Need some help

[shaun2050]

Ok it rebooted and automatically opened note pad, heres the report

All processes killed
========== FILES ==========
C:\Users\Shaun\AppData\Local\ecveys folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Shaun
->Temp folder emptied: 110469118 bytes
->Temporary Internet Files folder emptied: 87079490 bytes
->Java cache emptied: 81037941 bytes
->Google Chrome cache emptied: 6138516 bytes
->Apple Safari cache emptied: 54583490 bytes
->Flash cache emptied: 518465 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 712960 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4196537 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 329.00 mb
 
 
OTM by OldTimer - Version 3.1.12.2 log created on 06172010_230816

Files moved on Reboot...
File C:\Users\Shaun\AppData\Local\Temp\Low\hsperfdata_Shaun\5392 not found!
C:\Users\Shaun\AppData\Local\Temp\Low\~DF1B55.tmp moved successfully.
C:\Users\Shaun\AppData\Local\Temp\Low\~DFA6E4.tmp moved successfully.
C:\Users\Shaun\AppData\Local\Temp\~DF6F83.tmp moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNT03TX0\BuddyList[1].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNT03TX0\im[2].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNT03TX0\login_status[1].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNT03TX0\ToastFull[1].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OMK6IQ7J\bannerCADGYYER.htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OMK6IQ7J\login_status[1].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OMK6IQ7J\xd_receiver[3].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVLBEMN3\bannerCAYJ3GTI.htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVLBEMN3\default[1].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A8N2HY9C\xd_receiver[3].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A8N2HY9C\xd_receiver[4].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\63PRNWD1\InboxLight[1].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\63PRNWD1\info[1].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\63PRNWD1\pngbehavior[1].htc moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\63PRNWD1\ToastMini[1].htm moved successfully.
C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\Windows\temp\mcafee_DIbLc8iLU64K0kP not found!
File C:\Windows\temp\mcmsc_bqQxZcKHVBFJA7D not found!
File C:\Windows\temp\mcmsc_MKCpwXE8n79Jnqn not found!
File C:\Windows\temp\mcmsc_T2v8DhzVUTDV7g5 not found!
File C:\Windows\temp\mcmsc_yoIRmlHgQ484Ges not found!
File C:\Windows\temp\sqlite_Ah0XIS30w6zna8z not found!
File C:\Windows\temp\sqlite_f2JvGUH9plFieiW not found!
File C:\Windows\temp\sqlite_JG9tBcMuzLLE8mI not found!
File C:\Windows\temp\sqlite_TUGLZ5EHUU0AW2n not found!

Registry entries deleted on Reboot...

[Dr Jay]

Please run the F-Secure Online Scanner

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

[shaun2050]

its not working tried twice and around 64% of downloading it brings up an error message - The programme could not download all the necessary files. Make sure you are connected to the internet.
the computer is definatly still connected to the internet

[Dr Jay]

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[shaun2050]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

[Dr Jay]

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[shaun2050]

 Results of screen317's Security Check version 0.99.4 
 Windows Vista Service Pack 1 (UAC is enabled)
 Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Antivirus     
 ESET Online Scanner v3   
 McAfee SecurityCenter     
 WMI entry may not exist for antivirus; attempting automatic update.
 avast! successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
 Java(TM) 6 Update 20 
 Adobe Flash Player 10.0.45.2 
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Alwil Software Avast4 aswUpdSv.exe
 Alwil Software Avast4 ashServ.exe
 Alwil Software Avast4 ashMaiSv.exe
 Alwil Software Avast4 ashWebSv.exe
 McAfee VIRUSS~1 mcshield.exe 
 McAfee VIRUSS~1 mcsysmon.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[Dr Jay]

Please consider updating to Windows Vista Service Pack 2 (SP2).
Windows Vista Service Pack 2 (SP2) contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

=============================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

=============================

See this page for more info about malware and prevention.

[shaun2050]

Updated everything

[Dr Jay]

Good.

[shaun2050]

cheers for your help