Malwarebytes Log

waddler_8

That all looks ok.

Uninstall these:

Mozilla Firefox 15.0 (x86 en-US)
VLC media player 1.0.1
WxDownload Expansion
wxDownload Fast 0.6.0

Then,

Download OTM by Old Timer from the link below and save it to your Desktop.

LINK

The script below will stop explorer & your desktop will temporarily disappear (it will return on reboot) Your recycle bin will be emptied & all temp files will be deleted.

• Right click OTM.exe and choose Run as Administrator to run it.
• Agree to any UAC prompt
• Copy the following code inside the codebox below. Do not include the word Code:

  :commands
  [CREATERESTOREPOINT]
  
  :reg
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=""
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B01D45B-A3EF-3CAA-9C80-462508E68725}]
  
  :files
  C:\ProgramData\wxDownload
  c:\progra~2\wxdown~1
  
  :commands
  [CREATERESTOREPOINT]
  [EmptyTemp]
  

• Return to OTM, right click in the Paste instructions for Items to be Moved window (under the yellow bar) and choose Paste.
• Push the large MoveIt! button.
• Click OK to the prompt
• OTM may ask to reboot the machine. Please Allow it to do so if asked.
• The report should appear in Notepad after the reboot. Copy/paste the contents of that report back here in your next reply.

Let me know if things are running ok or if there's any problems.

gb12345

waddler_8 wrote: »

That all looks ok.

Uninstall these:

Mozilla Firefox 15.0 (x86 en-US)
VLC media player 1.0.1
WxDownload Expansion
wxDownload Fast 0.6.0

Don't want to question your experience, but I'm interested in your reasons for uninstalling Firefox and VLC.

I can see the version of Firefox the OP has installed is well out of date - but why uninstall rather than update?

waddler_8

There's been numerous security advisories for both for the versions installed.

http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.videolan.org/security/

It's as easy to uninstall when they are so far out of date. The OP can reinstall the latest versions if they wish, but for the browser at least, it seems obvious from the running processes that Chrome is their browser of choice.

kws

waddler_8 wrote: »

There's been numerous security advisories for both for the versions installed.

http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.videolan.org/security/

It's as easy to uninstall when they are so far out of date. The OP can reinstall the latest versions if they wish, but for the browser at least, it seems obvious from the running processes that Chrome is their browser of choice.

You are right - we rarely use Firefox (or IE for that matter), which is why it hasn't been updated - think we only downloaded it because a site wasn't working in Chrome and we hate the speed of IE.

I am a bit worried about VLC though - we like it as we had trouble with Windows Media Player - is it safe if I remove and then install the latest version? Or is it a risky application?

I will also install and run the latest check you posted in your earlier message and post the results later on.

waddler_8

You can reinstall VLC - version 2.0.5

http://www.videolan.org/vlc/download-windows.html

It's not a risky application, but keep it updated. You had version 1.0.1 which is subject to numerous security advisories.

kws

OTM log is below.

Thanks

All processes killed
========== COMMANDS ==========
Restore point Set: OTM Restore Point
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B01D45B-A3EF-3CAA-9C80-462508E68725}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B01D45B-A3EF-3CAA-9C80-462508E68725}\ not found.
========== FILES ==========
C:\ProgramData\wxDownload\data folder moved successfully.
C:\ProgramData\wxDownload folder moved successfully.
c:\progra~2\WxDownload folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mary

User: XXX
->Temp folder emptied: 241772532 bytes
->Temporary Internet Files folder emptied: 95210107 bytes
->Java cache emptied: 4859123 bytes
->FireFox cache emptied: 62551362 bytes
->Google Chrome cache emptied: 142162535 bytes
->Flash cache emptied: 1797 bytes

User: Public

User: Temp
->Temp folder emptied: 1352955 bytes
->Temporary Internet Files folder emptied: 1235225 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 135046816 bytes

User: Temp.Laptop

User: Temp2
->Temp folder emptied: 461573 bytes
->Temporary Internet Files folder emptied: 359771 bytes
->Google Chrome cache emptied: 31351611 bytes
->Flash cache emptied: 521 bytes

User: WORK
->Temp folder emptied: 3866218 bytes
->Temporary Internet Files folder emptied: 10209828 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10474663 bytes
->Google Chrome cache emptied: 364910715 bytes
->Flash cache emptied: 1736 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133384857 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95208 bytes
RecycleBin emptied: 626008 bytes

Total Files Cleaned = 1,183.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 03292013_164912

Files moved on Reboot...
C:\Users\XXX\AppData\Local\Temp\_av4_\aswCmnB.dll moved successfully.
C:\Users\XXX\AppData\Local\Temp\_av4_\aswCmnOS.dll moved successfully.
C:\Users\XXX\AppData\Local\Temp\_av4_\aswCmnS.dll moved successfully.
C:\Users\XXX\AppData\Local\Temp\_av4_\aswEngin.dll moved successfully.
C:\Users\XXX\AppData\Local\Temp\_av4_\aswScan.dll moved successfully.
C:\Users\XXX\AppData\Local\Temp\_av4_\msvcp71.dll moved successfully.
C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3100.log moved successfully.
File move failed. C:\Windows\temp\GacelaLSPService.log scheduled to be moved on reboot.
C:\Windows\temp\WERDDA3.tmp.hdmp moved successfully.

Registry entries deleted on Reboot...

waddler_8

How's the computer running now - any problems?

kws

waddler_8 wrote: »

How's the computer running now - any problems?

Sorry I didn't get back to you before, but I was away for Easter.

I am still having problems with shutting down and restarting it. It still just sits there showing the Windows "Logging off" screen - left it over night and this morning it was still on with the screen showing.

waddler_8

I think I might know why.

Go here and read through the instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• IMPORTANT! Ensure you temporarily turn off McAfee before downloading & running.
  Instructions here
• Save combofix to your desktop.
• Double click combofix.exe & follow the prompts closely.
• Combofix may reboot the PC several times.
• When it's finished, it will automatically produce a log. Post the contents of that log.
• It can also be found on your C:\ drive named combofix.txt

Above all, BE PATIENT! and let it run it's course.

kws

Thanks for the continued help.

I turned off McAfee and downloaded the programme and ran it, but it said that McAfee was still running.

The instructions didn't seem to cover my version of McAfee (AntiVirus Plus), so I just went through indiivdually turning off real time scanning, scheduled scanning and firewall), but it still said it was running.