Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD - problems with RegCleanPro

17 Nov 2014   #11
Taffy078

Win7 Home Premium (x64), SP1
 
 

PS Is there any way to find out when the Trojan got in? If there is, is it then worthwhile my looking at the various event logs to see what I was doing at the time eg what website was I visiting or what else was going on?

I've just pm'd you, Donna.

OMG - I've just noticed that my Norton IS is back on again. I turned it off for the 5 hours shown in the menu - might it have come back on during the scan?


My System SpecsSystem Spec
.
17 Nov 2014   #12
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Just a thought.
In my opinion have installed and or using Reg Clean Pro is just piling problems on top of problems.

From post # 8

Quote:
Reg Clean Pro / AdwCleaner / OTL
My System SpecsSystem Spec
17 Nov 2014   #13
Taffy078

Win7 Home Premium (x64), SP1
 
 

Hi Layback Bear. I haven't knowingly installed Reg Clean Pro. The file you mention is what AdwCleaner found when scanning my PC to try to establish what's happened. Perhaps this is one of the 'few things' that DonnaB has spotted.
My System SpecsSystem Spec
.

17 Nov 2014   #14
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Thank you for answering my concern and I think I understand your problem better.
I will go back to watching and let DonnaB do her thing.
My System SpecsSystem Spec
17 Nov 2014   #15
Taffy078

Win7 Home Premium (x64), SP1
 
 

no problem, Layback Bear. Thanks for your concern.
My System SpecsSystem Spec
17 Nov 2014   #16
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi there folks,

@Taffy,

There is no need to worry about the trojan found by ESET. If you look closely, that trojan was found in the C:\AdwCleaner\Quarantine folder and goes on to show where the trojan was removed from, meaning that when we remove AdwCleaner and the Quarantine folder that was created, the trojan will no longer exist anywhere on the system.

Reg Cleaner Pro was more than likely installed inadvertently as bundled software from some other free software that was installed at one time or another. This is the reason that you should take you time and pay close attention to every screen presented when installing any software, to ensure that if there is foistware included, to uncheck any pre-checked boxes or if you are provided with the opportunity to choose a Custom Install, do so.

The files that I found where not serious files of the malicious nature. Note the following entries:

O4 - HKU\S-1-5-21-3597321822-3438477668-356034365-1000..\Run: [Download Nitro] C:\PROGRAM FILES (X86)\PCPITSTOP\DOWNLOAD NITRO\PCPITSTOP-NITRO.EXE -autorun File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)


PC PitStop, far as I am concerned, is snake oil. I wouldn't waste my money on these types of optimizing programs. In due time, they can cause more damage to a file system than what they propose to fix.

I would like to add those file above to my fix. I only ask because if I am not mistaken, they are paid for programs.
My System SpecsSystem Spec
19 Nov 2014   #17
Taffy078

Win7 Home Premium (x64), SP1
 
 

Hi DonnaB. I cancelled my PCMatic subscriptions in June [https://community.norton.com/forums/...-thrown-towel] so please remove everything that you find. I used Revo Free to uninstall it but after the first pass there were several hundreds of debris left. Some appeared to be ones that should be kept so I had to select individually items for removal rather than 'check all'. Must have missed some!
I always use 'custom' to download stuff having been caught out by the likes of Adobe and some of the free download sites. That's why I was tempted to try to find when the blasted thing was installed so I could try to trace the source.
Over to you again, DonnaB!!
My System SpecsSystem Spec
20 Nov 2014   #18
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi Taffy,

Ok then!! Let's get rid of those orphaned files and I'll have you remove the tools!

  • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote:
    :OTL
    O3 - HKU\S-1-5-21-3597321822-3438477668-356034365-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3597321822-3438477668-356034365-1000..\Run: [Download Nitro] C:\PROGRAM FILES (X86)\PCPITSTOP\DOWNLOAD NITRO\PCPITSTOP-NITRO.EXE -autorun File not found
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

    :Services

    :Reg

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.


Please attach the following logs in your next reply:

C:\_OTL\Moved Files
OTL.txt
My System SpecsSystem Spec
20 Nov 2014   #19
Taffy078

Win7 Home Premium (x64), SP1
 
 

Hi Donna. I've done as you asked - I struggled with the "C:\_OTL\Moved files folder" - in it were

(1) the OTL.txt file and (2) a folder with the same name. In that folder was another folder "C_Windows" and in that was a folder "Downloaded Program Files" in which was the 'PCMatic Setup Information file'.

I've posted that too - I couldn't attach the actual file shown as it is 'inf, invalid extension so I opened it and saved as unicode. Please let me know if I've missed something.

PS OK to go off-topic? I hope that you and the forum's USA members are safe and well in the awful snow storm.
My System SpecsSystem Spec
20 Nov 2014   #20
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi Taffy,

Not sure how this happened but the commands I added to my fix were not executed properly:

Here are the commands I included in the fix:

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]


This is what OTL saw and could not execute:

File sethosts] not found.
File ptytemp] not found.
File EATERESTOREPOINT] not found.


See the difference? It looks as if each line of the script was copied and pasted individually instead of the entire script being copied and pasted as a whole.

I am going to ask you to run the whole fix again. Hope you don't mind. It will only take a couple of minutes of your time, then we can proceed to remove the tools.

Please follow the instructions below:

  • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, copy then paste all of the following content of the script that I coded in blue.

    Quote:

    :OTL
    O3 - HKU\S-1-5-21-3597321822-3438477668-356034365-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3597321822-3438477668-356034365-1000..\Run: [Download Nitro] C:\PROGRAM FILES (X86)\PCPITSTOP\DOWNLOAD NITRO\PCPITSTOP-NITRO.EXE -autorun File not found
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

    :Services

    :Reg

    :Files

    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Attach just the log that is found in C:\_OTL\Moved Files in your next reply.
I do not need you run a Quick Scan at this time.

Please post the following log in your next reply:

C:\_OTL\Moved Files
My System SpecsSystem Spec
Reply

 BSOD - problems with RegCleanPro




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Please Help with BSOD problems
My system keeps crashing and I can't seem to figure out why. Please help! Here is my compressed SF Diagnostic log
BSOD Help and Support
BSOD reboot, still BSOD problems & failure to recognize Ethernet card
After BSOD problems (0x00000050), I took my two month old Dell desktop back to Geek Squad under warranty. Said problem wasn't hardware, but software, and would charge to fix. I took it home and reinstalled Win 7. BSOD (0x0000007b) with a Dell installation CD, but otherwise fine except it keeps...
BSOD Help and Support
Random BSOD Problems, SF BSOD Utility Files Included
Howdy all, new user here looking to isolate a blue screen problem that makes me quite sad as it's becoming rather annoying. A friend a while back (2 years-ish) solved a bsod problem with you guy's help and I thought I would do the same. I read and followed the "Blue Screen of Death (BSOD)...
BSOD Help and Support
Can't start up my computer. (Driver problems, BSOD, other problems)
Hi I hope I'm placing this in the right section, if not, then could someone tell me where to put it and I'll post it again. I've got a Samsung RV510 laptop with Windows 7 HP 64 bit. About 2 weeks ago, I was watching a Youtube video, had Spotify and Facebook open too, and my computer...
BSOD Help and Support
BSOD Problems
Hi all, This is for my sister's laptop, the full DxDiag is included, but here are the basic specs: Windows 7 Home Premium 32 bit (OEM) The laptop is 6 months old, hard drive is 1 month. The problem: My sister was streaming a TV show a couple of days ago and the computer got infected...
BSOD Help and Support
extract problems, random BSOD errors all those problems
hi guys i dunno why i have many problems with win7 since installation and so far btw i wrote many topics before about my installation and eventually i didn't found any solution so i took my pc to computer shop and they solve the problem after that i installed win7 without any problems...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App