[geekyandhow]

No but I downloaded it and ran the script.

Do you want me to do an Automatic Scan or the Manual Disinfection Scan?

[Advertisements]

Just a manual scan please - also what problems do you have at the moment ?

[Essexboy]

Just a manual scan please - also what problems do you have at the moment ?

[geekyandhow]

My computer is automatically rebooting now while the Kaspersky Virus Removal Tool is installing itself. Tried it four times and the same result. A box pops up saying "Please try to reboot your computer. Error message is Client Register Error" and then my computer reboots on its own.

I know why this might be happening. 1 hour back, I was on a website (www.fnuz.com) trying to watch a movie online. It asked me to download the XVID codec/HD player,etc. to watch the movie in the browser. The XVID program I downloaded was bundled with some adware like ClickPotato, Shopper something,etc. I tried hard to remove them but they would freeze my PC when I clicked Uninstall in the Add/Remove programs. I finally used Malwarebytes' Anti-Malware's FileASSASSIN to delete the files in the C:\Program Files\Shopper,ClickPotato folders. I also emptied my entire LocalSettings\TEMP folder (not sure if I deleted some important files there). After that, to make sure I was rid of them (which I wasn't or maybe am not yet), I downloaded

1) Super Anti-Spyware 2) Spyware Blaster 3) Spybot S&D 4) Ad-aware 5) ESET Online Scanner and scanned with everything. All of them showed adware/trojans in the System Restore folders and others too (if I am not wrong) and the same goes for MBAM. I am attaching the logs of Ad-aware, ESET and MBAM if that helps.

How do I get the Kaspersky tool working now? Maybe something above screwed it up. I've already uninstalled all the programs except MBAM.

Attached Files

•  esetscan.txt   498bytes   77 downloads
•  adawarescan.txt   33.03KB   79 downloads
•  mbamlog.txt   8.03KB   73 downloads

Edited by geekyandhow, 30 July 2011 - 06:42 PM.

[geekyandhow]

Ignore this post and attachment, See my reply above ^^^

Attached Files

•  mbamlog.txt   8.03KB   82 downloads

Edited by geekyandhow, 30 July 2011 - 06:36 PM.

[Essexboy]

It asked me to download the XVID codec/HD player,etc. to watch the movie in the browser. The XVID program I downloaded was bundled with some adware like ClickPotato, Shopper something,etc. I tried hard to remove them but they would freeze my PC when I clicked Uninstall in the Add/Remove programs.

Never accept a codec download or a flashplayer update from any website except the legitimate site i.e. Adobe otherwise you will get infected

OK lets start again

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is too large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

• Under the Custom Scan box paste this in
  
  
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  CREATERESTOREPOINT
  
  
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

[geekyandhow]

Hi,

Yes, once bit twice shy, I will make sure never to download such codecs in future from rogue sites.

Attaching the OTS log below

Thanks

Attached Files

•  OTS.Txt   130.75KB   92 downloads

Edited by geekyandhow, 31 July 2011 - 06:45 AM.

[Essexboy]

Could you confirm that explorer is now working and your taskbar is back

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [Program Folders] > -> 
YN -> No name found -> 
YY -> No name found -> C:\DOCUMENTS AND SETTINGS\NEVILLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98OQXJ7J.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
YY -> No name found -> C:\DOCUMENTS AND SETTINGS\NEVILLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98OQXJ7J.DEFAULT\EXTENSIONS\{B9615918-D3DE-44A4-AB65-76DF7EA1F1C1}.XPI
YY -> No name found -> C:\DOCUMENTS AND SETTINGS\NEVILLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98OQXJ7J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1757981266-861567501-1606980848-1003\] > -> HKEY_USERS\S-1-5-21-1757981266-861567501-1606980848-1003\Software\Microsoft\Internet Explorer\Extensions\
YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"ButtonText" [HKLM] -> [Reg Error: Key error.]
YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Default Visible" [HKLM] -> [Reg Error: Key error.]
YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Exec" [HKLM] -> [Reg Error: Key error.]
YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"HotIcon" [HKLM] -> [Reg Error: Key error.]
YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Icon" [HKLM] -> [Reg Error: Key error.]
YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"MenuStatusBar" [HKLM] -> [Reg Error: Key error.]
YN -> {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"MenuText" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {F3F4529B-486A-495D-9B36-F1BDE61424DD}\\NameServer -> 59.185.0.50,59.185.0.23   (NVIDIA nForce Networking Controller)
[Files/Folders - Created Within 30 Days]
NY ->  Xvid -> C:\Program Files\Xvid
[Files - No Company Name]
NY ->  xvid.ax -> C:\WINDOWS\System32\xvid.ax
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

[geekyandhow]

Done, I closed the Notepad file which opened immediately after the reboot so can you tell me where is that folder located so I could post its contents?

Also, the taskbar works fine but when I open IE, multiple iexplore.exe processes open up. When I close one of the process in the task manager, IE says that one tab was closed or something, so I guess it's some tab problem, etc.

Also, all the other problems I mentioned in my original post are still there

[Essexboy]

Have you confirmed within the control panel > sounds that all the settings are as should be

The Eset and Adaware are just reporting system restore elements - they are not a problem currently and will be removed when we clean up

With IE go to Control panel > internet options and ensure that you only have one start page

[geekyandhow]

Yes, the sound settings and IE settings are all fine. I remember the volume problem started occurring after I installed some program, I don't remember which one but my main concern is malware and if my PC data has been compromised.

Edited by geekyandhow, 31 July 2011 - 08:19 AM.

[Essexboy]

Could you let me know the exact problems you are currently experiencing

[geekyandhow]

When I play music/videos, the volume is just fine, but there is no volume ding when I scroll the volume bar up and down next to the clock to increase/decrease the volume.

Everything else is OK for now.

[Essexboy]

OK I will need to do some research on that as I do not use that function

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Uninstall ComboFix

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
  

  

• Please follow the prompts to uninstall Combofix.
• This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[geekyandhow]

Run OTL. Under the Custom Scans/Fixes box at the bottom, paste in the following...And then click the Run Fix button This does not work. I guess you meant that I must paste the code in the Paste Fix Here box and then click the Run Fix button, correct? I tried that and it worked.

When I tried to uninstall Combofix using the Run command, it says there is no such file. Maybe, I deleted it manually after we used it 2 days back itself.

Verified Java Version: Congratulations! You have the recommended Java installed (Version 6 Update 26).

I already have Smart Defrag, do I still need the Puran Disc Defragmenter? Is a boot defrag necessary? I read somewhere that it should not be done unless some MFT, pagefiles, etc I think have more than 5 fragments but I only have 1 as shown (excuse me if I am wrong, I am not that technically-literate).

For protection/cleaning, I have AVG Internet Security, Malwarebytes, WinPatrol and CCleaner. Do I need more programs?

Thanks

P.S. WinPatrol is showing me this alert (see Attachment) for some HOSTS file, should I accept the change?

Attached Thumbnails

• 

Edited by geekyandhow, 31 July 2011 - 08:46 AM.

[Essexboy]

Yes accept it - it was OTL reseting the Host file to default

No smart defrag is good

No for the antimalware/AV that is a good layered combination