Peter Edward Posted May 18, 2013 Report Share Posted May 18, 2013 Attached are the logs as requested in the introductory instructions. I await your help please. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 18, 2013 Author Report Share Posted May 18, 2013 Sorry. Only one report got attached. Hopefully the other two are now. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 18, 2013 Report Share Posted May 18, 2013 I would encourage you to replace PC Tools Firewall Plus, as Symantec has ended support for all PC Tools security products effect today: http://www.pctools.com/en/product-eol/index/faq/security/ Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME Upgrading Java: Download the latest version of JRE 7 Update 21. Click the "Download JRE" button to the right. Accept the license agreement. Click on the download link for your system and save it to your desktop. Windows x86 Offline (jre-7u21-windows-i586.exe) Close any programs you may have running - especially your web browser. Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.") Using Add or Remove Programs in the Control Panel; uninstall the following: Java 7 Update 7 Java 7 Update 17The installed version of Adobe Reader on this computer is out-dated. Install the latest version of Adobe Reader available from Adobe.Download AdwCleaner and save it on your desktop. Close all open programs and internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer. Download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. Run OTL.exeCopy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) Let me know of any problems you may have encountered with the above instructions and also let my know how things are running. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 19, 2013 Author Report Share Posted May 19, 2013 Many thanks. All done. I have the logs requested on desktop but can't attach them. What is the correct procedure please? Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 19, 2013 Report Share Posted May 19, 2013 You click the "More Reply Options" button and then attach the logs from that screen Link to comment Share on other sites More sharing options...
Peter Edward Posted May 20, 2013 Author Report Share Posted May 20, 2013 Here are the logs. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 20, 2013 Author Report Share Posted May 20, 2013 The remaining two. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 20, 2013 Author Report Share Posted May 20, 2013 At last?! Link to comment Share on other sites More sharing options...
Peter Edward Posted May 20, 2013 Author Report Share Posted May 20, 2013 I am having a problem here. Apologies! Link to comment Share on other sites More sharing options...
Peter Edward Posted May 20, 2013 Author Report Share Posted May 20, 2013 All processes killed ========== OTL ========== Service RealNetworks Downloader Resolver Service stopped successfully! Service RealNetworks Downloader Resolver Service deleted successfully! File C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe File not found not found. Service AppMgmt stopped successfully! Service AppMgmt deleted successfully! File %SystemRoot%\System32\appmgmts.dll File not found not found. Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Service SABKUTIL stopped successfully! Service SABKUTIL deleted successfully! File C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service i2omgmt stopped successfully! Service i2omgmt deleted successfully! File File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\Combofix\catchme.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found. File C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\_run.bat not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ deleted successfully. Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5} C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. C:\WINDOWS\system32\-1 moved successfully. ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C31F31E6 deleted successfully. ========== FILES ========== C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\DomaIQ.exe moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\setup__120.exe moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\temp folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\software folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\Quickshare folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\MySearchDial folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\MyBackupPc folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\exe folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\css\images folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\css folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041 folder moved successfully. C:\Documents and Settings\Jane\Local Settings\temp\DIQM folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 179861667 bytes ->Temporary Internet Files folder emptied: 274673 bytes ->FireFox cache emptied: 53633953 bytes ->Opera cache emptied: 3848536 bytes ->Flash cache emptied: 2062 bytes User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 57616 bytes User: Jane ->Temp folder emptied: 17001565 bytes ->Temporary Internet Files folder emptied: 29665025 bytes ->FireFox cache emptied: 7487863 bytes ->Google Chrome cache emptied: 16849580 bytes ->Opera cache emptied: 55027399 bytes ->Flash cache emptied: 64820 bytes User: Jen User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 47693 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 353220728 bytes Total Files Cleaned = 684.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: All Users.WINDOWS User: Default User ->Flash cache emptied: 0 bytes User: Default User.WINDOWS ->Flash cache emptied: 0 bytes User: Jane ->Flash cache emptied: 0 bytes User: Jen User: LocalService User: LocalService.NT AUTHORITY User: NetworkService User: NetworkService.NT AUTHORITY User: UpdatusUser Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator User: All Users User: All Users.WINDOWS User: Default User User: Default User.WINDOWS User: Jane User: Jen User: LocalService User: LocalService.NT AUTHORITY User: NetworkService User: NetworkService.NT AUTHORITY User: UpdatusUser Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05192013_200322 Files\Folders moved on Reboot... C:\Documents and Settings\Jane\Local Settings\Temp\MPC51.tmp moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Link to comment Share on other sites More sharing options...
Peter Edward Posted May 20, 2013 Author Report Share Posted May 20, 2013 That was the only way I could get the report to you. Hope OK. PC now appears to be running normally. As regards any problems in carrying out your instructions, Java took three attempts before it would install. Look forward to hearing further from you Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 20, 2013 Report Share Posted May 20, 2013 Do not copy & paste logs to a thread. The log OTL log you pasted is completely unusable. Run a fresh scan with OTL, attach the new OTL log to your reply. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 20, 2013 Author Report Share Posted May 20, 2013 Apologies for the earlier mistake. Log of re-run herewith. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 21, 2013 Report Share Posted May 21, 2013 OK, run a fresh scan with OTL, attach the new OTL log to your reply. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 21, 2013 Author Report Share Posted May 21, 2013 Herewith. Await hearing from you. Many thanks. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 21, 2013 Report Share Posted May 21, 2013 I ask for a fresh scan, not for you to run the fix again. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 21, 2013 Author Report Share Posted May 21, 2013 Sorry! Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 22, 2013 Report Share Posted May 22, 2013 Run OTL.exe Copy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) Let me know of any problems you may have encountered with the above instructions and also let my know how things are running. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 22, 2013 Author Report Share Posted May 22, 2013 No problems implementing the instructions and PC is running normally. Await your repl. Many thanks. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 22, 2013 Report Share Posted May 22, 2013 Let's double check. Run a freshscan can with OTL, attach the new OTL log to your reply. Link to comment Share on other sites More sharing options...
Peter Edward Posted May 23, 2013 Author Report Share Posted May 23, 2013 Await hearing . Many thanks. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 23, 2013 Report Share Posted May 23, 2013 Unless you are having problems, it is time to do the final steps. Now to remove most of the tools that we have used in fixing your machine: Clean up with OTL: Double-click OTL.exe to start the program. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CLEANUP button Say Yes to the prompt and then allow the program to reboot your computer. Delete the following from your Desktop: (If they exist) AdwCleaner.exe JRT.exe JRT.txt Anything else I had you use Delete the following folders: (If they exist) C:\AdwCleaner[s1] Empty the Recycle Bin Download to your Desktop: - CCleaner Portable UnZip CCleaner Portable to a folder on your Desktop named CCleanerRun CCleanerOpen the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit) The following should be selected by default, if not, please select: Click and choose Uncheck Then go back to and click to run it. Exit CCleaner. Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore. You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. Articles to read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety 10 Sources of Malware Infections That should take care of everything. Safe Surfing! Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted May 26, 2013 Report Share Posted May 26, 2013 Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread. Link to comment Share on other sites More sharing options...
Recommended Posts