Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Viruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Viruses

Unread postby wannabeageek » September 24th, 2012, 8:55 am

Hello Ghorganza,

Please run the following fix:

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Files
    C:\Program Files (x86)\GamersFirst\APB_Reloaded_Installer.exe
    C:\Program Files (x86)\GamersFirst\Sword_2_04192012_G1.exe
    C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0\background.html
    C:\Users\Tommy\Downloads\abiword_35.exe
    C:\Users\Tommy\Downloads\iphonebackupextractor-latest.exe
    C:\Users\Tommy\Downloads\Sword_2_20110301_FilePlanet (1).exe
    C:\Users\Tommy\Downloads\Sword_2_20110301_FilePlanet.exe
    C:\Users\Tommy\Downloads\TuneUpUtilities2012_en-US-123.exe
    C:\Users\Tommy\Downloads\vlcmediaplayer-setup.exe
    
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Step 2.
SystemLook

We need to run SystemLook for more of the StartNow entries.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *StartNow*
    *Start Now*
    
    :folderfind
    *StartNow*
    *Start Now*
    
    :Regfind
    StartNow
    Start Now

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of OTL.txt
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wannabeageek
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Re: Viruses

Unread postby Ghorganza » September 24th, 2012, 10:26 pm

OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files (x86)\GamersFirst\APB_Reloaded_Installer.exe moved successfully.
C:\Program Files (x86)\GamersFirst\Sword_2_04192012_G1.exe moved successfully.
C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0\background.html moved successfully.
C:\Users\Tommy\Downloads\abiword_35.exe moved successfully.
C:\Users\Tommy\Downloads\iphonebackupextractor-latest.exe moved successfully.
C:\Users\Tommy\Downloads\Sword_2_20110301_FilePlanet (1).exe moved successfully.
C:\Users\Tommy\Downloads\Sword_2_20110301_FilePlanet.exe moved successfully.
C:\Users\Tommy\Downloads\TuneUpUtilities2012_en-US-123.exe moved successfully.
C:\Users\Tommy\Downloads\vlcmediaplayer-setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tommy
->Temp folder emptied: 84994 bytes
->Temporary Internet Files folder emptied: 787281 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67609392 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 1768 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5116 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 720391327 bytes

Total Files Cleaned = 754.00 mb


OTL by OldTimer - Version 3.2.61.4 log created on 09242012_214950

Files\Folders moved on Reboot...
C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 21:54 on 24/09/2012 by Tommy
Administrator - Elevation successful

========== filefind ==========

Searching for "*StartNow*"
C:\_OTL\MovedFiles\09202012_195937\C_Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\0tuyp3dl.default\searchplugins\startnow.xml --a---- 2356 bytes [01:47 10/09/2012] [01:47 10/09/2012] 0246E90F91143692B05923EDC32215D0
C:\_OTL\MovedFiles\09202012_195937\C_Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X339NMPC\updater-startnow-200-2.5-d[1].exe --a---- 1321856 bytes [01:41 23/08/2012] [01:41 23/08/2012] 6AA527060058F221AB9207D270616047

Searching for "*Start Now*"
No files found.

========== folderfind ==========

Searching for "*StartNow*"
C:\_OTL\MovedFiles\09162012_213514\C_Users\Tommy\AppData\Local\StartNow d------ [01:43 10/09/2012]

Searching for "*Start Now*"
No folders found.

========== Regfind ==========

Searching for "StartNow"
No data found.

Searching for "Start Now"
No data found.

-= EOF =-
Ghorganza
Active Member
 
Posts: 11
Joined: September 10th, 2012, 4:13 am

Re: Viruses

Unread postby wannabeageek » September 25th, 2012, 9:56 am

Hello Ghorganza ,

Do you still have a StartNow entry in your Startup?

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Viruses

Unread postby Ghorganza » September 25th, 2012, 8:02 pm

Yes I still do
Ghorganza
Active Member
 
Posts: 11
Joined: September 10th, 2012, 4:13 am

Re: Viruses

Unread postby wannabeageek » September 27th, 2012, 3:58 pm

Greetings Ghorganza,

I am sorry to report that Google Chrome has no effective reset capability where you can "click" a button and reset it to a factory like new condition and save all your bookmarks.
The only way to eliminate this StartNow entry is to uninstall and then reinstall Google Chrome.
If you decide to export all the bookmarks, history, toolbars, cookies, etc. prior to uninstalling Chrome, I cannot guarantee that this "StartNow" entry would not be included in the exported data.


Uninstall Programs
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      Google Chrome
    • Select the program and click on Uninstall to uninstall it.
    • When finished... Close the Control Panel window.

At this time you can reinstall Google Chrome. Please use this link:
https://www.google.com/intl/en_uk/chrome/browser/

Please post back with an update on the StartNow entry.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Viruses

Unread postby Ghorganza » September 27th, 2012, 11:00 pm

Thanks it seems everything is fine now! Thanks for all the help appreciate it!
Ghorganza
Active Member
 
Posts: 11
Joined: September 10th, 2012, 4:13 am

Re: Viruses

Unread postby wannabeageek » September 29th, 2012, 9:11 pm

Greetings Ghorganza,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Update Java
If you have not been already prompted to install a new version of Java, please use the link provided below:

Windows Off-line Java download.
Save this file to your desktop.
Right mouse click and run as administrator.
Follow the instructions carefully and UNMARK any "ticks" in blocks asking you to add any software other than Java.


Clean up with OTL

  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Viruses

Unread postby Cypher » October 1st, 2012, 5:17 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware