Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need to know if laptop is clean


  • This topic is locked This topic is locked
14 replies to this topic

#1 Baybadoll

Baybadoll

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Illinois
  • Local time:09:31 AM

Posted 30 May 2009 - 03:34 PM

I ran malwarebytes on my laptop and it found a whole bunch of malware.
How do I know if it's clean? I included the logs.
Thank you for the help.
Katilyn

dds:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Rob Prickett at 15:13:00.40 on Sat 05/30/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.530 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
SVCHOST.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rob Prickett\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [<NO NAME>] c:\documents and settings\rob prickett\.exe /i
uRun: [Rob Prickett] c:\documents and settings\rob prickett\Rob Prickett.exe /i
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [<NO NAME>]
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [DellHelp] c:\dell\dellhelp\DellHelp.exe /c
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
LSA: Notification Packages = scecli BDCHCTA.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robpri~1\applic~1\mozilla\firefox\profiles\32kt1dgp.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {A816F8DF-FFA1-4758-A122-90C159598FF1} - c:\documents and settings\rob prickett\local settings\application data\{A816F8DF-FFA1-4758-A122-90C159598FF1}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-24 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-24 27784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-24 298776]

=============== Created Last 30 ================

2009-05-30 14:11 <DIR> --d----- c:\docume~1\robpri~1\applic~1\Malwarebytes
2009-05-30 14:11 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 14:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-30 14:11 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-30 14:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 13:00 <DIR> a-dshr-- C:\autorun.inf
2009-05-17 20:59 <DIR> --d----- C:\Dynasty chicago 5-09
2009-05-17 20:59 4,107 a------- c:\windows\Ynewe.dat
2009-05-14 07:11 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-14 07:11 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-14 07:11 <DIR> --d----- c:\program files\iPod
2009-05-14 07:11 <DIR> --d----- c:\program files\iTunes
2009-05-14 07:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-14 07:10 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-05-28 14:23 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-28 14:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-03-21 09:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 09:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 09:44 283,648 -------- c:\windows\system32\dllcache\pdh.dll

============= FINISH: 15:13:21.03 ===============





check up:

Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
NortonWMIUpdate
AVGFree8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Malwarebytes' Anti-Malware
Java™ 6 Update 13
Java 2 Runtime Environment, SE v1.4.2_03
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 25 seconds.
`````````End of Log```````````





mbam:

Malwarebytes' Anti-Malware 1.37
Database version: 2198
Windows 5.1.2600 Service Pack 2

5/30/2009 2:41:56 PM
mbam-log-2009-05-30 (14-41-56).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 133798
Time elapsed: 27 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\psukicekiqaqo (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\afesucejalaf.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:31 AM

Posted 05 June 2009 - 11:49 PM

Hi Katilyn,

Sorry for the delay, we have many logs backed up and only a few helpers.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 6 Update 13
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.

Edited by SifuMike, 05 June 2009 - 11:58 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Baybadoll

Baybadoll
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Illinois
  • Local time:09:31 AM

Posted 06 June 2009 - 07:18 PM

Hey!

Thanks for responding so quickly really!

This computer started having trouble after connecting an external drive.
I did some searches on the error messages I was getting and they are caused by a hardware mismatch between the laptop and the hard drive (phew!).

The laptop has been acting normal other than that.

Thanks,
Katilyn

Here is the log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, June 6, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, June 06, 2009 23:16:05
Records in database: 2320030
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 95315
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:05:04


File name / Threat name / Threats count
C:\RECYCLER\S-1-5-21-1079492470-1892246290-1713622573-1007\Dc18.exe Infected: not-a-virus:WebToolbar.Win32.Zango.bw 1

The selected area was scanned.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:31 AM

Posted 06 June 2009 - 09:17 PM

Hi Katilyn,


Please close FireFox and Internet Explorer browser before running OTM.


Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).


Copy the lines in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C[/b] (or, after highlighting, right-click and choose Copy):
Do not include the word "Code".


:files
C:\RECYCLER\S-1-5-21-1079492470-1892246290-1713622573-1007\Dc18.exe 
:commands
[emptytemp]
[Reboot]


Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Your system is infected with a Flash Drive infector

Warning: Any flash / jump drives you have connected to this system since your infection have been compromised by a flash drive infector.
We are going to run a tool as part of the following fix which will disinfect your machine, as well as clean any flash drives connected to the system.
It is advised you connect any flash drives that have been connected to this machine during this time frame to this system for the following fix, in order to disinfect them.

Please let owners of other machines to which you have connected any flash media or drives that their machines may now be infected.

We need to remove the Flash Drive infector


What will Flash Disinfector Do
- Clean up junks created by flash malwares
- Deletes autorun.inf from every root folder
- Fix back damages done to your system
- Creates an autorun.inf folder in the root of your system drives


Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.

Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Baybadoll

Baybadoll
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Illinois
  • Local time:09:31 AM

Posted 07 June 2009 - 10:24 PM

Hi!

Things seem to be working fine.

Here's the log:

========== FILES ==========
C:\RECYCLER\S-1-5-21-1079492470-1892246290-1713622573-1007\Dc18.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\kosglue-7.0.26.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\hsperfdata_Rob Prickett\2456 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\hsperfdata_Rob Prickett\664 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\etilqs_b3O7JyXoAhho5XzB7tbg scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jar_cache751418795271480560.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\Perflib_Perfdata_3e4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\~DFED5.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Rob Prickett\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_148.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_764.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a0c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Rob Prickett\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-37e7e8fb scheduled to be deleted on reboot.
Java cache emptied.
File delete failed. C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.0 log created on 06062009_223928

Files moved on Reboot...
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\FSSync.dll
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\kave.dll
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\kosglue-7.0.26.0.dll
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\kosglue-7.0.26.0.dll NOT unregistered.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\kosglue-7.0.26.0.dll moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\lha.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\prLoader.dll
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\rar.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jkos-Rob Prickett\binaries\WDiskIO.ppl moved successfully.
File C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\hsperfdata_Rob Prickett\2456 not found!
File C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\hsperfdata_Rob Prickett\664 not found!
File C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\etilqs_b3O7JyXoAhho5XzB7tbg not found!
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\jar_cache751418795271480560.tmp moved successfully.
File C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\Perflib_Perfdata_3e4.dat not found!
C:\DOCUME~1\ROBPRI~1\LOCALS~1\Temp\~DFED5.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_148.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_764.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_a0c.dat not found!
C:\Documents and Settings\Rob Prickett\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-37e7e8fb moved successfully.
C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Rob Prickett\Local Settings\Application Data\Mozilla\Firefox\Profiles\32kt1dgp.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:31 AM

Posted 07 June 2009 - 11:00 PM

Hi Katilyn,

I think you are clean. :thumbup2: Please confirm that everything is working OK and then we will do the program clean up.

Edited by SifuMike, 07 June 2009 - 11:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Baybadoll

Baybadoll
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Illinois
  • Local time:09:31 AM

Posted 08 June 2009 - 07:58 AM

Everything appears to be working normally. :thumbup2:
Thank you!
Katilyn

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:31 AM

Posted 08 June 2009 - 08:12 AM

Hi Katilyn,

Delete Security Check from your desktop.

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTMoveIt3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously !

These few simple steps can stave off the vast majority of spyware problems.
Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer.
This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.
You should definitely maintain a firewall.

Some good free firewalls are
Online Armor Free,
Comodo Firewall Pro + Antivirus, Sunbelt Kerio,ZoneAlarm, or Outpost
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
Please make sure to run your antivirus software regularly, and to keep it up-to-date.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Baybadoll

Baybadoll
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Illinois
  • Local time:09:31 AM

Posted 08 June 2009 - 09:44 PM

Hey!

Security Check and DDS are both gone.
Combofix isn't on this computer, just OTM. Do I use the CleanUp option?

Thanks, Katilyn

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:31 AM

Posted 08 June 2009 - 10:17 PM

Yes. :thumbup2:

Open OTM and click the CleanUp! button on top.
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present.
They are not needed anymore, so OTM will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.

Edited by SifuMike, 08 June 2009 - 10:18 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Baybadoll

Baybadoll
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Illinois
  • Local time:09:31 AM

Posted 08 June 2009 - 10:33 PM

I can't get OTM to run...

It shows up in the Task Manager, but that's it.

What do I do?

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:31 AM

Posted 08 June 2009 - 10:36 PM

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Baybadoll

Baybadoll
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Illinois
  • Local time:09:31 AM

Posted 08 June 2009 - 10:46 PM

Okay, it worked!

Thank you!!

AGAIN!!

Katilyn

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:31 AM

Posted 08 June 2009 - 11:32 PM

Your welcome. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:31 AM

Posted 16 June 2009 - 10:35 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users