XP home security 2012 virus

I need help, my parents computer has the rouge anti-virus program "xp home security 2012 virus" and needs help to get rid of it and fix the system asap.

Hi.Welcome to the forum





Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : http://www.bleepingcomputer.com/forums/topic114351.html

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper

I downloaded both programs onto a flash drive and put them on the infected computer but a pop up window says they are infected with "trojan-BNK.win32.keylogger.gen" and won't run. Need more help

Run them in safe mode.That should fix it.

Which safe mode should I run
Safe mode
Safe mode with networking
Or
Safe mode with command prompt?

Safe mode with networking

I was able to run combofix in safe mode and then ran Malwarebytes' Anti-Malware in regular mode heres both logs, also i can't seem to connect to the internet now.

ComboFix 12-01-18.04 - Owner 01/18/2012 23:04:05.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.383 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\alot
c:\documents and settings\Owner\Local Settings\Application Data\qkm.exe
c:\documents and settings\Owner\Local Settings\Application Data\wtcryfg.exe
c:\documents and settings\Owner\My Documents\~WRL1438.tmp
c:\documents and settings\Owner\WINDOWS
c:\program files\cmman
c:\program files\cmman\hf.txt
c:\program files\cmman\sf.txt
c:\program files\Common Files\fqzu
c:\program files\Common Files\fqzu\fqzua.lck
c:\program files\Common Files\fqzu\fqzud\class-barrel
c:\program files\Common Files\fqzu\fqzuh
c:\program files\Common Files\fqzu\fqzul.lck
c:\program files\Common Files\fqzu\fqzum.lck
c:\program files\Common Files\fqzu\fqzup.lck
c:\program files\UNWISE.EXE
c:\windows\$NtUninstallKB59261$\1088464797\@
c:\windows\$NtUninstallKB59261$\1088464797\bckfg.tmp
c:\windows\$NtUninstallKB59261$\1088464797\cfg.ini
c:\windows\$NtUninstallKB59261$\1088464797\Desktop.ini
c:\windows\$NtUninstallKB59261$\1088464797\keywords
c:\windows\$NtUninstallKB59261$\1088464797\kwrd.dll
c:\windows\$NtUninstallKB59261$\1088464797\L\akygdmgo
c:\windows\$NtUninstallKB59261$\1088464797\lsflt7.ver
c:\windows\$NtUninstallKB59261$\1088464797\U\00000001.@
c:\windows\$NtUninstallKB59261$\1088464797\U\00000002.@
c:\windows\$NtUninstallKB59261$\1088464797\U\00000004.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000000.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000004.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000032.@
c:\windows\$NtUninstallKB59261$\2815913818
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~YDKJ4.tmp
c:\windows\desktop
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\OOL80811.ocx
c:\windows\system32\~GLH0003.TMP
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\23811.exe
c:\windows\system32\24464.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\28703.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6rcoa4j3.dat
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\inf
c:\windows\system32\inf\hpqps2kb.inf
c:\windows\system32\keep in touch with HP.htm
c:\windows\system32\OLD29A.tmp
c:\windows\system32\ps2.bat
c:\windows\system32\service
c:\windows\system32\service\09092011_TIS17_SfFniAU.log
c:\windows\system32\SET2099.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\setb0.tmp
c:\windows\system32\setb1.tmp
c:\windows\$NtUninstallKB59261$ . . . . Failed to delete
.
c:\windows\system32\drivers\afd.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 20:37 . 2011-12-01 20:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2001-08-18 12:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56 50688 -csh--w- c:\windows\twain_32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"S3apphk"="S3apphk.exe" [2002-03-16 28672]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-04 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
"DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2001-12-13 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [2002-4-20 69632]
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2002-4-20 16384]
HP OfficeJet Series 500 Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [2011-2-7 1175552]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2002-3-13 40960]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^POWERR~1.EXE]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\POWERR~1.EXE
backup=c:\windows\pss\POWERR~1.EXEStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
2001-12-13 04:59 98304 ----a-w- c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
2001-12-13 04:52 155648 ----a-w- c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10/24/2010 10:38 AM 20328]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [7/18/2009 7:08 PM 50256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/18/2009 5:53 PM 36432]
S0 dptrlq;dptrlq;c:\windows\system32\drivers\ldnmlqnd.sys --> c:\windows\system32\drivers\ldnmlqnd.sys [?]
S0 uagy;uagy;c:\windows\system32\drivers\flswa.sys --> c:\windows\system32\drivers\flswa.sys [?]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [7/18/2009 7:09 PM 677128]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [3/20/2002 9:35 PM 144860]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2012-01-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 19:15]
.
2012-01-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
2012-01-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
uDefault_Search_URL = hxxp://srch-us5.hpwis.com/
mSearch Bar = hxxp://srch-us5.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\clnzcqfx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14196&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=888A3808-DC5B-4DB4-984D-1D15E3EDF102&apn_ptnrs=FM&apn_sauid=3FD97C11-DA26-42B5-8709-6E11F8FE469B&apn_dtid=TES002YYUS&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-ThreadingModel - (no file)
AddRemove-Works2002Setup - c:\program files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 23:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2346936418-2607014498-1974565712-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(356)
c:\windows\system32\WININET.dll
c:\docume~1\Owner\LOCALS~1\Temp\IadHide3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\S3apphk.exe
c:\progra~1\WILDTA~1\DDC\DDCMAN~1\DDCMan.exe
c:\program files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-18 23:59:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 07:59
.
Pre-Run: 34,645,467,136 bytes free
Post-Run: 36,415,332,352 bytes free
.
- - End Of File - - C42D30B26CD69C28D2B690DF68843572

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: FAMILY [administrator]

1/19/2012 12:31:00 AM
mbam-log-2012-01-19 (00-31-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353451
Time elapsed: 2 hour(s), 50 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

You will need to replace this file as it is contaminated c:\windows\system32\drivers\afd.sys Do you have a Windows disc.

Im not sure if they still have the windows disc still but I'll try looking for it.

I can't find the cd but we have the 8 disc system recovery CDs that came with the desktop. Would they work?

I doubt if it will find that file so you will have to remove it first so that the recovery CD can replace. Failing that you could download it from someones computer and then replace it.

Where should I download it from, or do you mean copy the file from another computer and transfer it onto the infected computer?

Yes.Copy it from another computer.Remove the old file and replace it.

Ok I won't be able to get to a working computer till tomorrow so I may not reply till after tuesday. Is there any other file that I need to replace besides c:\windows\system32\drivers\afd.sys

Just that one file to replace.

I have successfully replaced the file from a working computer to the infected one and i'm now able to connect to the internet again as well.

Ok.All done. All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


You can now uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================