Going to go and complete these steps now.
Did you see anything that caused his account to send spoofed emails?
Printable View
Going to go and complete these steps now.
Did you see anything that caused his account to send spoofed emails?
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ken Henrikson
->Temp folder emptied: 104314 bytes
->Temporary Internet Files folder emptied: 3712452 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 585 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1041300 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Ken Henrikson
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.26.1 log created on 08082011_204715
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5CAD.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5CE7.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5DC3.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5DFD.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5F03.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5F3F.tmp not found!
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\VQUYCJ75\918[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\VQUYCJ75\c[2].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\FPX4SKO9\918[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\FPX4SKO9\partner[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\F5IZ96IG\partner[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\2EBI1UAQ\iepngfix[1].htc moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\2EBI1UAQ\showthread[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
Combofix definitely removed some infection.Quote:
Did you see anything that caused his account to send spoofed emails?
If that was the cause I simply can't tell.
Only time will show.
Any current issues?
The computer seems to be doing fine, for me.
I will let my boys start using their computer again. I will keep his contacts just to fictitous entries and see what happens.
My concern now is my daughter's computer. She doesn't play the wide range of games that my boys do, but sometimes if they want to play a game together, one goes in there and uses hers.
Do you think that I should follow the above steps with hers now, as a blanket prevent all?
Well, like I said before, thank you so much for taking the time to help techno-dinosaurs, like me. I can't imagine the time and effort that you must put into this for nothing but a thank you. I hope you win the lottery or something.
Thanks again,
Ken
You're very welcome https://discussions.virtualdr.com/
It won't hurt.Quote:
Do you think that I should follow the above steps with hers now, as a blanket prevent all?
Just create new topic.