Although OTL .exe page had on it not responding this morning, I see the program has made a log and perhaps it is what you want jeffce. Hope so I am attaching it now.
Tiggie

jeffce the last log sent to you was the fix it log done last night .Now sending the OTL.exe scan .
Tiggie

Hi,

I think that we need to run a different tool here. Some of these just are not being removed…

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.

jeffce just going to do Combo fix I want to get it right so will you please advise me which do I choose when disabling Avast anti virus ie-One hour or untill pc is restarted
Tiggie

You can disable it until the system restarts. :slight_smile:

Your instructions were so clear jeffce thankyou, and the Combo fix only took about 15 minutes. Here attached is the log.

Good job! How is your system running? :slight_smile:

So glad you are pleased jeffce, I think I have been a pain.
I have had to be out all day today, so have not had chance to use my computer ,but would think it will be o.k . Will know soon.
Please what do I do about the two files which are in the chest i.e ,
i4g7464491698058458322.exe which the virus name is Win32;ShipUp-U and the other one F.class, virus infection Java-Agent DRF. Can I now Delete them to get them out of the chest?
Also the Potential Unwanted Program which Avast said was infected with Win32;PUP-gen(PuP) NAME A0105983.exe
C:\system volume information_\restore( D5F7A20F.129) Can I delete
this also?.
I know now after reading lots of mail in the forum just how impotant it is to keep programs up ro date, I had not updated Java for a long time
but do not want it now.
You are a hero and I thank you so very much.
Tiggie

Hi there,

You have not been a pain at all. :slight_smile: No problem.

When you get a chance to play a bit with your system go ahead and do so and then let me know how it seems to be running. The two files that are in the virus chest you can leave for now or delete them…whatever you like to do. We still have some things to do so don’t worry too much about those or the other file in the \restore directory either. That will be removed later.

As for java…I don’t even keep it on my system any longer…at all. It is having too many problems and exploits and I haven’t found in the last year or so that it has made any difference to me or what I do online to even have it. If you want…just uninstall it or we will update it very soon in our instructions.

Just let me know how your system is running when you get a chance. :slight_smile:

Hi Jeff, Reporting back.
Have played about with the computer, Every thing is working well, no problems now.
Have not deleted, anything in the virus chest. Will wait for you.
I do not have Java , uninstalled it from the add and remove program
plus the old updates in fright when I got the virus. Was going to reinstall but did not. And will not.
You say we still have things to do so will wait for you to tell me what to do next, thankyou.
Tiggie

Hi,

Glad to hear that everything is running better now. :slight_smile: Let’s check for anything else hiding in there and we should be about done…

http://i1224.photobucket.com/albums/ee380/jeffce74/mbam-3.jpg
Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
[*]Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[]Wait for the scan to finish[]When the scan is done, if it shows a screen that says “Threats found!”, then click “List of found threats”, and then click “Export to text file…”[] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[]Close the ESET online scan, and let me know how things are now.

Here is the malwarebytes log.
Will do the ESET scan next. When you say turn off the real time scanner of my anti virus,s ,is that the same as disabling ?
Tiggie

Yes just disable the antivirus program. :slight_smile:

jeff just preparing to do the ESETscan now, too much going on here with visitors yesterday
I would be pleased if you could tell me how to copy and paste this log when I get it just to make sure I get it right, and what exact spot am I to paste it in.Where I am writing now?
Thankyou so much
Tiggie

You can just attach the logs like you have been doing all along. That is just fine. :slight_smile:

jeff will try to cESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

version=8

IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

OnlineScanner.ocx=1.0.0.6920

api_version=3.0.2

EOSSerial=6d3cc586d46749408e6b40186eac0335

engine=14157

end=finished

remove_checked=false

archives_checked=true

unwanted_checked=true

unsafe_checked=true

antistealth_checked=true

utc_time=2013-06-26 10:55:46

local_time=2013-06-26 11:55:46 (+0000, GMT Daylight Time)

country=“United Kingdom”

lang=1033

osver=5.1.2600 NT Service Pack 3

compatibility_mode=774 16777213 100 94 15627482 148950418 0 0

scanned=88147

found=2

cleaned=0opy and paste it.

Was this the log that was made?

Sorry jeff not sure think I had better do it again. not all of what I sent came through on copy and paste the bit at the end reads after
Found 2
Cleaned 0
Scan time3861
sh= and a lot of numbers ending with vn" a variant of Java/Exploit.
Agent.OLG trojen" ac=I fn=“C:\Documents and settings\compaq owner Application Data\Sun\Java\Deployment\cache 6.o\2 etc.
sh again and a lot of numbers ending in vn=Win32\install core.
BL application” ac =1fn=" C:\System volume information_restore
(D5F7A20F-1294-41E9-A947-A77075103E2E}
RP753\AO108869.exe
Do you think its the scan?
Can I do it again?

Go ahead and run it again and if a log is made just attach the log and we will see what we have. :slight_smile:

I ran the ESET scan again every thing spot on . When you click "export " a save as box appears with desktop highlighted and i clicked save, and the necessary *.txt appears but does not save anything to desk top!
A page in the program gives the scan results so Jeff here they are.
Two threats detected
C:\ Documents and setting_ compaq owner\ application Data\Sun\Java…a varient of Java/Exploit. Agent. OLG trojan.
C:\ System Volume information_restore (D5F7A20F-1294-41E9-A947… Win32/ Install core.BL application