Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Gen PC Tools unable to remove [Closed]


  • This topic is locked This topic is locked

#16
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
    O4 - Startup: C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8  
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 62687
    [2010/04/25 10:12:27 | 000,010,672 | -HS- | C] () -- C:\Users\Helene\AppData\Local\k5t7S525hPx8
    [2010/04/25 10:12:27 | 000,010,672 | -HS- | C] () -- C:\ProgramData\k5t7S525hPx8
     [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     [2012/11/17 09:43:30 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
     [2012/11/17 09:43:30 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

Advertisements


#17
ilostmymarbles

ilostmymarbles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
HI Gringo,

I ran the fix as requested. It did not ask me to restart the machine. My computer seems to be running, though the internet is a bit slow and on some website where i think there is supposed to be an animated advert i'm getting a blank space with a grey circle with a white exclamaition mark in it. Though youtube is working fine.

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dellsupportcenter deleted successfully.
C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 62687 removed from network.proxy.http_port
C:\Users\Helene\AppData\Local\k5t7S525hPx8 moved successfully.
C:\ProgramData\k5t7S525hPx8 moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Helene\Desktop\cmd.bat deleted successfully.
C:\Users\Helene\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Helene
->Java cache emptied: 50599 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Helene
->Flash cache emptied: 947 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11282012_122749

Thanks for your help!
  • 0

#18
ilostmymarbles

ilostmymarbles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Also PC Tools has just kicked up a warning 'Spyware.known_bad_sites'. I didnt run any scan as far as I know it just popped up. The only windows I had open at the time was this one, youtube and a legitamate online newspaper.

Yours

helene
  • 0

#19
ilostmymarbles

ilostmymarbles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Further update with additional problems unfortunatly. When i'm on a website and switch to another wesbite on a different tab the picture of the old website freezes on the screen and the whole thing has to be shut down. Also the weird 'doublee-click.net' diversion on the tab is still happening. Google tool bar has stopped working properly (have to click more then once to make it do anything) and now on youtube i'm getting 'this video is not availible' on everything i try to watch..

Sorry to be the bearer of bad news :-(
  • 0

#20
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
IN which browser does this happen in?


Gringo
  • 0

#21
ilostmymarbles

ilostmymarbles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Its in internet explorer. On the plus side, the freezing thing resolved itself after a re-start.
  • 0

#22
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#24
ilostmymarbles

ilostmymarbles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
HI Gringo,

Really sorry! Must have missed the email about your last post. I've tried to follow the instructions you set but when I get to the 'Tools' - 'Internet Options' - 'Advanced' - 'reset' bit I encountered a problem.

Everytime I try I get an error message that says 'Before you can reset internet explorer settings, first you must close all other open windows and programmes'.

This is even though I've already closed everything that is open. So not sure what it thinks is still open.

Sorry to be so much trouble.

Thanks

Helene
  • 0

#25
ilostmymarbles

ilostmymarbles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
One other thing. I was expecting the google toolbar to disappear with the reset, but having jsut restarted the computer i'm also now missing the bar that had the 'settings' and 'tools' etc buttons on it!
  • 0

Advertisements


#26
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello



I want you to uninstall IE and reinstall it - you can see how to do this here - http://windows.micro...rnet-explorer-9


Gringo
  • 0

#27
ilostmymarbles

ilostmymarbles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi gringo,

Sorry for the late reply, we've been having intermittant internet problems due to the unexpected snow. I've uninstalled Internet explorere 9 but it failed to reinstall and has put a warning up with 'internet exlporer did not finish installing' with a link to a troubleshoot page.

Yours

helene
  • 0

#28
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#29
ilostmymarbles

ilostmymarbles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi gringo,

Unfortunately this combo fix seems to have caused the same problems as the last one. I can't get onto the Internet and the trouble shooter is bringing up the same 'missing network protocols' message as last time.

When I ran the combo fix it kept telling my spy doctor was still activated even though I had followed all the instructions on the link you sent on how to disable it.

Also I'm getting 'rundll' boxes with the following warnings in them:

'there was a problem starting c:\users\helene\appdata\roaming\robcsg.dll. The specified module could not be found'

And another one the same but with 'roaming\apacr.dll instead.

Should I do another system restore?
  • 0

#30
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
yes do system restore again and let me know


gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP