Boot problems

[torreattack]

Hi savanna :

Most unwanted files is being removed, however, there are some leftover, let fix again with OTL.

1. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop

• Double click on OTL.exe to run it.
• Copy the following text... do not include the quote box title "Quote'
  

  :processes
  killallprocesses
  
  :OTL
  DRV - (a2kusuat) -- File not found
  [2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
  [2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548
  
  :Files
  C:\Documents and Settings\All Users\Application Data\~19914548r
  C:\Documents and Settings\All Users\Application Data\~19914548
  C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\17\
  C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\26\
  C:\Documents and Settings\Bob\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\
  ipconfig /flushdns /c
  
  :Commands
  [EmptyTemp]
  [CreateRestorePoint]

• Click under the Custom Scan/Fixes box and paste the copied text.
• Click the Run Fix button. If prompted... click OK.
• When the scan completes, Notepad will open with the scan results.
• Please post the contents of report in your next reply.

note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.

C:\Junk\KeyLogger\S50G37P14T1081880F7345A92.zip

2. Just want to know whether you alert the present of keylogger in this file, does it belong to you?

O4 - HKLM..\Run: [rfagent] C:\Junk Non-Backup\Registry First Aid Move\RFA\rfagent.exe (KsL Software)

3. Registry Cleaners
I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.

This post by Bill Castner is very informative: WhatTheTech Forum

Java(TM) 6 Update 30

4. If this still present in add-remove programs, please uninstall it.

5. Your Java is out of date.
According to your log, your java version is Java 7 Update 9. It is outdated, please update it.

It can be updated by the Java control panel

• click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
• An update should begin.
• Just follow the prompts.

Thanks,
torreattack

[savanna]

The OTL log is below

The keylogger is something I used to use to check on my kids. They're passed that age now. I've removed it.

Registry First Aid is no longer in "Add/Remove Programs". I haven't used it in many years.

Java has been updated.

Thank you very much for your help.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All processes killed
========== PROCESSES ==========
========== OTL ==========
Error: No service named a2kusuat was found to stop!
Service\Driver key a2kusuat not found.
File File not found not found.
C:\Documents and Settings\All Users\Application Data\~19914548r moved successfully.
C:\Documents and Settings\All Users\Application Data\~19914548 moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\~19914548r not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~19914548 not found.
C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bob\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bob\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.INSPIRON
->Temp folder emptied: 33051 bytes
->Temporary Internet Files folder emptied: 33175 bytes
->FireFox cache emptied: 18838342 bytes
->Flash cache emptied: 668 bytes

User: All Users

User: Bob
->Temp folder emptied: 156121114 bytes
->Temporary Internet Files folder emptied: 42342766 bytes
->Java cache emptied: 44434017 bytes
->FireFox cache emptied: 807226245 bytes
->Google Chrome cache emptied: 10139949 bytes
->Flash cache emptied: 5470081 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4778762 bytes
->Java cache emptied: 505 bytes
->Flash cache emptied: 102944 bytes

User: World Cup

User: XPS8500
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: zxcasdqwe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 85365 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 446143 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4848258 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26858410 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 952650 bytes
RecycleBin emptied: 93438 bytes

Total Files Cleaned = 1,071.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02162013_161443

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[torreattack]

hi savanna:

Any other issue before I post the ALL CLEAN?

torreattack

[savanna]

No, no other issues. Thank you so much for all your help.

[torreattack]

Hi savanna :


This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Time for some housekeeping

1. You said you had tried combofix, please use the following method to remove it.

• Click on Start >> Run...
• Now type in ComboFix /Uninstall into the box and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
  

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Next

2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop

• Double click on OTL.exe to run it.
• Copy the following text... do not include the quote box title "Quote'
  

  
  :OTL
  O4 - HKLM..\Run: [rfagent] C:\Junk Non-Backup\Registry First Aid Move\RFA\rfagent.exe (KsL Software)
  
  :Files
  C:\Junk\KeyLogger\S50G37P14T1081880F7345A92.zip
  
  :Commands
  [EmptyTemp]
  [ClearAllRestorePoints]

• Click under the Custom Scan/Fixes box and paste the copied text.
• Click the Run Fix button. If prompted... click OK.
• Let the program run unhindered and reboot. You will get a fix log when it is done, just close the log.

3. Clean up with OTL

• Double click OTL.exe to run it.
• This tool will remove all the tools we used to clean your pc.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CleanUp! button
• Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.


Re-enable Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Update your programs regularly
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing!


Thanks,
torreattack

[savanna]

All clean-up has been performed. Thank you very much for all your help. It is sincerely appreciated!