[RickMath]

Ran Fix in OTL

A log never opened. Where can I find it or do I have to run otl again?

[Advertisements]

I have to leave in about 45 minutes. Just tell me what to do when I return later.
still can't find the otl fix log.

Running Malwarebytes now.

Thanks and I will check before I leave.

[RickMath]

I have to leave in about 45 minutes. Just tell me what to do when I return later.
still can't find the otl fix log.

Running Malwarebytes now.

Thanks and I will check before I leave.

[pystryker]

Hi, you can find a copy of the fix log in this location: C:\_OTL\MovedFiles

[RickMath]

OK here are the three logs. Will check back in 30 mins before I leave.

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\newnext.me\nengine.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WinPatrol deleted successfully.
C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
C:\Documents and Settings\Compaq_Owner\.android folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\prepared folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\f folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\e folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\d folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\c folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\b folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\a folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\9 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\8 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\7 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\6 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\5 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\4 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\3 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\2 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\1 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7\0 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache\data7 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cache folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\newnext.me\cache folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\newnext.me folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\genienext folder moved successfully.
C:\Documents and Settings\Compaq_Owner\My Documents\Mobogenie folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Version\OldVersion folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Version\NewVersion folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Version\CacheVersion folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Version folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\driver folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Download\Video folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Download\Picture folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Download\Music folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Download\Apk folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Download folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\device folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\Data folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie\backup folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mobogenie folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== FILES ==========
C:\WINDOWS\IsUninst.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11232013_094033


# AdwCleaner v3.012 - Report created 23/11/2013 at 08:05:19
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Compaq_Owner - REMARK2
# Running from : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\MyPC Backup
File Deleted : C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\MyPC Backup.lnk
File Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rz3wieaw.default\searchplugins\conduit-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rz3wieaw.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");

[ File : C:\Documents and Settings\REM Admin\Application Data\Mozilla\Firefox\Profiles\ef0azl6n.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8230 octets] - [02/10/2013 18:36:11]
AdwCleaner[R1].txt - [2736 octets] - [23/11/2013 08:02:21]
AdwCleaner[R2].txt - [2796 octets] - [23/11/2013 08:03:33]
AdwCleaner[S0].txt - [8190 octets] - [02/10/2013 19:03:59]
AdwCleaner[S1].txt - [2621 octets] - [23/11/2013 08:05:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2681 octets] ##########


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Owner :: REMARK2 [administrator]

11/23/2013 9:53:14 AM
mbam-log-2013-11-23 (09-53-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290224
Time elapsed: 15 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\CT3317209 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\nsc85.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\nsg8B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\nsr97.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\nss88.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\nsu82.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\MDBP0S5G\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\O7DYTUKA\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\CT3317209\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

[pystryker]

Hi, I see the OTL Fix Log, and the MBAM log. However, you didn't post the ESET Online Scanner Log, but instead have posted an AdwCleaner log. Please post the ESET scanner log.

[RickMath]

I did not run the scanner. I will when I return this afternoon,ran out of time.

Thanks

[pystryker]

Ok

[RickMath]

I am running ESET now. 25% done and 11 threats found so far.

Back when it is done. Can't believe that all this snuck on to my computer.

Thanks for helping me!

[pystryker]

Ok, good do not delete the ESET scanner when the scan is complete. Post the log, and we will get rid of the scanner during the cleanup phase.

[RickMath]

Thanks for sticking with me on this. ESET is still running.

[pystryker]

Thanks for sticking with me on this. ESET is still running.

You are very welcome

[RickMath]

Here is the ESET Log. Hope this is right.

I will keep it saved.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5e561ef8480f304d9b6c4b3790b76532
# engine=16003
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-24 03:30:46
# local_time=2013-11-23 10:30:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3590 16777213 100 87 0 203331632 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# scanned=199713
# found=13
# cleaned=0
# scan_time=14748
sh=14DEA57796EAFA5C674E3AB28227CE1CC971EBCC ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen application" ac=I fn="C:\AdwCleaner\Backup\C\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rz3wieaw.default\prefs_02_10_2013_20_04_20.js"
sh=84FE61ACEE90134C6BFBD3CECF1FB07BC22C997C ft=1 fh=dc261decc3a37fad vn="a variant of Win32/DealPly.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\digitalsite\UpdateProc\UpdateTask.exe.vir"
sh=D10AD7816BB7DBE693ED7B08CBE0371337D71304 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rz3wieaw.default\user.js.vir"
sh=7D12C3299CDA832AD3E51D0DF7B91FCFFFEB8359 ft=1 fh=91474dddfa2f5ace vn="a variant of Win32/Toolbar.SearchSuite application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\DnsBHO.dll.vir"
sh=91AA932FA5F130B5F54207B9C6D10043BA06FC2C ft=1 fh=c9134e0d9e923bf5 vn="a variant of Win32/Toolbar.SearchSuite application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll.vir"
sh=BFDC3839ACE19D582651CBDBCA401D85ACB87CEE ft=1 fh=c71c0011ea55d4ef vn="a variant of Win32/Toolbar.Visicom.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe.vir"
sh=E02E52D8D6D4809A43A0747AD2D43EA571EFAF81 ft=1 fh=28dc55d634c41655 vn="a variant of Win32/Toolbar.Visicom.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll.vir"
sh=AEE777C33B56057601631AB4644C0978BCA2A1C8 ft=1 fh=42e798c3bb668ec2 vn="a variant of Win32/Toolbar.Visicom.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\searchresultstb.dll.vir"
sh=FA347C4681DA742D22070EAC016CB2F69903E0A9 ft=0 fh=0000000000000000 vn="Win32/Agent.SDG.Gen trojan" ac=I fn="C:\Documents and Settings\All Users\Application Data\SMR322\DiskCheck.bin"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ application" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe"
sh=C23C05A19CA54671C2D5C64E11237B95093BB32B ft=1 fh=3dfe06a80c5cbf16 vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\Memtest\FreeEasyCDDVDBurnerSetup-r100-w.exe"
sh=DF6CA5A78F2A55AC562C3D6B614AD96F5E2DB9B6 ft=1 fh=6f1c659b29064956 vn="a variant of Win32/AdInstaller application" ac=I fn="D:\I386\APPS\APP25742\src\CompaqPresario_Spring06.exe"
sh=1F0C7A834BC3BBA49A793D14CDC968144EAAB5C6 ft=1 fh=5d88b9eb43c017aa vn="a variant of Win32/AdInstaller application" ac=I fn="D:\I386\APPS\APP25742\src\HPPavillion_Spring06.exe"

[pystryker]

Here is the ESET Log. Hope this is right.

Yes indeed, it's right, and it looks really good. Let's show the remnants the door.


Step 1: OTL Fix


Please disable your antivirus for the duration of this fix. Don't forget to re-enable them after you complete the instructions.

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:Files
C:\Documents and Settings\All Users\Application Data\SMR322\DiskCheck.bin
C:\Documents and Settings\Compaq_Owner\Application Data\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
C:\Memtest\FreeEasyCDDVDBurnerSetup-r100-w.exe
D:\I386\APPS\APP25742\src\CompaqPresario_Spring06.exe
D:\I386\APPS\APP25742\src\HPPavillion_Spring06.exe

:Commands
[reboot]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. Please post that log in your next reply. If the log doesn't open, you can find a copy of it here: C:\_OTL\MovedFiles

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Things I need to see in your next post:

OTL Fix Log

How is the computer running? Any further issues remaining?

[RickMath]

Here is the OTL fix log.

I do not understand the moves. Have I lost anything?

Let me know what to do next to prevent some of this.

Thanks

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\SMR322\DiskCheck.bin moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe moved successfully.
C:\Memtest\FreeEasyCDDVDBurnerSetup-r100-w.exe moved successfully.
D:\I386\APPS\APP25742\src\CompaqPresario_Spring06.exe moved successfully.
D:\I386\APPS\APP25742\src\HPPavillion_Spring06.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11242013_084347

[pystryker]

Here is the OTL fix log.

I do not understand the moves. Have I lost anything?

Let me know what to do next to prevent some of this.

Thanks

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\SMR322\DiskCheck.bin moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe moved successfully.
C:\Memtest\FreeEasyCDDVDBurnerSetup-r100-w.exe moved successfully.
D:\I386\APPS\APP25742\src\CompaqPresario_Spring06.exe moved successfully.
D:\I386\APPS\APP25742\src\HPPavillion_Spring06.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11242013_084347

What is happening is when it says something is successfully moved, is that the files in question are being moved for deletion. The ESET log showed the files in question have various infections. The only things being deleted are infected files.


As for prevention, don't worry, I'm working on some things for you during the cleanup phase. I'll be back soon with instructions.