Appreciate it if my log could be checked

Welcome to Majorgeeks!

Your have several problems remaining. We need to run a few more scans to collect some info to work up some manual fixes.

Let's get an installed programs list from HijackThis!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Download FindQool by LonnyRJones

• Extract the files and place the FindQool folder into root folder of your hard disk. This is usually C:\
• Open the folder and run Qlocate.bat
• attach the contents of the txt.log which will open when the scan is finished.

 

I'm looking at the rest of your logs now. In the meantime you can do the below:


BigFix <--- This is a resource hog. Consider uninstalling unless you really think you will use it. Either way it does not need to run at startup. If you want to keep it you should just stop it from loading at startup and only run if and when you ever need it.
J2SE Runtime Environment 5.0 Update 3 <--- uninstall this old version which is not needed
Java 2 Runtime Environment, SE v1.4.2 <--- uninstall this old version which is not needed

 

Download - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later to run it.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click OK.

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.
C:\WINDOWS\system32\oobe\emachines\Preinstall.cmd
C:\WINDOWS\FNTS~1\javaw.exe
C:\WINDOWS\SYSTEM32\oins.exe
C:\WINDOWS\SYSTEM32\winlog.exe
C:\WINDOWS\SYSTEM32\1024
C:\WINDOWS\system32\AdService.dll
C:\WINDOWS\system32\bxnuptfr.dll
C:\WINDOWS\system32\ciaslo.exe
C:\WINDOWS\system32\enxbvto.exe
C:\WINDOWS\system32\wincut32.dll

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself. However BOOT INTO SAFE MODE during this reboot and do not run anything but what I request. DO NOT open any browsers!

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes. (You may not see these! If not, just continue.)
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\FNTS~1\javaw.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,enxbvto.exe
O4 - HKLM\..\Run: [caeklm] C:\WINDOWS\system32\ciaslo.exe reg_run
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\FNTS~1\javaw.exe" -vt mt
O4 - HKCU\..\Run: [xwlmm] C:\WINDOWS\system32\ciaslo.exe reg_run
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - Winlogon Notify: wincut32 - C:\WINDOWS\SYSTEM32\wincut32.dll

Now exit HJT
Run Windows Explorer and double check to make sure the below files are all deleted (some we already got with killbox):
C:\WINDOWS\system32\oobe\emachines\Preinstall.cmd
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\06JRUDXY\srvzpg[1].exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CLAR4H6B\srvhqb[1].exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CLAR4H6B\srvtgd[1].exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CLAR4H6B\srvtml[1].exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDAFKDE7\srvhgh[1].exe
C:\WINDOWS\FNTS~1\javaw.exe
C:\WINDOWS\SYSTEM32\oins.exe
C:\WINDOWS\SYSTEM32\winlog.exe
C:\WINDOWS\SYSTEM32\1024
C:\WINDOWS\system32\AdService.dll
C:\WINDOWS\system32\bxnuptfr.dll
C:\WINDOWS\system32\ciaslo.exe
C:\WINDOWS\system32\enxbvto.exe
C:\WINDOWS\system32\wincut32.dll

Now reboot into normal mode and after reboot double check the same HJT entries I had you fix above and if any still remain, fix them again a second time.

Now attach a new HJT log and a new log from FindQool

We have to cleanup some left over Symantec stuff you have running too.


Also tell me how things are working!

 

That's good because that was a mistake on my part! I cut an pasted to quickly and I really did not want to delete that folder. Only a file that was in it.

Is everything working okay now!

 

Great!

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf safely!