Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal


  • This topic is locked This topic is locked
63 replies to this topic

#1 mazdarx5

mazdarx5

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 02:56 AM

My computer is running very slow. Very often the programs become non responsive.  I use Trend Micro and that did pick up a few things but problems are still there.  I sesm to have a lot of files and folders with AI_RecyceBin as part of the name.  I also recently deleted Update4497 folder.  I will attach the logs.

 

Much appreciated.

 

Maz

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 366 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 18 March 2013 - 03:29 AM

Hello mazdarx5 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

 IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan


SignatureBCnoASAP.gif

 


#3 satchfan

satchfan

  • Malware Response Team
  • 366 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 18 March 2013 - 03:57 AM

Hello again

 

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

 

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Download and run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT

 

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

Logs to include in the next post:

AdwCleaner log
JRT.txt
OTL.txt
Extras.txt


Thanks

Satchfan


SignatureBCnoASAP.gif

 


#4 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 09:35 AM

Thank you for your quick reply as I was not expecting to hear back for a few days at least:-)

I have only ran the adwCleaner so far but will continue with the rest now.

I just thought it may be worth mentioning that after the cleaner ran, my computer rebooted to safe mode.

 

I have attached the logs for for the adwCleaner. AdwCleanerR1 is the initial log and AdwCleanerR2 is the one for when it was in safe mode.  (I read later to only scan once so I hope that redoing the scan in safe mode has not interfered with you helping me:-()

 

Thank you

 

Maz

Attached Files



#5 satchfan

satchfan

  • Malware Response Team
  • 366 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 18 March 2013 - 09:42 AM

You've done fine.

 

I'll wait for the other logs but please try running them in normal mode.


SignatureBCnoASAP.gif

 


#6 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 10:15 AM

I need to block my trend micro program again as at the end of the scan it came up with successfully blocked OTL program.  Anyhow, one text file appeared but not the other. Will do right now.

 

Maz

Attached Files

  • Attached File  OTL.Txt   193.62KB   2 downloads


#7 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 10:47 AM

The OTL text files needed to be split as it was too large so I have attached the first 2 and the next 2 will be in next message.

Attached Files



#8 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 10:56 AM

Have to break it up even more sorry so will be 5 files (hopefully not more)

Attached Files



#9 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 11:03 AM

More to come

 

Attached Files



#10 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 11:13 AM

I am not sure what to do as this is number 6 and i just tried to attach another txt file which consisted of 5 lines and it said it was too big:-(

Attached Files



#11 satchfan

satchfan

  • Malware Response Team
  • 366 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 18 March 2013 - 11:25 AM

I don't know what all these separate OTL logs are but I have all the logs I asked for except the Junkware Removal log. It appears that you have already run it from the desktop so JRT.txt should be on your desktop also.


SignatureBCnoASAP.gif

 


#12 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 01:36 PM

I am not sure what hapenned there but when I tried to attach the OTL text file as one file it said it was too large so i split it up try to send it as a smaller file.  Now I have 2 desktop.ini files and a ~Smininster... word doc there also:-(

 

I ust tried to attach the JTR text file and it has come up with being too large to upload also:-(

 

Thank you for your patience.

 

Maz



#13 satchfan

satchfan

  • Malware Response Team
  • 366 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 18 March 2013 - 03:04 PM

Please do not try to attach any logs; just copy and paste the JRT log in your reply.


SignatureBCnoASAP.gif

 


#14 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 08:37 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by Marian on Mon 18/03/2013 at 22:37:21.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\torch
Successfully deleted: [Registry Key] hkey_local_machine\software\torch
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}



~~~ Files

Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\optimizerpro"
Successfully deleted: [Folder] "C:\ProgramData\speedmaxpc"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Marian\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Marian\AppData\Roaming\speedmaxpc"
Successfully deleted: [Folder] "C:\Users\Marian\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Users\Marian\appdata\local\torch"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Marian\AppData\Roaming\mozilla\firefox\profiles\vllu5zuq.default-1350525700086\prefs.js

user_pref("extensions.crossrider.bic", "13b1efd8f23b4ff91142c99e996c05df");
Emptied folder: C:\Users\Marian\AppData\Roaming\mozilla\firefox\profiles\vllu5zuq.default-1350525700086\minidumps [64 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 18/03/2013 at 22:44:29.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#15 mazdarx5

mazdarx5
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 March 2013 - 08:39 PM

Sorry, I did not follow the intructions. I thought I was to attach the files but I re0-read and it does say to post in next message.  If you need me to post any others please let me know.

 

Marian






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users