Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Europol virus - Hitman Pro kickstart
Message
<blockquote data-quote="debdon" data-source="post: 118104" data-attributes="member: 7715"><p>Good Morning</p><p></p><p>On completion of the run fix process a 04262013_105954.txt file was created and I just copied this to my flash drive. I have not yet attempted to reboot the infected computer again. Output file as follows, looks promising;</p><p></p><p> ========== OTL ==========</p><p>Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\e48c6df33eed4299 deleted successfully.</p><p>C:\WINDOWS\system32\drivers\e48c6df33eed4299.sys moved successfully.</p><p>Registry value HKEY_USERS\Donnie_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo deleted successfully.</p><p>C:\Documents and Settings\Donnie\Local Settings\Application Data\Yahoo\nlqvmaix.dll moved successfully.</p><p>Registry value HKEY_USERS\Donnie_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Donnie\Application Data\skype.dat deleted successfully.</p><p>C:\Documents and Settings\Donnie\Application Data\skype.dat moved successfully.</p><p>C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe moved successfully.</p><p>C:\Documents and Settings\Donnie\7276495.exe moved successfully.</p><p>File C:\Documents and Settings\Donnie\Application Data\skype.dat not found.</p><p>C:\Documents and Settings\Donnie\Application Data\skype.ini moved successfully.</p><p>File C:\WINDOWS\System32\drivers\e48c6df33eed4299.sys not found.</p><p>ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 deleted successfully.</p><p>========== FILES ==========</p><p><span style="color: #A23BEC">< ipconfig /flushdns /c ></span></p><p>Windows IP Configuration</p><p>C:\cmd.bat deleted successfully.</p><p>C:\cmd.txt deleted successfully.</p><p>========== COMMANDS ==========</p><p> </p><p>[EMPTYTEMP]</p><p> </p><p>User: Admin</p><p>->Temp folder emptied: 709851744 bytes</p><p>->Temporary Internet Files folder emptied: 1516835 bytes</p><p>->Flash cache emptied: 300 bytes</p><p> </p><p>User: Administrator</p><p>->Temp folder emptied: 0 bytes</p><p>->Temporary Internet Files folder emptied: 32768 bytes</p><p>->Flash cache emptied: 300 bytes</p><p> </p><p>User: administrator.WATERMANASPEN</p><p>->Temp folder emptied: 5144712 bytes</p><p>->Temporary Internet Files folder emptied: 39567 bytes</p><p>->Java cache emptied: 418 bytes</p><p>->Flash cache emptied: 300 bytes</p><p> </p><p>User: ADMINI~1~WAT</p><p> </p><p>User: All Users</p><p> </p><p>User: chamilton</p><p>->Temp folder emptied: 633643 bytes</p><p>->Temporary Internet Files folder emptied: 94460755 bytes</p><p>->Java cache emptied: 145968 bytes</p><p>->Flash cache emptied: 1493 bytes</p><p> </p><p>User: ddavidson</p><p>->Temp folder emptied: 4759316 bytes</p><p>->Temporary Internet Files folder emptied: 9803195 bytes</p><p>->Java cache emptied: 1752439 bytes</p><p>->Flash cache emptied: 1698878 bytes</p><p> </p><p>User: Default User</p><p>->Temp folder emptied: 0 bytes</p><p>->Temporary Internet Files folder emptied: 32902 bytes</p><p>->Flash cache emptied: 300 bytes</p><p> </p><p>User: dmatheson</p><p>->Temp folder emptied: 208690907 bytes</p><p>->Temporary Internet Files folder emptied: 307588208 bytes</p><p>->Java cache emptied: 91451624 bytes</p><p>->Flash cache emptied: 112911 bytes</p><p> </p><p>User: Donnie</p><p>->Temp folder emptied: 102894755 bytes</p><p>->Temporary Internet Files folder emptied: 468775668 bytes</p><p>->Java cache emptied: 2262979 bytes</p><p>->Flash cache emptied: 30591 bytes</p><p> </p><p>User: kefag</p><p>->Temp folder emptied: 7447 bytes</p><p>->Temporary Internet Files folder emptied: 39751150 bytes</p><p>->Flash cache emptied: 405 bytes</p><p> </p><p>User: LocalService</p><p>->Temp folder emptied: 66016 bytes</p><p>->Temporary Internet Files folder emptied: 49554 bytes</p><p> </p><p>User: NetworkService</p><p>->Temp folder emptied: 2305866 bytes</p><p>->Temporary Internet Files folder emptied: 1590817 bytes</p><p> </p><p>User: sparelaptop</p><p>->Temp folder emptied: 2067932 bytes</p><p>->Temporary Internet Files folder emptied: 831080 bytes</p><p>->Flash cache emptied: 405 bytes</p><p> </p><p>%systemdrive% .tmp files removed: 0 bytes</p><p>%systemroot% .tmp files removed: 0 bytes</p><p>%systemroot%\System32 .tmp files removed: 0 bytes</p><p>%systemroot%\System32\dllcache .tmp files removed: 0 bytes</p><p>%systemroot%\System32\drivers .tmp files removed: 0 bytes</p><p>Windows Temp folder emptied: 92223440 bytes</p><p>%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9736356 bytes</p><p>%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes</p><p> </p><p>Total Files Cleaned = 2,060.00 mb</p><p> </p><p> </p><p>OTLPE by OldTimer - Version 3.1.48.0 log created on 04262013_105954</p></blockquote><p></p>
[QUOTE="debdon, post: 118104, member: 7715"] Good Morning On completion of the run fix process a 04262013_105954.txt file was created and I just copied this to my flash drive. I have not yet attempted to reboot the infected computer again. Output file as follows, looks promising; ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\e48c6df33eed4299 deleted successfully. C:\WINDOWS\system32\drivers\e48c6df33eed4299.sys moved successfully. Registry value HKEY_USERS\Donnie_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo deleted successfully. C:\Documents and Settings\Donnie\Local Settings\Application Data\Yahoo\nlqvmaix.dll moved successfully. Registry value HKEY_USERS\Donnie_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Donnie\Application Data\skype.dat deleted successfully. C:\Documents and Settings\Donnie\Application Data\skype.dat moved successfully. C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe moved successfully. C:\Documents and Settings\Donnie\7276495.exe moved successfully. File C:\Documents and Settings\Donnie\Application Data\skype.dat not found. C:\Documents and Settings\Donnie\Application Data\skype.ini moved successfully. File C:\WINDOWS\System32\drivers\e48c6df33eed4299.sys not found. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 deleted successfully. ========== FILES ========== [color=#A23BEC]< ipconfig /flushdns /c >[/color] Windows IP Configuration C:\cmd.bat deleted successfully. C:\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 709851744 bytes ->Temporary Internet Files folder emptied: 1516835 bytes ->Flash cache emptied: 300 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes ->Flash cache emptied: 300 bytes User: administrator.WATERMANASPEN ->Temp folder emptied: 5144712 bytes ->Temporary Internet Files folder emptied: 39567 bytes ->Java cache emptied: 418 bytes ->Flash cache emptied: 300 bytes User: ADMINI~1~WAT User: All Users User: chamilton ->Temp folder emptied: 633643 bytes ->Temporary Internet Files folder emptied: 94460755 bytes ->Java cache emptied: 145968 bytes ->Flash cache emptied: 1493 bytes User: ddavidson ->Temp folder emptied: 4759316 bytes ->Temporary Internet Files folder emptied: 9803195 bytes ->Java cache emptied: 1752439 bytes ->Flash cache emptied: 1698878 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 300 bytes User: dmatheson ->Temp folder emptied: 208690907 bytes ->Temporary Internet Files folder emptied: 307588208 bytes ->Java cache emptied: 91451624 bytes ->Flash cache emptied: 112911 bytes User: Donnie ->Temp folder emptied: 102894755 bytes ->Temporary Internet Files folder emptied: 468775668 bytes ->Java cache emptied: 2262979 bytes ->Flash cache emptied: 30591 bytes User: kefag ->Temp folder emptied: 7447 bytes ->Temporary Internet Files folder emptied: 39751150 bytes ->Flash cache emptied: 405 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 49554 bytes User: NetworkService ->Temp folder emptied: 2305866 bytes ->Temporary Internet Files folder emptied: 1590817 bytes User: sparelaptop ->Temp folder emptied: 2067932 bytes ->Temporary Internet Files folder emptied: 831080 bytes ->Flash cache emptied: 405 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 92223440 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9736356 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes Total Files Cleaned = 2,060.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 04262013_105954 [/QUOTE]
Insert quotes…
Verification
Post reply
Top