Hi. :)
Good.Quote:
The computer seems to be running fine. No signs of viral activity.
Not a problem.Quote:
Tried to paste OTL.txt but it's too large. Please find it attached
Next:
Uninstall the following as they are leftovers from prior Symantec software...
Now please go to Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):
LiveReg
LiveUpdate
To do so click once on each of the above in turn to highlight, then click on Uninstall/Change and follow the prompts.
Note: If any of the above will not uninstall, merely proceed to the below Custom OTL Script, as I have included them as a extra precaution in-case such a event does occur.
Custom OTL Script:
- Right-click OTL.exe and select Run as Administrator to start the program.
- Copy the lines from the code-box to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code::Commands
[CreateRestorePoint]
:Services
awhost32
LiveUpdate
:OTL
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\S-1-5-21-1206012796-1689309657-3446792677-1000\..Trusted Domains: airmilesshops.ca ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1206012796-1689309657-3446792677-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1206012796-1689309657-3446792677-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...Control_32.CAB (Reg Error: Key error.)
:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Java
C:\Program Files (x86)\Symantec
C:\Users\Rick\AppData\Roaming\inst.exe
C:\Windows\SysWOW64\npDeployJava1.dll
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate]
[HKEY_USERS\S-1-5-21-1206012796-1689309657-3446792677-1000\Software\Microsoft\Windows\CurrentVersion\Run\Software\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"=-
:Commands
[EmptyTemp]
- Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
- Then click the red Run Fix button.
- Let the program run unhindered.
- If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Malwarebytes Anti-Malware:
I deem it prudent to check for updates and run another scan to err on the side of caution, taking into account the malware we have been dealing with.
Note: Remember to right click the executable for MBAM and select Run As Administrator.
- Launch the application, Check for Updates >> Perform quick scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Next:
When completed the above, please post back the following in the order asked for:
- OTL Log from the Custom Script.
- Malwarebytes Anti-Malware Log.