TechSpot

I need help

Solved
By bruce66
Jan 25, 2013
Topic Status:
Not open for further replies.
  1. Anybody any idea how to remove ( 3590F75ABA9E485486C100C1A9D4FF06Z ) this is the file name. I've tried all my anti virus and spyware programs but none recognized it as a virus. This is a ZZZZ .... file
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Hi this is Bruce66 below is the log you asked for

    # AdwCleaner v2.108 - Logfile created 01/26/2013 at 16:21:43
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : bruce - BRUCE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFDTMAWD\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****
    Found : WajamUpdater
    ***** [Files / Folders] *****
    Folder Found : C:\Program Files (x86)\OApps
    Folder Found : C:\Program Files (x86)\Trymedia
    Folder Found : C:\Program Files (x86)\Wajam
    Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\bruce\AppData\Local\blekkotb
    Folder Found : C:\Users\bruce\AppData\Local\Smartbar
    Folder Found : C:\Users\bruce\AppData\Local\Wajam
    Folder Found : C:\Users\bruce\AppData\Roaming\Babylon
    Folder Found : C:\Users\bruce\AppData\Roaming\Complitly
    Folder Found : C:\Users\bruce\AppData\Roaming\Media Finder
    Folder Found : C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    Folder Found : C:\Users\bruce\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
    Folder Found : C:\Users\Paula\AppData\Local\blekkotb
    Folder Found : C:\Users\Paula\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Paula\AppData\LocalLow\blekkotb
    Folder Found : C:\Users\Paula\AppData\LocalLow\Search Settings
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\Complitly
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\MediaFinder
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKCU\Software\SmartbarBackup
    Key Found : HKCU\Software\SmartbarLog
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\Wajam
    Key Found : HKCU\Software\e6dddae638e947
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
    Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
    Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\Software\SimplyGen
    Key Found : HKLM\Software\Wajam
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F1D49A81-DFD1-4580-B7B3-B5990F64C0EC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
    Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Software
    Key Found : HKU\S-1-5-21-2039259307-1424192665-3998744493-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=ds&q={searchTerms}
    [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=ds&q={searchTerms}
    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=hp
    [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=ds&q={searchTerms}
    [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=e46331da-eac5-41cc-9893-689adfacbe31&searchtype=ds&q={searchTerms}
    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10021&barid={1B507E30-ABD4-11E1-8E57-001FC6FD5DAD}
    *************************
    AdwCleaner[R1].txt - [10843 octets] - [26/01/2013 16:21:43]
    ########## EOF - C:\AdwCleaner[R1].txt - [10904 octets] ##########
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
    Now, you missed the other details, especially about doing the 4-Step instructions and post the logs back here for my review. Please do that for me, so I can assist you best.
  5. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    I am sorry to have missed the other steps and now have performed the other tasks you requested :- I'm sorry for the longwinded way as have not yet gotthe hang of upoading files.

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.01.26.08

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    bruce :: BRUCE-PC [administrator]

    Protection: Enabled

    26/01/2013 16:43:01

    mbam-log-2013-01-26 (16-43-01).txt

    Scan type: Full scan (C:\|D:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 578846

    Time elapsed: 2 hour(s), 9 minute(s), 40 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 4

    HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick Plugin (PUP.215Apps) -> Quarantined and deleted successfully.

    HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

    HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 5

    C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe (PUP.215Apps) -> Quarantined and deleted successfully.

    C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe (PUP.215Apps) -> Quarantined and deleted successfully.

    C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe (PUP.215Apps) -> Quarantined and deleted successfully.

    C:\Program Files (x86)\Shopping Sidekick Plugin\Uninstall.exe (PUP.215Apps) -> Quarantined and deleted successfully.

    C:\Qoobox\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\ShOPping sidekick plugin.dll.vir (PUP.215Apps) -> Quarantined and deleted successfully.

    (end)

    2013/01/26 16:38:06 GMT BRUCE-PC bruce MESSAGE Executing scheduled update: Daily

    2013/01/26 16:38:11 GMT BRUCE-PC bruce MESSAGE Starting protection

    2013/01/26 16:38:11 GMT BRUCE-PC bruce MESSAGE Protection started successfully

    2013/01/26 16:38:12 GMT BRUCE-PC bruce MESSAGE Starting IP protection

    2013/01/26 16:38:18 GMT BRUCE-PC bruce MESSAGE IP Protection started successfully

    2013/01/26 16:40:13 GMT BRUCE-PC bruce MESSAGE Starting database refresh

    2013/01/26 16:40:13 GMT BRUCE-PC bruce MESSAGE Stopping IP protection

    2013/01/26 16:40:14 GMT BRUCE-PC bruce MESSAGE IP Protection stopped successfully

    2013/01/26 16:40:17 GMT BRUCE-PC bruce MESSAGE Database refreshed successfully

    2013/01/26 16:40:17 GMT BRUCE-PC bruce MESSAGE Starting IP protection

    2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE IP Protection started successfully

    2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE Starting database refresh

    2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE Stopping IP protection

    2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE IP Protection stopped successfully

    2013/01/26 16:40:23 GMT BRUCE-PC bruce MESSAGE Scheduled update executed successfully: database updated from version v2012.12.14.11 to version v2013.01.26.08

    2013/01/26 16:40:26 GMT BRUCE-PC bruce MESSAGE Database refreshed successfully

    2013/01/26 16:40:26 GMT BRUCE-PC bruce MESSAGE Starting IP protection

    2013/01/26 16:40:31 GMT BRUCE-PC bruce MESSAGE IP Protection started successfully

    2013/01/26 17:17:34 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 51967, Process: iexplore.exe)

    2013/01/26 17:17:34 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 51968, Process: iexplore.exe)

    2013/01/26 17:17:34 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 51969, Process: iexplore.exe)

    2013/01/26 17:17:43 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52037, Process: iexplore.exe)

    2013/01/26 17:17:43 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52038, Process: iexplore.exe)

    2013/01/26 17:17:43 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52039, Process: iexplore.exe)

    2013/01/26 17:17:43 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52040, Process: iexplore.exe)

    2013/01/26 17:18:01 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52101, Process: iexplore.exe)

    2013/01/26 17:18:01 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52102, Process: iexplore.exe)

    2013/01/26 17:18:01 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52103, Process: iexplore.exe)

    2013/01/26 17:18:01 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52104, Process: iexplore.exe)

    2013/01/26 17:29:24 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52462, Process: iexplore.exe)

    2013/01/26 17:29:24 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52463, Process: iexplore.exe)

    2013/01/26 17:29:24 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52464, Process: iexplore.exe)

    2013/01/26 17:29:24 GMT BRUCE-PC bruce IP-BLOCK 212.124.110.222 (Type: outgoing, Port: 52465, Process: iexplore.exe)

    2013/01/26 17:29:46 GMT BRUCE-PC bruce MESSAGE Stopping IP protection

    2013/01/26 17:29:47 GMT BRUCE-PC bruce MESSAGE IP Protection stopped successfully

    2013/01/26 17:29:47 GMT BRUCE-PC bruce MESSAGE Starting IP protection

    2013/01/26 17:29:53 GMT BRUCE-PC bruce MESSAGE IP Protection started successfully

    2013/01/26 18:56:43 GMT BRUCE-PC (null) MESSAGE Starting protection

    2013/01/26 18:56:43 GMT BRUCE-PC (null) MESSAGE Protection started successfully

    2013/01/26 18:56:43 GMT BRUCE-PC (null) MESSAGE Starting IP protection

    2013/01/26 18:56:47 GMT BRUCE-PC (null) MESSAGE IP Protection started successfully

     

     

     

    DDS.com Log

     

     

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 22/08/2011 08:05:52

    System Uptime: 26/01/2013 18:55:17 (1 hours ago)

    .

    Motherboard: PEGATRON CORPORATION | | Narra6

    Processor: AMD Athlon(tm) II X2 215 Processor | CPU 1 | 2700/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 286 GiB total, 191.822 GiB free.

    D: is FIXED (NTFS) - 12 GiB total, 1.699 GiB free.

    E: is CDROM (CDFS)

    H: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP270: 24/01/2013 01:59:33 - Spybot-S&D Spyware removal

    RP271: 24/01/2013 21:16:34 - HPSF Restore Point

    RP272: 24/01/2013 23:36:16 - IObit Uninstaller restore point

    RP273: 25/01/2013 13:47:02 - IObit Uninstaller restore point

    RP274: 25/01/2013 13:50:50 - IObit Uninstaller restore point

    RP275: 25/01/2013 14:33:24 - IObit Uninstaller restore point

    RP276: 25/01/2013 14:44:50 - Spybot-S&D Spyware removal

    RP277: 25/01/2013 17:06:20 - IObit Uninstaller restore point

    RP278: 25/01/2013 17:10:59 - Installed SpyHunter

    RP279: 25/01/2013 17:37:26 - IObit Uninstaller restore point

    RP280: 25/01/2013 17:38:01 - Removed SpyHunter

    RP281: 25/01/2013 18:13:44 - Windows Update

    RP282: 26/01/2013 00:23:02 - Spybot-S&D Spyware removal

    .

    ==== Installed Programs ======================

    .

    64 Bit HP CIO Components Installer

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader X (10.1.5)

    Advanced SystemCare 6

    Airport Mania

    Airport Tycoon 2

    Anti-phishing Domain Advisor

    Avira Free Antivirus

    Battleship

    Big Solitaires 3D 1.4

    BufferChm

    Build-a-lot

    Build-a-lot 2

    Build-a-lot 3

    Build in Time

    Canon G.726 WMP-Decoder

    CCleaner

    Compatibility Pack for the 2007 Office system

    Complitly

    Copy

    Defraggler

    Destinations

    DeviceDiscovery

    DirectX for Managed Code Update (Summer 2004)

    DJ_AIO_06_F2400_SW_Min

    DVD Decrypter (Remove Only)

    DVD Menu Pack for HP MediaSmart Video

    EASEUS Data Recovery Wizard Professional 5.5.1

    F2400

    GabCab

    Ghost Recon

    Google Earth

    Google Update Helper

    GPBaseService2

    Hawaiian Explorer - Pearl Harbor

    Hewlett-Packard ACLM.NET v1.1.2.0

    HP Customer Experience Enhancements

    HP Customer Participation Program 13.0

    HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6

    HP Games

    HP Imaging Device Functions 13.0

    HP MediaSmart DVD

    HP MediaSmart Music/Photo/Video

    HP MediaSmart SmartMenu

    HP Odometer

    HP Print Projects 1.0

    HP Product Detection

    HP Remote Solution

    HP Setup

    HP Smart Web Printing 4.5

    HP Solution Center 13.0

    HP Support Assistant

    HP Support Information

    HP Update

    HPDiagnosticAlert

    HPPhotoGadget

    hpPrintProjects

    HPProductAssistant

    hpWLPGInstaller

    Ironclads High Seas

    Java Auto Updater

    Java(TM) 6 Update 35

    Just Flight British Airports Volume 1- SouthEast v1.01 FS2004

    Just Flight British Airports Volume 2- East v1.01 FS2004

    Just Flight British Airports Volume 3- SouthWest v1.01 FS2004

    Just Flight British Airports Volume 5- West v1.01 FS2004

    Just Flight British Airports Volume 6- North 1 v1.01 FS2004

    Just Flight Traffic 2004 v1.01

    K-Lite Mega Codec Pack 9.4.0

    LightScribe System Software

    Magic Desktop

    Malwarebytes Anti-Malware version 1.70.0.1100

    MarketResearch

    Microsoft .NET Framework 4 Client Profile

    Microsoft Flight Simulator 2004 A Century of Flight

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Security Client

    Microsoft Security Essentials

    Microsoft Silverlight

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable (x64)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    Microsoft Works

    Microsoft_VC100_CRT_SP1_x64

    Microsoft_VC100_CRT_SP1_x86

    Movie Theme Pack for HP MediaSmart Video

    MSVC80_x64_v2

    MSVC80_x86_v2

    MSVC90_x64

    MSVC90_x86

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    NETGEAR WNDA3200 wireless adapter Setup

    Nokia Connectivity Cable Driver

    Nokia Music Player

    Nokia Ovi Suite

    Nokia Ovi Suite Software Updater

    Nokia_Multimedia_Common_Components_2_5

    NVIDIA Display Control Panel

    NVIDIA Drivers

    NVIDIA PhysX

    OpenOffice.org 3.2

    Ovi Desktop Sync Engine

    OviMPlatform

    Panzer General 3D

    PC Connectivity Solution

    PlayReady PC Runtime amd64

    Port Royale 2

    Power2Go

    PowerDirector

    PVSonyDll

    QuickShare

    Realtek High Definition Audio Driver

    Recovery Manager

    RISK

    Roulette Bot Plus

    Scan

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

    Ski Resort Mogul

    SmartWebPrinting

    SolutionCenter

    Spybot - Search & Destroy 1.3

    Status

    SUPERAntiSpyware

    Toolbox

    Tradewinds Legends

    TrayApp

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update Installer for WildTangent Games App

    VideoFileDownload

    Visual Studio 2008 x64 Redistributables

    Wajam

    WebReg

    WildTangent Games

    WildTangent Games App

    WildTangent Games App (HP Games)

    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

    Windows Live Sync

    Windows Live Upload Tool

    Youda Farmer

    Youda Farmer 2: Save the Village

    Youda Marina

    .

    ==== Event Viewer Messages From Past Week ========

    .

    25/01/2013 22:52:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

    25/01/2013 22:52:22, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    25/01/2013 22:51:53, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    25/01/2013 22:51:53, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

    25/01/2013 22:51:25, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The operation completed successfully.

    25/01/2013 22:51:25, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.

    25/01/2013 22:51:24, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

    25/01/2013 22:51:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.

    25/01/2013 22:51:19, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    25/01/2013 20:40:31, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading

    25/01/2013 20:40:31, Error: Application Popup [1060] - \??\C:\Windows\system32\7DA8.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    25/01/2013 20:24:02, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    25/01/2013 20:24:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

    25/01/2013 19:06:34, Error: Application Popup [1060] - \??\C:\Windows\system32\C82E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    25/01/2013 17:58:37, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.758.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    25/01/2013 17:58:14, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    25/01/2013 17:56:47, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    25/01/2013 17:26:05, Error: Application Popup [1060] - \??\C:\Windows\system32\68C5.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    25/01/2013 17:20:36, Error: Application Popup [1060] - \??\C:\Windows\system32\6490.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    25/01/2013 17:10:06, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

    25/01/2013 17:10:06, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

    25/01/2013 17:10:06, Error: Service Control Manager [7034] - The Easybits Shared Services for Windows service terminated unexpectedly. It has done this 1 time(s).

    25/01/2013 13:45:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRKBootTasks

    24/01/2013 23:24:09, Error: volmgr [46] - Crash dump initialization failed!

    24/01/2013 20:51:02, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user bruce-PC\bruce SID (S-1-5-21-2039259307-1424192665-3998744493-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    24/01/2013 10:37:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

    24/01/2013 10:37:11, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    24/01/2013 01:00:36, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

    21/01/2013 16:24:10, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

    19/01/2013 22:23:47, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    .

    ==== End Of File ===========================

     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's fine!

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Attached Below is the combo fix log

    Attached Files:

  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.



    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  9. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Can't get JRT to run keeps coming up with - find string(QGREP) utility has stopped working but find atttached the OTL logs you asked for

    Attached Files:

  10. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Even after following your instructions still unable to run JRT all the way through
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
  12. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Below find the 2 logs that you requested. Just to let you know that the virus has filled all but 10Gb of a 300Gb hard drive and the file responsible is now hidden. ESET didnot find anything

    Attached Files:

  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please try the OTL fix again. None of the things I had in the fix list actually got fixed.

    Make sure to hit "Run FIX" this time, please.
  14. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    OK sorry ran scan with that in the custom scans/fixes only think have done it right this time and so enclose log below

    OTL :========== OTL ==========
    Unable to set value : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
    Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E!
    Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E!
    Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
    Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Folder C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.ZZ.....ZZ.ZZ\ not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 01302013_230647
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great...now a new OTL log please. :)
  16. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    As requested new OTL results below

    Attached Files:

  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  18. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    COMODO Antivirus
    Avira Desktop
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 35
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Spybot Teatimer.exe is disabled!
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Comodo Firewall cmdagent.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    I'd like to take this opportunity to thankyou for all your help as I have had this problem for some time and the drive seems to be now running correctly.
  19. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    I'm really sorry to bother you but my wifes laptop has been infected with the UKASH Virus. I thought when I ran Malwares Bytes it found a Trojan Fake and I removed it but upon turning the Laptop back on it booted up fine when I logged on the screen was blank and the following message came up C:\Users\bruce\35204938.exe The specified module could not be found.
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Is it the same computer we're working with in this thread?

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems
  21. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    No my Wifes PC is different thread. I only mentioned it as I thought we had finished with the other PC. I do apologise if I was confusing you. So I will check on mine first and download the Reader.
  22. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Have now removed older versions of Java and Adobe and installed up to date versions on my PC
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It would probably help us if you started a new thread for your wife's PC, to avoid confusion of our readers. :)

    Topic solved. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.