Vista system in a mess - Help

[namida12]

I know the late night and lack of sleep ritual well.

Thank you for all your kind assistance, as it seems this system is being made well again...

JRT.Text file----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista Home Premium x86

Ran by Dot B on Sat 06/15/2013 at 22:10:03.95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] updater by sweetpacks

Successfully deleted: [service] updater by sweetpacks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3949D2E7-5910-475E-B613-4D87E683CD71}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{45291254-2C7E-4B2C-97B8-150FEEAB1B25}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4D7741C1-34E0-41AF-8CBB-1CEF6471B50B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"

Successfully deleted: [Folder] "C:\Users\Dot B\appdata\locallow\recipehub_2j"

Successfully deleted: [Folder] "C:\Users\Dot B\appdata\locallow\recipehub_2jei"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{07999235-18AC-4E57-ACA2-842FD54E0856}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{30B2A837-1942-472B-9427-43205844C69B}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{350675AE-9386-476F-B39B-3E01590FE008}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{3C531B43-BF8B-4ABD-9778-98CB051213BC}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{41C3E4B3-7775-48FB-A9EA-75A64BB09C35}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{537E2118-219B-4C56-8273-E8CD202AAF31}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{87E77A98-FE25-49DE-B1DC-B5AA2B3428E8}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{89988DC1-D3A2-43D6-AA8F-76AF329F8596}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{BCAFD41D-0A63-4DED-AF0A-FC149FB69B57}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{DC5A3344-C0A6-475A-B8A9-BF758BA16086}

Successfully deleted: [Empty Folder] C:\Users\Dot B\appdata\local\{FB7AC8A2-1E61-4FD8-B913-5C1E518A48AC}

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\siteranker@siteranker.com

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}

Successfully deleted the following from C:\Users\Dot B\AppData\Roaming\mozilla\firefox\profiles\owagrwoz.default\prefs.js

user_pref("extensions.crossrider.bic", "13ed9c9879a5b0adeb9a7dbb17a03b62");

Emptied folder: C:\Users\Dot B\AppData\Roaming\mozilla\firefox\profiles\owagrwoz.default\minidumps [4 files]

~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\policies\google\chrome\extensioninstallforcelist

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/15/2013 at 22:12:59.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[D-FRED-BROWN]

Before we move on- any luck with those last steps?

[namida12]

No coupon pop-up, or misdirects of Google Chrome, this morning... Currently trying to install Java module for Google Chrome now, unfortunately it is taking forever but appears to be working. Can not activate AVG, guess I need to download another free anti-virus and try that...

Next step, believe we have some software to unload, or do you need me to run a few more system checks...

[D-FRED-BROWN]

Can not activate AVG, guess I need to download another free anti-virus and try that...

I would just uninstall your current version and download a new copy, if you plan on keeping AVG . Let me know if you need any help.

See if you can run the ESET scan now:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
    

  [*]Check

  [*]Click the button.

  [*]Accept any security warnings from your browser.

  [*]Check

  [*]Push the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push

  [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Push the button.

  [*]Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[namida12]

Can't get I.E. to do anything with this website... Google and Firefox both have the silly Free Downloader that takes over preventing me from doing any downloads... I can not seem to find a way around the broken free downloader...

JR

[D-FRED-BROWN]

What's the name of your free downloader program? (or is it just "Free Downloader"?)

[namida12]

I. E. finally came on-line and worked - took forever...

Free Downloader is the name the update folder has this file: fdminst.exe

Eset txt

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM37.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM37.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Optimizer Pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application deleted - quarantined

C:\Qoobox\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\PC Health Kit\PCHealthKit.exe.vir a variant of Win32/SpeedingUpMyPC application deleted - quarantined

C:\Qoobox\Quarantine\C\Program Files\PC Health Kit\PCHKSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined

JR

[D-FRED-BROWN]

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  
  :filefind
  fdminst.exe
  

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found at on your Desktop entitled SystemLook.txt

[namida12]

SystemLook 30.07.11 by jpshortstuff

Log created at 20:26 on 16/06/2013 by Dot B

Administrator - Elevation successful

========== filefind ==========

Searching for "fdminst.exe"

C:\Users\Dot B\AppData\Roaming\Free Download Manager\Update\fdminst.exe --a---- 7696614 bytes [14:32 27/04/2013] [14:34 27/04/2013] AB25B73C09793CD792AB981EAC09F7E6

-= EOF =-

[D-FRED-BROWN]

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::

C:\Users\Dot B\AppData\Roaming\Free Download Manager

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[namida12]

Wow, removing the folder is taking a long time.

I need some sleep, as I must fly out of country for a funeral, and lots of paperwork at 6 in the morning. I will let the system run, and post the txt file if it is finished in the morning.

Question: will it be OK for Dot to use the computer when I have a working anti-virus installed? Then when I return July 3rd, to somehow reopen this dialog and complete any other scans necessary, & remove all the installed software?

JR

[D-FRED-BROWN]

Please accept my condolences.

Dot should be fine as long as any online banking/transactions aren't done on the system (you'd risk identify theft right now as we don't know the scope of what remains on the system). Be careful and you should be fine.

[namida12]

In Japan now, finally with internet on Chromebook.  

 

Thank you, we visit cemetery tomorrow, to make certain this are good.  Thank you for kind words...

 

JR

[D-FRED-BROWN]

Take all the time you need. I'll be here whenever you're able to pick this thread up again.

I wish you and yours all the best.

-dfb

[D-FRED-BROWN]

How are things going?

[namida12]

I am still in Japan, hope to return to the states on the 3rd of July.

 

JR

[D-FRED-BROWN]

Sounds good. Keep me posted.

[AdvancedSetup]

Are you still with us?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[AdvancedSetup]

User is back now so I've reopened the topic.  (was out of the Country for a bit)

[D-FRED-BROWN]

Sounds good. Let me know when you're ready and we'll get back on it

[namida12]

OK... I am back and ready

[D-FRED-BROWN]

Welcome back.

Have you had any success with these instructions here: http://forums.malwarebytes.org/index.php?showtopic=127106&page=3#entry692107

[namida12]

Thank you, I am glad to be home - trying to do offshore estate is difficult...

 

I am running script in Combofix now...

 

Dos box is still up, appears to have completed 50 but not 51, how long should I let it attempt to continue this run?  An hour or two?

 

Norton popup just appeared, I closed it down, but now have an icon in the Taskbar area.  

 

JR

[namida12]

Combofix failed to finish.  Guess I should have tried safe mode, and now it seems there are 20 Microsoft updates being installed before i can get into safe mode this morning.  I desiced to let combofix run all night long, was still showing completed 50 after a Norton scan in action popup appeared.  

 

I will attempt to do this in safe mode, and report back afterwards