1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Need some help with a co-worker's infected pc

Discussion in 'Malware and Virus Removal Archive' started by BillB, 2010/10/21.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2010/10/25
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    I updated Java and removed older versions, here are the OTl and security check logs, Eset scanner would not run in IE, had to download and run a separate application from firefox to get it to run, attaching a pic of the results.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ATIPTA deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CTDVDDet deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CTSysVol deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mmtask deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MMTray deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OM_Monitor deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ViewMgr deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OM_Monitor deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SB Audigy 2 Startup Menu deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Pager deleted successfully.
    C:\Documents and Settings\Caitlin\Start Menu\Programs\Startup\V CAST Music Monitor.lnk moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.
    Starting removal of ActiveX control {44990301-3C9D-426D-81DF-AAB636FA4345}
    C:\WINDOWS\Downloaded Program Files\tgctlsr.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Viewpoint folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\bak folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Manager\bak folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========
    C:\WINDOWS\Мicrosoft.NET folder moved successfully.
    C:\WINDOWS\Μіcrosoft folder moved successfully.
    C:\WINDOWS\System32\Міcrosoft.NET folder moved successfully.
    C:\WINDOWS\System32\Міcrosoft folder moved successfully.
    C:\Program Files\Μіcrosoft.NET folder moved successfully.
    C:\Program Files\Common Files\Μіcrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Αdobe folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\АppPatch folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\АрpPatch folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\ΑрpPatch folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\aѕsembly folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\аѕsembly folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Fоnts folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Mіcrosoft.NET folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Μіcrosoft.NET folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Мicrosoft.NET folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Міcrosoft.NET folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Mіcrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Μіcrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Мicrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Міcrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\ѕecurity folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Sуmantec folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Ѕymantec folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Ѕуmantec folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\ѕymbols folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\sуmbols folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\ѕуmbols folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\ѕуstem folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\sуstem folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\ѕystem folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\ѕystem32 folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Τasks folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Тasks\ASKS~1 folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\Тasks folder moved successfully.
    C:\Documents and Settings\Caitlin\My Documents\WіnSxS folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Αdobe folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Аdobe folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\АрpPatch folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\ΑppPatch folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\AрpPatch folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\aѕsembly folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Fοnts folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Fоnts folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Μіcrosoft.NET folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Мicrosoft.NET folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Міcrosoft.NET folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Mіcrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Μicrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Μіcrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Мicrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Міcrosoft folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Οracle folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Оracle folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\sеcurity folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\ѕecurity folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Sуmantec folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Ѕymantec folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Ѕуmantec folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\ѕymbols folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\sуmbols folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\ѕуmbols folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\ѕуstem folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\sуstem folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\ѕystem folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\ѕystem32 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\sуstem32 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\ѕуstem32 folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Tаsks folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Τasks folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Τаsks folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Тasks folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\Таsks folder moved successfully.
    C:\Documents and Settings\Caitlin\Application Data\WіnSxS folder moved successfully.

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Caitlin
    ->Temp folder emptied: 9634170 bytes
    ->Temporary Internet Files folder emptied: 133210 bytes
    ->Java cache emptied: 1900 bytes
    ->FireFox cache emptied: 16411640 bytes
    ->Flash cache emptied: 703 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 95642 bytes
    RecycleBin emptied: 874272 bytes

    Total Files Cleaned = 26.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Caitlin
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.0 log created on 10252010_141339

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 1
    Out of date service pack!!
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Security Center service is not running! This report may not be accurate!
    avast! Free Antivirus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Mozilla Firefox (2.0.0) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Alwil Software Avast5 AvastSvc.exe
    ALWILS~1 Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     

    Attached Files:

    BillB,
    #21
  2. 2010/10/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Firefox to ver. 3.6.11 (actually, you have to uninstall ver. 2 and install new version).

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including SP 3 and IE, at least version 7)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/10/26
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    The machine is doing much better now, boots much cleaner and faster and internet use is a lot better. I've update firefox and will be applying windows updates next so that IE can be updated. Here is the latest OTL log;

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Caitlin
    ->Temp folder emptied: 663625 bytes
    ->Temporary Internet Files folder emptied: 513508 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5299326 bytes
    ->Flash cache emptied: 348 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33510 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Caitlin
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.0 log created on 10262010_142403

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    BillB,
    #23
  5. 2010/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    Good luck and stay safe :)
     
    broni,
    #24
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...