Solved PC not working-virus attacking it

[whs1818]

SystemLook 30.07.11 by jpshortstuff
Log created at 10:05 on 05/03/2013 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "vcmlup.dll"
No files found.

========== regfind ==========

Searching for "vcmlup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vcmlup"="rundll32.exe "C:\Documents and Settings\Owner.WADE\Application Data\vcmlup.dll",ADeviceGetReport"

-= EOF =-

 

[Jay Pfoutz]

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "vcmlup"=-
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Any more issues? Let me know.

 

[whs1818]

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vcmlup deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
G:\cmd.bat deleted successfully.
G:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 771543 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13210483 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Owner.WADE
->Temp folder emptied: 21792802 bytes
->Temporary Internet Files folder emptied: 3367073 bytes
->FireFox cache emptied: 63627123 bytes
->Flash cache emptied: 3807725 bytes

User: OWNER~1~WAD

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 346641 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 176837 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 66938716 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 388980 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 167.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03052013_161300

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Jay Pfoutz]

Please download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

• Extract the contents of the .zip file to your desktop.
• Double click the Fix IE Utility button to run the tool.
• Click Run Utility
• Click OK when you see 'Re-registered all files'
• Open Internet Explorer and see how it works.

 

[whs1818]

IE seems to be running fine. So does everything else. I haven't noticed my computer slowing down at all and don't have any error messages.

 

[Jay Pfoutz]

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

• Select Start > All Programs > Accessories > System tools > System Restore.
• On the dialogue box that appears select Create a Restore Point
• Click NEXT
• Enter a name e.g. Clean
• Click CREATE

Remove tools, temp files, old Restore Points

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :files
  ipconfig /flushdns /c
  
  :commands
  [CREATERESTOREPOINT]
  [CLEARALLRESTOREPOINTS]
  [emptyflash]
  [emptytemp]
  [emptyjava]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
• It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[whs1818]

It wouldn't let me paste it for some reason so I attached it.

 

[Jay Pfoutz]

Firefox update

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox > Check for Updates.

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?

 

[whs1818]

I have completed those updates and installed some AV and malware programs that you recommended from that site. Thank you for all of your help with my computer problems. I greatly appreciate it.

 

[Jay Pfoutz]

You're welcome. Topic solved.