Solved Internet running super slow pop ups possible ZeroAccess

All processes killed
========== OTL ==========
Error: No service named SymIMMP was found to stop!
Service\Driver key SymIMMP not found.
File system32\DRIVERS\SymIM.sys not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named MRESP50 was found to stop!
Service\Driver key MRESP50 not found.
File C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS not found.
Error: No service named MRENDIS5 was found to stop!
Service\Driver key MRENDIS5 not found.
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Error: No service named MREMPR5 was found to stop!
Service\Driver key MREMPR5 not found.
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Error: No service named MREMP50 was found to stop!
Service\Driver key MREMP50 not found.
File C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\ComboFix\catchme.sys not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rvassociates.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rvassociates.com\mail\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:BD9F7E4E .
Unable to delete ADS C:\Windows\System32\`„:pctlsp.log .
Unable to delete ADS C:\ProgramData\TEMP:2BC498A4 .
Unable to delete ADS C:\ProgramData\TEMP:55F44B88 .
Unable to delete ADS C:\ProgramData\TEMP:D31BE97C .
Unable to delete ADS C:\ProgramData\TEMP:5EF1AD34 .
Unable to delete ADS C:\ProgramData\TEMP:225CD7D5 .
Unable to delete ADS C:\ProgramData\TEMP:97C4F81F .
Unable to delete ADS C:\ProgramData\TEMP:0AC32449 .
Unable to delete ADS C:\ProgramData\TEMP:8944C195 .
Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
Unable to delete ADS C:\ProgramData\TEMP:7B52659E .
Unable to delete ADS C:\ProgramData\TEMP:D48500F8 .
Unable to delete ADS C:\ProgramData\TEMP:85C3B823 .
Unable to delete ADS C:\ProgramData\TEMP:5E9B629B .
Unable to delete ADS C:\ProgramData\TEMP:53DF59D1 .
Unable to delete ADS C:\ProgramData\TEMP:84CFEE62 .
Unable to delete ADS C:\ProgramData\TEMP:090FB735 .
Unable to delete ADS C:\ProgramData\TEMP:569CEE83 .
Unable to delete ADS C:\ProgramData\TEMP:F1DEA771 .
Unable to delete ADS C:\ProgramData\TEMP:98DFF516 .
Unable to delete ADS C:\ProgramData\TEMP:CF61CE5A .
Unable to delete ADS C:\ProgramData\TEMP:9BFB769D .
Unable to delete ADS C:\ProgramData\TEMP:DE47A3DA .
Unable to delete ADS C:\ProgramData\TEMP:7A0EFE63 .
Unable to delete ADS C:\ProgramData\TEMP:42509EA1 .
Unable to delete ADS C:\ProgramData\TEMP:78E0DF72 .
Unable to delete ADS C:\ProgramData\TEMP:60A4BB64 .
Unable to delete ADS C:\ProgramData\TEMP:177313FB .
Unable to delete ADS C:\ProgramData\TEMP:C8E82994 .
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:7E95B6FD .
Unable to delete ADS C:\ProgramData\TEMP:4673E9EA .
Unable to delete ADS C:\ProgramData\TEMP:CB16385F .
Unable to delete ADS C:\ProgramData\TEMP:918B7566 .
Unable to delete ADS C:\ProgramData\TEMP:9ACB70D7 .
Unable to delete ADS C:\ProgramData\TEMP:FB97DB91 .
Unable to delete ADS C:\ProgramData\TEMP:260575F1 .
Unable to delete ADS C:\ProgramData\TEMP:BB71BBA2 .
Unable to delete ADS C:\ProgramData\TEMP:68F4226F .
Unable to delete ADS C:\ProgramData\TEMP:C07A6A6B .
Unable to delete ADS C:\ProgramData\TEMP:43982D5E .
Unable to delete ADS C:\ProgramData\TEMP:3FD496E1 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeff
->Temp folder emptied: 300668 bytes
->Temporary Internet Files folder emptied: 5076099 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 45850534 bytes
->Apple Safari cache emptied: 185812992 bytes
->Flash cache emptied: 2971664 bytes

User: Jordan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9235442 bytes
->Java cache emptied: 10680297 bytes
->Flash cache emptied: 2691 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56516 bytes

User: Nicholas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 73873160 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3432 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1707833 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 18077719 bytes

Total Files Cleaned = 337.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jeff
->Java cache emptied: 0 bytes

User: Jordan
->Java cache emptied: 0 bytes

User: Mcx1

User: Nicholas
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jeff
->Flash cache emptied: 0 bytes

User: Jordan
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Nicholas
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11062013_134553
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
WD is NOT an AV program and it's pretty much useless.
You must reinstall Avast.

redtarget.gif
Update Firefox to the current 25.0 version.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader and install one of two free alternatives:

- Foxit PDF Reader from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

redtarget.gif
1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
OTL will not run properly in standard mode or safe mode. In both cases it freezes immediately and says not responding. I left it for a while and it never changes.
 
I also have some "ghost" files on my desktop that were never there before. Two that are named "desktop.ini" and one that is named "ehthumbs_vista.db"
 
I figured it out. I had an HP desktop program running while trying to run OTL. I shut it down and ran it and it worked fine. The "ghost" files disapeared from the desktop on reboot as well. Thankyou for all your help.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeff
->Temp folder emptied: 93342 bytes
->Temporary Internet Files folder emptied: 119765615 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13584525 bytes
->Google Chrome cache emptied: 6457533 bytes
->Apple Safari cache emptied: 4652032 bytes
->Flash cache emptied: 814 bytes

User: Jordan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nicholas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13846 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 138.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jeff
->Flash cache emptied: 0 bytes

User: Jordan
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Nicholas
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jeff
->Java cache emptied: 0 bytes

User: Jordan
->Java cache emptied: 0 bytes

User: Mcx1

User: Nicholas
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11072013_084008
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
The computer is running like brand new out of the box!!!
Much faster. No hang-ups.
I really appreciate what you do.
Thanks again for all your help.
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
7K
Broni
Broni

Latest posts

Back