28 replies to this topic

[vossy]

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 30
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

[Broni]

You're good :)

Complete final steps from my reply #18

[vossy]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DT
->Temp folder emptied: 15686847 bytes
->Temporary Internet Files folder emptied: 5884006 bytes
->Java cache emptied: 2027 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 991 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 3534 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9214 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: DT
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12232011_193657
Files\Folders moved on Reboot...
C:\Documents and Settings\DT\Local Settings\Temporary Internet Files\Content.IE5\DCLW9FLH\49640-i-have-been-hacked[1].htm moved successfully.
C:\Documents and Settings\DT\Local Settings\Temporary Internet Files\Content.IE5\DCLW9FLH\bacf00[1].htm moved successfully.
C:\Documents and Settings\DT\Local Settings\Temporary Internet Files\Content.IE5\DCLW9FLH\bacf00[2].htm moved successfully.
C:\Documents and Settings\DT\Local Settings\Temporary Internet Files\Content.IE5\DCLW9FLH\bacf00[3].htm moved successfully.
C:\Documents and Settings\DT\Local Settings\Temporary Internet Files\Content.IE5\DCLW9FLH\bacf00[4].htm moved successfully.
C:\Documents and Settings\DT\Local Settings\Temporary Internet Files\Content.IE5\DCLW9FLH\bacf00[5].htm moved successfully.
C:\Documents and Settings\DT\Local Settings\Temporary Internet Files\Content.IE5\DCLW9FLH\fastbutton[1].htm moved successfully.
Registry entries deleted on Reboot...

[vossy]

The only problem I see is my Quicken 2011 is missing from the program menu. I see it in the add-remove section. I cannot find microsoft office 2007 also? Any idea what could have happened to them? When I click start, all programs it shows them but they are empty there. Office is a large program (550 megs ) but I cannot find it.

[Broni]

Are they listed in "Program Files" folder?
Maybe just shortcuts are missing.

[vossy]

I found work and excel but have not found the correct file for quicken. Also there is an Icon on my desktop called System Fix. I am assuming this is the bad boy that caused all the problems?

[Broni]

Yes you cam simply delete it.

Do you have Quicken CD to run repair or reinstallation?

[vossy]

Ok, its deleted. I think I have the quicken CD somewhere. I think I may have install office again also. There are a few more programs missing also from the all program menu. I assume the data files will still be there when I re-install? This trojan really wrecks a computer. Not sure how it came in. I thought I was fully protected with web-root. I know I scanned with it a few days ago and now it does not even show on the PC. Thanks again and if you say we will close this topic. Have a great holiday. vossy

[Broni]

Merry Christmas :)