Recommended Posts

No logs are to be copied and pasted. All logs are required to be attached, unless otherwise told to do differently.

1 system per support thread, start a new thread for each system you require help with.

Copying logs to a thread makes the thread extremely long and unmanageable. The longer the thread the longer it takes to load.

Attach your logs to a new reply for only 1 system. Start a new support request for the other system and attach the logs for that system to that thread.

Share this post


Link to post
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

  • Download the latest version of JRE 7 Update 5.
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • Click on the download link for your system and save it to your desktop. Users of Windows Vista/7 64-bit can install both the 32-bit and 64-bit JRE without conflicts.
    Windows x86 Offline (jre-7u5-windows-i586.exe)
    Windows x64 (jre-7u5-windows-x64.exe)
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java(TM) 6 Update 31

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O13[b]64bit:[/b] - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
    O33 - MountPoints2\H\Shell\phone\command - "" = H:\autorun.exe
    [2012/06/01 16:22:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{235A44D1-8DB5-4999-B2AD-199439C2E155}
    [2012/06/01 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{176CBB5F-DB4D-4167-B453-854F57B5D019}
    [2012/05/30 16:44:10 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{68341479-96D4-43E4-B865-9B21AB46B471}
    [2012/05/30 16:43:30 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{B6976618-89E3-4E11-988B-FF5D6048EC5C}
    [2012/05/25 05:41:18 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{58AC3A53-681D-4070-806F-F56203ADE3F1}
    [2012/05/24 19:34:30 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{FFC222A3-C1AD-4696-A3BB-56AEDD334938}
    [2012/05/24 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{09F8B6BC-8978-4272-B1F9-498255BE7E54}
    [2012/05/24 18:21:47 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{DD276DE3-3806-4B69-9CE1-58B2E22BE926}
    [2012/05/24 18:21:04 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{F369E32A-77D9-465A-8222-D0B315075967}
    [2012/05/24 18:21:03 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{F811F732-D788-4D63-999A-AC6B1BD5C021}
    [2012/05/09 17:07:08 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{CA294AA7-F0B8-4348-AB3D-228E3E5AD2C6}
    [2012/05/09 17:06:09 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{3E03DFF7-D5E1-4F57-9A50-17338898326B}
    [2012/05/08 17:50:41 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{8343C364-5B5E-4D77-A84C-4831724DD052}
    [2012/05/08 17:50:17 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{24778C68-CEF9-434E-B252-D44BEB394857}
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Thanks. Do you happen to know if there is tech out there that can spy on the monitor itself? I know this is paranoid but I read that there is tech that can do it. I'm just not sure it's my pc...

Share this post


Link to post
Share on other sites

Yes, it is entirely possible to capture the contents of a screen; and the user completely unaware that it is happening.

I need the log OTL created when you ran the fix.

Share this post


Link to post
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.