1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Antivirusware Soft Question - Should I do more?

Discussion in 'Malware and Virus Removal Archive' started by JustinCase, 2010/05/30.

Page 2 of 2
  1. 2010/05/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Teatimer is part of Spybot. What is your drive E?

    Please download OTM

    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes

:Services

:Reg

:Files
C:\Users\Gary\Desktop\Home Foreclosure\mortgage2\Debt Articles\Copy (2) of pack1.zip	
C:\Users\Gary\Desktop\Home Foreclosure\mortgage2\Debt Articles\Copy of SQZ1ab.zip	
C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\readownloads\reabonus\millionairesecret.exe
C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\readownloads\reabonus\REAbonus.zip	
C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\REAmaster.zip	
C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino1.zip	
C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino2x.zip	
C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino3z.zip	
C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino4ww.zip	
C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino5ew.zip	Infected: 
C:\Users\Gary\Desktop\Software\Pro Article Writer\newyear\parrr.rar	
C:\Users\Gary\Desktop\Software\Pro Article Writer\PAR.rar
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
     
    broni,
    #21
  2. 2010/05/31
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Users\Gary\Desktop\Home Foreclosure\mortgage2\Debt Articles\Copy (2) of pack1.zip moved successfully.
    C:\Users\Gary\Desktop\Home Foreclosure\mortgage2\Debt Articles\Copy of SQZ1ab.zip moved successfully.
    C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\readownloads\reabonus\millionairesecret.exe moved successfully.
    C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\readownloads\reabonus\REAbonus.zip moved successfully.
    C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\REAmaster.zip moved successfully.
    C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino1.zip moved successfully.
    C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino2x.zip moved successfully.
    C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino3z.zip moved successfully.
    C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino4ww.zip moved successfully.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino5ew.zip Infected: not found.
    C:\Users\Gary\Desktop\Software\Pro Article Writer\newyear\parrr.rar moved successfully.
    C:\Users\Gary\Desktop\Software\Pro Article Writer\PAR.rar moved successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gary
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 517602 bytes
    ->Java cache emptied: 128094 bytes
    ->FireFox cache emptied: 63416883 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1225 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3395376 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 64.00 mb


    OTM by OldTimer - Version 3.1.12.2 log created on 05312010_184425

    Files moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    OOOOOPSSSS

    the Anti Virus was running and said it shot of something to do with OTM so I reran it as per the instructions above and got this file from that run. I thought I would just redo what I did before and do it without antivirus but I guess it does not work that way. I think this one gives you want you are looking for anyway.

    Sorry for the goof up.

    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File/Folder C:\Users\Gary\Desktop\Home Foreclosure\mortgage2\Debt Articles\Copy (2) of pack1.zip not found.
    File/Folder C:\Users\Gary\Desktop\Home Foreclosure\mortgage2\Debt Articles\Copy of SQZ1ab.zip not found.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\readownloads\reabonus\millionairesecret.exe not found.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\readownloads\reabonus\REAbonus.zip not found.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Social Niche Builder$10-6-26\Reply eMailer Master\REAmaster.zip not found.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino1.zip not found.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino2x.zip not found.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino3z.zip not found.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino4ww.zip not found.
    File/Folder C:\Users\Gary\Desktop\My Websites1\Sites To Do\Turnkey Websites\Turnkey Websites\casino5ew.zip Infected: not found.
    File/Folder C:\Users\Gary\Desktop\Software\Pro Article Writer\newyear\parrr.rar not found.
    File/Folder C:\Users\Gary\Desktop\Software\Pro Article Writer\PAR.rar not found.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gary
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 251475 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 14940651 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 762 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1609572 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 16.00 mb


    OTM by OldTimer - Version 3.1.12.2 log created on 05312010_185140

    Files moved on Reboot...
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\D1857C3Cd01 moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\urlclassifier3.sqlite moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    File C:\Windows\temp\ZLT07b07.TMP not found!

    There are some .res files but they do not open and they are newer files and much smaller.

    Registry entries deleted on Reboot...
     
    JustinCase,
    #22


  3. to hide this advert.

  4. 2010/05/31
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    My E drive is the DVD player. Tea Timer did not pop with the error of yesterday as pointed out. It does show up on SpyBot as a startup along with a bunch of other .exe files like Robform and such.
     
    JustinCase,
    #23
  5. 2010/05/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    • Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator ")
    • Click on the CleanUp! button and follow the prompts.
    • You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.
    • After the reboot all the tools we used should be gone.
    • The tool will delete itself once it finishes.

    ================================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #24
  6. 2010/06/01
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    Thanks for the help Broni. All is done as you suggested. I am in you debt for sure. I will keep you posted if I have any questions or anything seems untoward. It has been a long ride, but well worth the effort to know this guy is clean of any Flues. Have a great week and may it get even better.

    Justin
     
    JustinCase,
    #25
  7. 2010/06/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
    Good luck and stay safe :)
     
    broni,
    #26
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...