87 replies to this topic

[colin0100]

Managed to get to safe mode. It worked!!!!
Will try a windows update now.
---------
All processes killed
========== OTL ==========
HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
C:\Documents and Settings\COLIN\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\COLIN\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\COLIN\My Documents\My 4shared Sync folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit folder moved successfully.
C:\Program Files\4shared_Desktop_3[1].3.5M.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer moved successfully.
C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe moved successfully.
C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt moved successfully.
C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr moved successfully.
C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif moved successfully.
C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif moved successfully.
C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif moved successfully.
C:\Documents and Settings\COLIN\Application Data\evf moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\COLIN\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\COLIN\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: COLIN
->Temp folder emptied: 39681467 bytes
->Temporary Internet Files folder emptied: 8409699 bytes
->Flash cache emptied: 343953 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 95375 bytes
->Flash cache emptied: 8889 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 53019 bytes

User: MANEERAT
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 529186 bytes
->Flash cache emptied: 2023 bytes

User: NetworkService
->Temp folder emptied: 63098450 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: new one
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 8570856 bytes
%systemroot%\System32 .tmp files removed: 608594 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 564579 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34046 bytes
RecycleBin emptied: 1933086491 bytes

Total Files Cleaned = 1,960.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.53.1 log created on 07072012_090537

Files\Folders moved on Reboot...
C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\google.com[1] moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\index[1].php moved successfully.
C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

PendingFileRenameOperations files...
File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\google.com[1] not found!
File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\index[1].php not found!
File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

Registry entries deleted on Reboot...

[colin0100]

Windows update would not run: boot in normal mode.
Advice please. Thanks Maniac.

[Maniac]

Try to run aswMBR.

[colin0100]

Running it now....earlier today I updated Malwarebytes and did a run, got 105 windows updates installed, updated to SP3.
Now I can't get into the internet at all (Internet explorer has an error......)....I am on a laptop now that is wireless to my router.
I was just about to re-install Windows when I saw your reply....so am running that now.
If I stull can't connect to the interent I will have to post the log to my USB stick and send the results from this laptop: WHAT IS THE DANGER THAT THE MEMORY STICK WILL INFECT THIS LAPTOP??
Cheers
Colin

[Maniac]

There is a chance, so try this:

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  
• Wait until it has finished scanning and then exit the program.
  
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

[colin0100]

My PC will not connect to the internet, so I can not download it.
Let's forget it maniac, I am too stressed out for this. I will reinstall my Windows.
Thank you for recovering my files, that is the bonus for me.
I hope you received my small donation made yesterday, it is the most I can really afford given my circumstances.
I wish you well in your generosity and hope indeed that all goes well for you in life.
Colin

[Maniac]

I'm sorry about that, Colin!

Modern malware has evolved and become loathsome. Things get complicated at times compared to previous years and is now difficult to fight it. I hope at least I was a little helpful. Thank you for everything!

Some malware prevention tips for you:
http://forums.malwar...=0


Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!