Solved I need help

Status
Not open for further replies.
B

bruce66

Posts: 64   +0
Anybody any idea how to remove ( 3590F75ABA9E485486C100C1A9D4FF06Z ) this is the file name. I've tried all my anti virus and spyware programs but none recognized it as a virus. This is a ZZZZ .... file
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Hi this is Bruce66 below is the log you asked for

# AdwCleaner v2.108 - Logfile created 01/26/2013 at 16:21:43
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : bruce - BRUCE-PC
# Boot Mode : Normal
# Running from : C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFDTMAWD\adwcleaner.exe
# Option [Search]

***** [Services] *****
Found : WajamUpdater
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\Program Files (x86)\Trymedia
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\bruce\AppData\Local\blekkotb
Folder Found : C:\Users\bruce\AppData\Local\Smartbar
Folder Found : C:\Users\bruce\AppData\Local\Wajam
Folder Found : C:\Users\bruce\AppData\Roaming\Babylon
Folder Found : C:\Users\bruce\AppData\Roaming\Complitly
Folder Found : C:\Users\bruce\AppData\Roaming\Media Finder
Folder Found : C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\Users\bruce\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Paula\AppData\Local\blekkotb
Folder Found : C:\Users\Paula\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Paula\AppData\LocalLow\blekkotb
Folder Found : C:\Users\Paula\AppData\LocalLow\Search Settings
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\SmartbarBackup
Key Found : HKCU\Software\SmartbarLog
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Wajam
Key Found : HKCU\Software\e6dddae638e947
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\Software\SimplyGen
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F1D49A81-DFD1-4580-B7B3-B5990F64C0EC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-2039259307-1424192665-3998744493-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=hp
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10021&barid={1B507E30-ABD4-11E1-8E57-001FC6FD5DAD}
*************************
AdwCleaner[R1].txt - [10843 octets] - [26/01/2013 16:21:43]
########## EOF - C:\AdwCleaner[R1].txt - [10904 octets] ##########
 
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
Now, you missed the other details, especially about doing the 4-Step instructions and post the logs back here for my review. Please do that for me, so I can assist you best.
 
I am sorry to have missed the other steps and now have performed the other tasks you requested :- I'm sorry for the longwinded way as have not yet gotthe hang of upoading files.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.26.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

bruce :: BRUCE-PC [administrator]

Protection: Enabled

26/01/2013 16:43:01

mbam-log-2013-01-26 (16-43-01).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 578846

Time elapsed: 2 hour(s), 9 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 4

HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick Plugin (PUP.215Apps) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe (PUP.215Apps) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe (PUP.215Apps) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe (PUP.215Apps) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Shopping Sidekick Plugin\Uninstall.exe (PUP.215Apps) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\ShOPping sidekick plugin.dll.vir (PUP.215Apps) -> Quarantined and deleted successfully.

(end)

2013/01/26 16:38:06 GMT BRUCE-PC bruce MESSAGE Executing scheduled update: Daily

2013/01/26 16:38:11 GMT BRUCE-PC bruce MESSAGE Starting protection

2013/01/26 16:38:11 GMT BRUCE-PC bruce MESSAGE Protection started successfully

2013/01/26 16:38:12 GMT BRUCE-PC bruce MESSAGE Starting IP protection

2013/01/26 16:38:18 GMT BRUCE-PC bruce MESSAGE IP Protection started successfully

2013/01/26 16:40:13 GMT BRUCE-PC bruce MESSAGE Starting database refresh

2013/01/26 16:40:13 GMT BRUCE-PC bruce MESSAGE Stopping IP protection

2013/01/26 16:40:14 GMT BRUCE-PC bruce MESSAGE IP Protection stopped successfully

2013/01/26 16:40:17 GMT BRUCE-PC bruce MESSAGE Database refreshed successfully

2013/01/26 16:40:17 GMT BRUCE-PC bruce MESSAGE Starting IP protection

2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE IP Protection started successfully

2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE Starting database refresh

2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE Stopping IP protection

2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE IP Protection stopped successfully

2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE Scheduled update executed successfully: database updated from version v2012.12.14.11 to version v2013.01.26.08

2013/01/26 16:40:26 GMT BRUCE-PC bruce MESSAGE Database refreshed successfully

2013/01/26 16:40:26 GMT BRUCE-PC bruce MESSAGE Starting IP protection

2013/01/26 16:40:31 GMT BRUCE-PC bruce MESSAGE IP Protection started successfully

2013/01/26 17:17:34 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 51967, Process: iexplore.exe)

2013/01/26 17:17:34 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 51968, Process: iexplore.exe)

2013/01/26 17:17:34 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 51969, Process: iexplore.exe)

2013/01/26 17:17:43 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52037, Process: iexplore.exe)

2013/01/26 17:17:43 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52038, Process: iexplore.exe)

2013/01/26 17:17:43 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52039, Process: iexplore.exe)

2013/01/26 17:17:43 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52040, Process: iexplore.exe)

2013/01/26 17:18:01 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52101, Process: iexplore.exe)

2013/01/26 17:18:01 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52102, Process: iexplore.exe)

2013/01/26 17:18:01 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52103, Process: iexplore.exe)

2013/01/26 17:18:01 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52104, Process: iexplore.exe)

2013/01/26 17:29:24 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52462, Process: iexplore.exe)

2013/01/26 17:29:24 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52463, Process: iexplore.exe)

2013/01/26 17:29:24 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52464, Process: iexplore.exe)

2013/01/26 17:29:24 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52465, Process: iexplore.exe)

2013/01/26 17:29:46 GMT BRUCE-PC bruce MESSAGE Stopping IP protection

2013/01/26 17:29:47 GMT BRUCE-PC bruce MESSAGE IP Protection stopped successfully

2013/01/26 17:29:47 GMT BRUCE-PC bruce MESSAGE Starting IP protection

2013/01/26 17:29:53 GMT BRUCE-PC bruce MESSAGE IP Protection started successfully

2013/01/26 18:56:43 GMT BRUCE-PC (null) MESSAGE Starting protection

2013/01/26 18:56:43 GMT BRUCE-PC (null) MESSAGE Protection started successfully

2013/01/26 18:56:43 GMT BRUCE-PC (null) MESSAGE Starting IP protection

2013/01/26 18:56:47 GMT BRUCE-PC (null) MESSAGE IP Protection started successfully

 

 

 

DDS.com Log

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 22/08/2011 08:05:52

System Uptime: 26/01/2013 18:55:17 (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Narra6

Processor: AMD Athlon(tm) II X2 215 Processor | CPU 1 | 2700/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 191.822 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.699 GiB free.

E: is CDROM (CDFS)

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP270: 24/01/2013 01:59:33 - Spybot-S&D Spyware removal

RP271: 24/01/2013 21:16:34 - HPSF Restore Point

RP272: 24/01/2013 23:36:16 - IObit Uninstaller restore point

RP273: 25/01/2013 13:47:02 - IObit Uninstaller restore point

RP274: 25/01/2013 13:50:50 - IObit Uninstaller restore point

RP275: 25/01/2013 14:33:24 - IObit Uninstaller restore point

RP276: 25/01/2013 14:44:50 - Spybot-S&D Spyware removal

RP277: 25/01/2013 17:06:20 - IObit Uninstaller restore point

RP278: 25/01/2013 17:10:59 - Installed SpyHunter

RP279: 25/01/2013 17:37:26 - IObit Uninstaller restore point

RP280: 25/01/2013 17:38:01 - Removed SpyHunter

RP281: 25/01/2013 18:13:44 - Windows Update

RP282: 26/01/2013 00:23:02 - Spybot-S&D Spyware removal

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5)

Advanced SystemCare 6

Airport Mania

Airport Tycoon 2

Anti-phishing Domain Advisor

Avira Free Antivirus

Battleship

Big Solitaires 3D 1.4

BufferChm

Build-a-lot

Build-a-lot 2

Build-a-lot 3

Build in Time

Canon G.726 WMP-Decoder

CCleaner

Compatibility Pack for the 2007 Office system

Complitly

Copy

Defraggler

Destinations

DeviceDiscovery

DirectX for Managed Code Update (Summer 2004)

DJ_AIO_06_F2400_SW_Min

DVD Decrypter (Remove Only)

DVD Menu Pack for HP MediaSmart Video

EASEUS Data Recovery Wizard Professional 5.5.1

F2400

GabCab

Ghost Recon

Google Earth

Google Update Helper

GPBaseService2

Hawaiian Explorer - Pearl Harbor

Hewlett-Packard ACLM.NET v1.1.2.0

HP Customer Experience Enhancements

HP Customer Participation Program 13.0

HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6

HP Games

HP Imaging Device Functions 13.0

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP Odometer

HP Print Projects 1.0

HP Product Detection

HP Remote Solution

HP Setup

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Support Assistant

HP Support Information

HP Update

HPDiagnosticAlert

HPPhotoGadget

hpPrintProjects

HPProductAssistant

hpWLPGInstaller

Ironclads High Seas

Java Auto Updater

Java(TM) 6 Update 35

Just Flight British Airports Volume 1- SouthEast v1.01 FS2004

Just Flight British Airports Volume 2- East v1.01 FS2004

Just Flight British Airports Volume 3- SouthWest v1.01 FS2004

Just Flight British Airports Volume 5- West v1.01 FS2004

Just Flight British Airports Volume 6- North 1 v1.01 FS2004

Just Flight Traffic 2004 v1.01

K-Lite Mega Codec Pack 9.4.0

LightScribe System Software

Magic Desktop

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft Flight Simulator 2004 A Century of Flight

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC100_CRT_SP1_x64

Microsoft_VC100_CRT_SP1_x86

Movie Theme Pack for HP MediaSmart Video

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NETGEAR WNDA3200 wireless adapter Setup

Nokia Connectivity Cable Driver

Nokia Music Player

Nokia Ovi Suite

Nokia Ovi Suite Software Updater

Nokia_Multimedia_Common_Components_2_5

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA PhysX

OpenOffice.org 3.2

Ovi Desktop Sync Engine

OviMPlatform

Panzer General 3D

PC Connectivity Solution

PlayReady PC Runtime amd64

Port Royale 2

Power2Go

PowerDirector

PVSonyDll

QuickShare

Realtek High Definition Audio Driver

Recovery Manager

RISK

Roulette Bot Plus

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Ski Resort Mogul

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy 1.3

Status

SUPERAntiSpyware

Toolbox

Tradewinds Legends

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

VideoFileDownload

Visual Studio 2008 x64 Redistributables

Wajam

WebReg

WildTangent Games

WildTangent Games App

WildTangent Games App (HP Games)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Live Sync

Windows Live Upload Tool

Youda Farmer

Youda Farmer 2: Save the Village

Youda Marina

.

==== Event Viewer Messages From Past Week ========

.

25/01/2013 22:52:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

25/01/2013 22:52:22, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

25/01/2013 22:51:53, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

25/01/2013 22:51:53, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

25/01/2013 22:51:25, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The operation completed successfully.

25/01/2013 22:51:25, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.

25/01/2013 22:51:24, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

25/01/2013 22:51:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.

25/01/2013 22:51:19, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

25/01/2013 20:40:31, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading

25/01/2013 20:40:31, Error: Application Popup [1060] - \??\C:\Windows\system32\7DA8.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

25/01/2013 20:24:02, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

25/01/2013 20:24:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

25/01/2013 19:06:34, Error: Application Popup [1060] - \??\C:\Windows\system32\C82E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

25/01/2013 17:58:37, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.758.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

25/01/2013 17:58:14, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

25/01/2013 17:56:47, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

25/01/2013 17:26:05, Error: Application Popup [1060] - \??\C:\Windows\system32\68C5.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

25/01/2013 17:20:36, Error: Application Popup [1060] - \??\C:\Windows\system32\6490.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

25/01/2013 17:10:06, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

25/01/2013 17:10:06, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

25/01/2013 17:10:06, Error: Service Control Manager [7034] - The Easybits Shared Services for Windows service terminated unexpectedly. It has done this 1 time(s).

25/01/2013 13:45:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRKBootTasks

24/01/2013 23:24:09, Error: volmgr [46] - Crash dump initialization failed!

24/01/2013 20:51:02, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user bruce-PC\bruce SID (S-1-5-21-2039259307-1424192665-3998744493-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

24/01/2013 10:37:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

24/01/2013 10:37:11, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

24/01/2013 01:00:36, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

21/01/2013 16:24:10, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

19/01/2013 22:23:47, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

 
 
That's fine!

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.



OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
Can't get JRT to run keeps coming up with - find string(QGREP) utility has stopped working but find atttached the OTL logs you asked for
 

Attachments

  • OTL.Txt
    377.4 KB · Views: 1
  • Extras.Txt
    82.5 KB · Views: 1
OTL Fix

Please run OTL


ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
Below find the 2 logs that you requested. Just to let you know that the virus has filled all but 10Gb of a 300Gb hard drive and the file responsible is now hidden. ESET didnot find anything
 

Attachments

  • OTL moved(latest).txt
    397.4 KB · Views: 1
Please try the OTL fix again. None of the things I had in the fix list actually got fixed.

Make sure to hit "Run FIX" this time, please.
 
OK sorry ran scan with that in the custom scans/fixes only think have done it right this time and so enclose log below

OTL :========== OTL ==========
Unable to set value : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E!
Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E!
Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181102}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.ZZ.....ZZ.ZZ\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01302013_230647
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advanced System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create


Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
COMODO Antivirus
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

I'd like to take this opportunity to thankyou for all your help as I have had this problem for some time and the drive seems to be now running correctly.
 
I'm really sorry to bother you but my wifes laptop has been infected with the UKASH Virus. I thought when I ran Malwares Bytes it found a Trojan Fake and I removed it but upon turning the Laptop back on it booted up fine when I logged on the screen was blank and the following message came up C:\Users\bruce\35204938.exe The specified module could not be found.
 
Is it the same computer we're working with in this thread?

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems
 
No my Wifes PC is different thread. I only mentioned it as I thought we had finished with the other PC. I do apologise if I was confusing you. So I will check on mine first and download the Reader.
 
It would probably help us if you started a new thread for your wife's PC, to avoid confusion of our readers. :)

Topic solved. :)
 
Status
Not open for further replies.

Similar threads

A
Unexpected problem with a new Asus RT-AX58U V2
Replies
2
Views
96
ajay11
A
Jess_123
My num pad + doesn't work ...
Replies
0
Views
261
Jess_123
Jess_123
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
464
eriksnyman1
E

Latest posts

Back