Free Malware Removal Forum

[Gary R]

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 17

Old out of date versions of Java can be exploited.

Personally I do not advise anyone to install Java unless they absolutely need to. Java is not the same as Javascript, which most websites use, and an interpretor for that comes pre-installed in all web-browsers.

Java is a full blown language, which almost no one uses these days, and which is often exploited due to its poor security. I've browsed happily without it for years now, and have only ever come across a couple of sites that need it to view content. I chose not to view their content rather than to install a "worthless" plug-in.

Reboot your computer once Java 6u17 is uninstalled.

Next ...

• Double click OTL.exe to launch the programme.
• Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code: Select all

:OTL
SRV - [2013/10/23 08:48:02 | 000,052,736 | ---- | M] () [Auto | Running] -- C:\Users\Palii\AppData\Roaming\okitspace\protect\PluginProtect.exe -- (srvPlgProtect)
SRV - [2013/10/23 04:06:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe -- (SrvUpdater)
IE:64bit: - HKLM\..\SearchScopes\{66778C30-7ACC-4C16-975D-E0ED68404825}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{66778C30-7ACC-4C16-975D-E0ED68404825}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
O3 - HKU\S-1-5-21-3172863894-2395903967-2637854924-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)

:Files
C:\Users\Palii\AppData\Roaming\okitspace

• Click the Run Fix button.
• OTL will now process the instructions.
• When finished a box will open asking you to open the fix log, click OK.
• The fix log will open.
• Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Please let me know how the computer is running now.

[palii]

Hello Gary R

Is this starting to feel like a life calling? I removed the java you requested....should I remove the other one also? I did get a notice starting that Java has an update waiting, but I did not install it without your knowledge. If Java is no big deal, I have no problem deleteing it .


Here is the Log


========== OTL ==========
Service srvPlgProtect stopped successfully!
Service srvPlgProtect deleted successfully!
C:\Users\Palii\AppData\Roaming\okitspace\protect\PluginProtect.exe moved successfully.
Service SrvUpdater stopped successfully!
Service SrvUpdater deleted successfully!
C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66778C30-7ACC-4C16-975D-E0ED68404825}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66778C30-7ACC-4C16-975D-E0ED68404825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66778C30-7ACC-4C16-975D-E0ED68404825}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66778C30-7ACC-4C16-975D-E0ED68404825}\ not found.
Registry value HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
C:\Users\Palii\AppData\Roaming\okitspace\protect\updateSrv folder moved successfully.
C:\Users\Palii\AppData\Roaming\okitspace\protect\files folder moved successfully.
C:\Users\Palii\AppData\Roaming\okitspace\protect folder moved successfully.
C:\Users\Palii\AppData\Roaming\okitspace folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10262013_011120

[Gary R]

Is this starting to feel like a life calling?

No, I'm kind of used to this kind of thing. Sometimes things just don't resolve as quickly as you'd like.

I removed the java you requested....should I remove the other one also? I did get a notice starting that Java has an update waiting, but I did not install it without your knowledge. If Java is no big deal, I have no problem deleteing it .

I don't see any other versions of Java on your newly formatted machine, if you can see any in the Control Panel > Programs > Uninstall a program list, then please feel free to uninstall them. I also don't see any Registry entries for Java update in your latest OTL log, so I can't see why you would get flagged to update Java.

If you're online when this happens, it could be that the site you're on needs Java to display all its content, in which case it's your choice as to whether you want to install it or not.

Other than that, I think we're pretty much finished now. If you have any questions please feel free to ask them, otherwise let me know, and I'll close this topic.

[palii]

Hello Gary R

I do not see any problems at the moment....and really do not want to see any in the future.

I have told my daughter and grand-daughter to not open email attachments, go to questionable sights, show them how to do a restore point and keep the anti-virus up to date. Currently, I just have windows defender running and was wondering if you had a better recommendation .... and if it is against your policy to recommend a product I understand.


Again, I want to thank you very much for you working with me and being patient with an old guy during this process. Your team does great work (as do you) and can not thank you enough for the hard work and guidance you gave me thru this process. Like I said, wish I had the time to take your course and be able to help others, but could not devote that much time that is needed to become one of your skilled helpers.

Be safe and again.....Thank you

Palii

[Gary R]

You're welcome, glad we were able to help.

I don't generally make recommendations on what defensive programs to install, as what suits me may not suit others, however if pushed, I would say the following ....

1. Make sure she has an Anti-Virus installed ... I use Microsoft Security Essentials, and for me it does a good enough job.
2. Make sure she has an Anti-Malware type program installed ... I use Malwarebytes Anti-Malware, however I have the paid version installed because it has Real Time Protection, the free version does not. If you want a free program with RTP you might consider Super Anti-Spyware, personally I don't think it's as good as MBAM, but that does not mean it's not a good program.
3. Ensure her Windows Firewall is turned on. If she's behind a router (which most people are these days) then personally I don't think a 3rd party firewall is necessary.

The important thing to understand with security, is that it has to be kept up to date, so her AV and AM programs need to be set to update automatically, as does her Windows Updates.

The other thing for her to remember, is that it's her actions that will determine how safe she is, much more than what programs she has installed. The programs I've mentioned will offer good protection, but they are not a license for her to browse without care. No program allows you to do that. The price of security is eternal suspicion. That's not to say she should be paranoid about her online safety, just that she should be cautious.

Her experience with this infection though, will probably have made that point better than any words of mine could.


Anyway, best of luck, and keep safe.

Gary

As your problems now appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.