Soooo many problems!!!!

dragonlady · Apr 5, 2015

I am still having problems despite doing all the steps up to no 5. I have run all the scans, but I was unable to save the rogue-killer report as my laptop decided I did not have enough memory! AVG informed me that it couldn't find my licence number and to re install when I discovered the problems. I kept getting a message saying that windows installer could not be found. I then went to your site and asked for my password and discovered that Outlook was not working, in fact all Ms Office apps are not working. Anyway here are the logs I managed to save. I also could not choose to change file type to .txt for Malwarebytes. when trying to upload Hitman pro - your site said it exceeded the size allowed.

Kestrel13! · Apr 5, 2015

Can you zip (compress) the Hitman log please or divide it up into seperate text files and attach here. Thanks.

dragonlady · Apr 5, 2015

Thank you. here's the attachment

Kestrel13! · Apr 5, 2015

Re run Hitman Pro, have it remove all it finds, then scan again and attach a hopefully clean log.

Also do this:

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

dragonlady · Apr 6, 2015

Hi

I still can save the .txt file for the junk remover, so I have attached the Hitman pro and the junk remover logs now and will attach MGtools later.

dragonlady · Apr 6, 2015

here is the last log from MGtools.

I can't tell you how much I appreciate all the work you are doing for me, I was ready to chuck the laptop out of the window!

Kestrel13! · Apr 6, 2015

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - (no file)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O3 - Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)

After clicking Fix exit HJT.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.
Code:
:Files
C:\Windows\system32\tasks\{01D67261-EBDD-4246-B3DB-422003DF96C3}
C:\Windows\system32\tasks\{0775AB6F-059A-4A84-A3B3-53671E853960}
C:\Windows\system32\tasks\{07ED4AE8-A14B-4BFE-9825-DAD5F8D96856}
C:\Windows\system32\tasks\{0E589926-DC2F-4177-87FE-09C6B1697BC8}
C:\Windows\system32\tasks\{20AEB823-1722-4822-B66E-43649C8ADA87}
C:\Windows\system32\tasks\{24A6B3CF-21DB-4F59-A6B1-4B4B54361366}
C:\Windows\system32\tasks\{2920E5FD-6CB7-4A78-ACD0-6B0643A6D7AB}
C:\Windows\system32\tasks\{2D740A45-631A-48FB-B266-A53E2A07D5DC}
C:\Windows\system32\tasks\{31EFF196-A98A-48B7-A97B-818A1FCCCB2E}
C:\Windows\system32\tasks\{397F65B9-8697-4EA0-BB16-F01FF22516D3}
C:\Windows\system32\tasks\{41952378-8AE4-4CED-9BB4-A7702F3CC809}
C:\Windows\system32\tasks\{48F6109B-30B3-429E-9368-24632E1AFCF5}
C:\Windows\system32\tasks\{494DD51E-E1DD-4BF2-B597-B33E699BE470}
C:\Windows\system32\tasks\{49897002-4D93-45AE-80AE-96A44CD0F52E}
C:\Windows\system32\tasks\{5F459160-AC23-4771-B5D0-EDC6123798F0}
C:\Windows\system32\tasks\{7851E545-28EC-4F51-9CD1-DDC7ECF87C56}
C:\Windows\system32\tasks\{7B9DAB79-362E-431C-9BAA-3DA75E906207}
C:\Windows\system32\tasks\{809262AF-1343-4C6B-8457-A8E6BD6472EA}
C:\Windows\system32\tasks\{80EB3B0C-BA48-4663-BBDB-06E3A6492835}
C:\Windows\system32\tasks\{8A77E620-ACA4-4D2F-9868-D254396CFCD3}
C:\Windows\system32\tasks\{8F0A9020-D53F-4C26-8156-4B271AA05A23}
C:\Windows\system32\tasks\{9FCD7747-8CCD-4472-AD73-E9AFED2A4463}
C:\Windows\system32\tasks\{A001F529-66BC-4327-8BA9-C962E4775DB3}
C:\Windows\system32\tasks\{AAB0B087-DA17-4A0D-8E0E-BBB779677AD6}
C:\Windows\system32\tasks\{B00A5B11-FD6B-4D85-A759-D3188E63D615}
C:\Windows\system32\tasks\{B90A8699-456D-4A36-9896-AF116BF71151}
C:\Windows\system32\tasks\{C259C7D9-DB32-4664-A892-1E515E5F28AC}
C:\Windows\system32\tasks\{C882C858-97DF-48DC-A79E-646313140169}
C:\Windows\system32\tasks\{CF65A44C-494D-469B-A2F7-2B78CD78A0D8}
C:\Windows\system32\tasks\{D459AE83-8A5F-4942-AFBB-C6053417FC6E}
C:\Windows\system32\tasks\{D4DAAE9E-46A8-4689-BED3-924BA32CF28A}
C:\Windows\system32\tasks\{DE02C93C-D593-4FA6-8540-62A1CDC08878}
C:\Windows\system32\tasks\{EB6DEC91-7887-4863-97C6-FE3D09904018}
C:\Windows\system32\tasks\{ECC220E3-2DEA-41B7-A017-1386BF918A0B}
C:\Windows\system32\tasks\{FE6C9267-12DA-4A8D-A2D0-6E229DF16CD9}
C:\Windows\system32\tasks\{FEEFA632-84B1-49B5-AEF6-A13235BFE1B0}
C:\Windows\system32\tasks\{FFF2BEC4-FE61-45A2-B273-0A8CC1D58804}

:Commands
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.

OTM may ask to reboot the machine. Please do so if asked.

Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!

dragonlady · Apr 6, 2015

I have tried several times to download and launch OTM, but I get this error message when trying to launch it :- Exception EOleSysError in module OTM.exe at 005E775. Class not registered. Sorry!

dr.moriarty · Apr 6, 2015

Are you right-clicking the file and choosing "run as Admin"?

dragonlady · Apr 6, 2015

yes, I am. This is so annoying - I might have to eat chocolate!!

Kestrel13! · Apr 6, 2015

Oh don't get me started... I'd love some chocolate right now :-D

OK back to business, try manually deleteing what I wanted OTM to delete and let me know how you get on.

dragonlady · Apr 6, 2015

Phew that was a task! All deleted. and here s the log from MGlogs.

But I can't get any MS Office programs to open, the error message I get is :- "Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed". I can't reload my AV software without it. I had to uninstall as much as I could because it wouldn't disable.

Kestrel13! · Apr 6, 2015

You can post about that in the software forum.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.

Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.

Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.

If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

dragonlady · Apr 7, 2015

Hi Kestrel

Thank you so much for your tireless help.
Thank you seems inadequate for all the guidance you have given me.
Best regards :wave

Kestrel13! · Apr 8, 2015

You are *most* welcome. Safe surfing!

Log in or Sign up

Soooo many problems!!!!

dragonlady Private E-2

Attached Files:

TDSSKiller.3.0.0.44_05.04.2015_12.27.42_log.txt

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

dragonlady Private E-2

Attached Files:

HitmanPro_20150405_1251.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

dragonlady Private E-2

Attached Files:

JRT.txt

HitmanPro_20150406_0942.log

dragonlady Private E-2

Attached Files:

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

dragonlady Private E-2

dr.moriarty Malware Super Sleuth Staff Member

dragonlady Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

dragonlady Private E-2

Attached Files:

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

dragonlady Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member