[DaveCPA]

I have posted already at this link: http://www.geekstogo...25#entry2291525
I was directed to the virus removal page and I downloaded and ran OTL. The instructions say to post the OTL text file here.

Attached Files

•  OTL.Txt   14.27KB   88 downloads

[Advertisements]

Download the enclosed file.

Save it next to FRST in the USB drive;

Run FRST as you did before, ecept that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If successful, follow these steps:

Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[JSntgRvr]

Download the enclosed file.

Save it next to FRST in the USB drive;

Run FRST as you did before, ecept that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If successful, follow these steps:

Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[JSntgRvr]

In addition, run TDSSKiller as follows:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
  
• Click the Start Scan button.
  
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[DaveCPA]

Thank you Thank you Thank you!!! The computer came up. Malwarebytes found 7 items this time. Everything seems to be working fine. You are a genius! I followed your instructions and I am attaching the 4 text files. Am I good to go now? I await your reply and I cannot thank you enough! Dave

Attached Files

•  AdwCleanerS1.txt   4.61KB   75 downloads
•  Fixlog.txt   597bytes   70 downloads
•  mbam-log-2013-05-05 (00-58-35).txt   4.79KB   57 downloads
•  TDSSKiller.2.8.16.0_05.05.2013_01.21.53_log.txt   923.83KB   58 downloads

[DaveCPA]

One more thing - I ran Windows Security Essentials and it found and removed three more files. One was a Trojan. I have run Security Essentials again and Malwarebytes twice more, and all has been clean! Thank you so very much!

[JSntgRvr]

You can run TDSSKiller once again and delete the following only:

\Device\Harddisk0\DR0 ( TDSS File System )
\Device\Harddisk0\DR0 ( TDSS File System )

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• OTL should now start. Change the following setting.
  
  • Under File Scans, change File age to 30
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

[DaveCPA]

I did what you instructed and deleted the one file with Kapersky. Then I ran OTL and it did create both files and they are attached. Once again, thank you very much for your help! If you don't mind me making a personal comment... I love the picture that you use with your posts... I am a big fan of Mel Blanc and all of his characters. Someone with his talent comes around only once in a lifetime.

Attached Files

•  Extras.Txt   91.32KB   50 downloads
•  OTL.Txt   83.85KB   61 downloads

[JSntgRvr]

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
  O4 - HKLM..\Run: [PLFSetL] C:\windows\PLFSetL.exe File not found
  
  :files
  C:\Users\Owner\AppData\Local\Sronisigihajil.bin
  C:\Users\Owner\AppData\Local\Rqaseditexeted.dat
  
  :Commands
  [EMPTYTEMP]
  [RESETHOSTS]
  [EMPTYJAVA]
  [REBOOT]
  
  

• Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
• Click the red Run Fix button.
• The computer will restart
• A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

How is the computer doing?

[DaveCPA]

The computer seems to be doing fine. It is actually my son's machine and I was trying to save it because there was a lot of un-backed-up college homework on it. He has been using it, his files are now backed-up, and all seems to be well. I followed your procedures again and I am attaching the file that was created. I cannot thank you enough for your help and your time. I am grateful beyond words.

Attached Files

•  05062013_192031.log   2.11KB   69 downloads

[JSntgRvr]

All seems clear, congratulations:

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Run OTL. Click on the Cleanup button and follow the prompts.

Manually remove any tool left.

Here are some suggestions.

• Always keep your JAVA updated. Older versions will make your computer vulnerable.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!

[DaveCPA]

Once again, thank you very, very much. You and this forum provide an invaluable service to those of us who use computers but will never understand all of the underlying complexity in making them work properly. Thanks again!