
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.


Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Now you can install your new version of Office.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby mylittlepony » June 11th, 2013, 4:29 pm

Hi deltalima

Many thanks for your help and for the forum which is a very valuable resource.
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby deltalima » June 11th, 2013, 4:32 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 148 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware