Hello. So I have run OTS and it has generated the log below.
By the way I still get warnings of Banker-O infection whenever I launch an application, be it iexplore.exe, twitterdeck.exe, opera.exe, excel.exe, googleupdate.exe, you name it… Help is appreciated. I wish I could reward it too…
Log follows.
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{C41A1C0E-EA6C-11D4-B1B8-444553540003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{C41A1C0E-EA6C-11D4-B1B8-444553540003}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{eee0fd32-08a9-11e0-9c8f-001ec9227237}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{eee0fd32-08a9-11e0-9c8f-001ec9227237}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{eee0fd32-08a9-11e0-9c8f-001ec9227237}\shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{eee0fd32-08a9-11e0-9c8f-001ec9227237}\shell\AutoRun\command not found.
[Registry - Additional Scans - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.mjpg deleted successfully.
[Files - No Company Name]
DllUnregisterServer procedure not found in C:\Users\Joao\proce.dll
C:\Users\Joao\proce.dll moved successfully.
C:\Windows\DesinstWRecnet.EXE moved successfully.
C:\Windows\DesinstRecnet.exe moved successfully.
C:\Windows\DesinstWRecnet.ini moved successfully.
[Empty Temp Folders]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Joao
->Temp folder emptied: 321393246 bytes
->Temporary Internet Files folder emptied: 113080434 bytes
->Java cache emptied: 10784726 bytes
->Opera cache emptied: 28073661 bytes
->Flash cache emptied: 57430 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21655361 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 472,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Joao
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 06182011_192404
Files\Folders moved on Reboot…
C:\Users\Joao\AppData\Local\Temp~DFD02F.tmp moved successfully.
File move failed. C:\Windows\temp_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT02b01.TMP not found!
Registry entries deleted on Reboot…