[RESOLVED] Broni- I need help again.

[krh1326]

Going to go and complete these steps now.

Did you see anything that caused his account to send spoofed emails?

[krh1326]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ken Henrikson
->Temp folder emptied: 104314 bytes
->Temporary Internet Files folder emptied: 3712452 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 585 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1041300 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Ken Henrikson
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.1 log created on 08082011_204715

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5CAD.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5CE7.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5DC3.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5DFD.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5F03.tmp not found!
File\Folder C:\Documents and Settings\Ken Henrikson\Local Settings\Temp\~DF5F3F.tmp not found!
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\VQUYCJ75\918[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\VQUYCJ75\c[2].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\FPX4SKO9\918[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\FPX4SKO9\partner[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\F5IZ96IG\partner[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\2EBI1UAQ\iepngfix[1].htc moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\Content.IE5\2EBI1UAQ\showthread[1].htm moved successfully.
C:\Documents and Settings\Ken Henrikson\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

[Broni]

Did you see anything that caused his account to send spoofed emails?

Combofix definitely removed some infection.
If that was the cause I simply can't tell.
Only time will show.

Any current issues?

[krh1326]

The computer seems to be doing fine, for me.
I will let my boys start using their computer again. I will keep his contacts just to fictitous entries and see what happens.

My concern now is my daughter's computer. She doesn't play the wide range of games that my boys do, but sometimes if they want to play a game together, one goes in there and uses hers.

Do you think that I should follow the above steps with hers now, as a blanket prevent all?

Well, like I said before, thank you so much for taking the time to help techno-dinosaurs, like me. I can't imagine the time and effort that you must put into this for nothing but a thank you. I hope you win the lottery or something.

Thanks again,
Ken

[Broni]

You're very welcome

Do you think that I should follow the above steps with hers now, as a blanket prevent all?

It won't hurt.
Just create new topic.