TechSpot

Avast found Win32:Malware-gen, Win64-Sirefef-A, and Win32-Atraps-PF

Solved
By turkishharem
Jul 15, 2012
  1. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    OK. I'll give it another try and focus on hitting the correct button this time.
     
  2. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    ... or I'll just paste the correct log this time. Sorry about the mixup.

    The real OTL log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 321 bytes

    User: al
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 396 bytes

    User: All Users

    User: avanderlinden
    ->Temp folder emptied: 2150811 bytes
    ->Temporary Internet Files folder emptied: 245078001 bytes
    ->Java cache emptied: 122664 bytes
    ->Flash cache emptied: 237594 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 321 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8683587 bytes
    ->Flash cache emptied: 14388 bytes

    User: NetworkService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 9889 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2289 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1308 bytes

    Total Files Cleaned = 245.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: al

    User: All Users

    User: avanderlinden
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: al
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: avanderlinden
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07182012_000400
    Files\Folders moved on Reboot...
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\YKUGPQC4\WnxKoAwH1AwIAAED1AwAAABCABqzf-oS7wcjoYw%26num%3D1%26sig%3DAOD64_2oqd0o2smJiPbKOV3rJK9_pZKRVA%26client%3Dca-pub-7395890353660701%26adurl%3D;ord=1659222[1].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\F5KM7S1O\andes_c[1].html moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\CVEJDEA2\ads[1].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\1I63RUQG\page-2[1].txt moved successfully.
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3d4.dat not found!
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\HPSLPSVC0107.log not found!
    PendingFileRenameOperations files...
    [2012/07/18 00:00:09 | 000,009,375 | ---- | M] () C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\YKUGPQC4\WnxKoAwH1AwIAAED1AwAAABCABqzf-oS7wcjoYw%26num%3D1%26sig%3DAOD64_2oqd0o2smJiPbKOV3rJK9_pZKRVA%26client%3Dca-pub-7395890353660701%26adurl%3D;ord=1659222[1].htm : MD5=CB1633DD5D47B14E9DBCE1D9A52E13FD
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\F5KM7S1O\andes_c[1].html not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\CVEJDEA2\ads[1].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\1I63RUQG\page-2[1].txt not found!
    File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3d4.dat not found!
    [2012/07/18 19:57:49 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5
    File C:\WINDOWS\temp\HPSLPSVC0107.log not found!
    Registry entries deleted on Reboot...
     
  3. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    Security Check log:

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Java(TM) 6 Update 29
    Out of date Java installed!
    Adobe Flash Player ( 10.0.22.87) Flash Player Out of Date!
    Adobe Reader X (10.1.2)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````
     
  4. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    FSS log:

    Farbar Service Scanner Version: 08-07-2012
    Ran by avanderlinden (administrator) on 18-07-2012 at 20:22:59
    Running from "C:\Documents and Settings\avanderlinden\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    Extra List:
    =======
    aswTdi(10) DNE(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0A000000040000000100000002000000030000000A0000000800000005000000060000000700000009000000
    IpSec Tag value is correct.
    **** End of log ****
     
  5. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    Read my reply #24.
     
  6. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    Gosh dang it! I'm sorry for not getting it correct, Broni. I will slow down and repeat your directions from post #22 from scratch, as it appears that I mixed things up on my first attempt. Thank you for your help and patience.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    You did fine.
    It's just about that error.
    I posted possible solution in my reply #24.
    You don't need to redo anything.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    When done with fixing that error....

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ======================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =====================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  9. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    As indicated in reply #24, I reran OTL with the custom script and clicked on the "Fix" button. Here is the resulting log. I'm going to hold off proceeding to the directions in your latest reply until you confirm that I finally took care of reply #24.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: al
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: avanderlinden
    ->Temp folder emptied: 23570 bytes
    ->Temporary Internet Files folder emptied: 10102601 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14009 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 10.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: al

    User: All Users

    User: avanderlinden
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: al
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: avanderlinden
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07182012_223628
    Files\Folders moved on Reboot...
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\GMS5KC12\si[1].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\GMS5KC12\si[2].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\DLHXLMCA\net[1].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\DLHXLMCA\page-2[1].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\ads[6].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\ads[7].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\partner[1].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\partner[2].htm moved successfully.
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7ac.dat not found!
    PendingFileRenameOperations files...
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\GMS5KC12\si[1].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\GMS5KC12\si[2].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\DLHXLMCA\net[1].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\DLHXLMCA\page-2[1].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\ads[6].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\ads[7].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\partner[1].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\partner[2].htm not found!
    File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7ac.dat not found!
    Registry entries deleted on Reboot...
     
  10. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    Please re-read my previous reply.
     
  11. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    Broni, I'm having problems. I want to follow your directions and make things easy because I really appreciate you sharing your expertise, and I thought that running your custom script in OTL and hitting the "Fix" button would address your comment in reply #24. I posted the results of that procedure in post #33, but it appears that I'm just missing something as evidenced by your latest reply. Can you please help me understand what I need to do to address/execute the possible solution posed in reply #24?

    Broni Reply #24 (in response to my initial posting of the OTL log):
    That's incorrect log.
    You clicked on "Scan" button instead of "Fix" button.

    Broni Reply #32:
    You did fine.
    It's just about that error.
    I posted possible solution in my reply #24.
    You don't need to redo anything.

    Turk Post #33:
    << Used Broni's custom script from reply #22 and hit the "Fix" button, which should have generated the requested OTL log >>

    Broni Reply #34:
    Please re-read my previous reply.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    I apologize.
    My bad.
    I was replying to a different topic.
    Sorry about it :)

    All I need is Eset scan log.
     
  13. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    Phew! I thought I was really screwing things up. Glad that the solution was so simple. :)

    I ran the ESET scan tool twice. The first time was yesterday, when I was motoring along and kind of got sidetracked trying to satisfy reply #24. That result is below. The second scan just finished and found nothing, so there is no second log.

    Once I get confirmation that I am OK to this point, I will follow the directions in reply #33 to update my software, remove the old restore points, and create a new restore point.

    ESETScan.txt:

    C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jhtml.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jhtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jPlugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144047.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144052.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144053.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144060.dll probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144066.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
     
  14. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    Very well :)

    Now you're ready to proceed with my reply #33.
     
  15. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    OTL log from reply #33:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: al
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: avanderlinden
    ->Temp folder emptied: 115018 bytes
    ->Temporary Internet Files folder emptied: 19263887 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 715 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2290 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 19.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: al
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: avanderlinden
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: al

    User: All Users

    User: avanderlinden
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.54.0 log created on 07202012_114228
    Files\Folders moved on Reboot...
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\K1GL3PYW\adsCAN0Q8PA.htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\K1GL3PYW\windows_new_ie[1].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\21NIUOY8\si[5].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\21NIUOY8\si[6].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\0WIG31SH\ads[8].htm moved successfully.
    C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\0WIG31SH\page-2[1].htm moved successfully.
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7e0.dat not found!
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\K1GL3PYW\adsCAN0Q8PA.htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\K1GL3PYW\windows_new_ie[1].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\21NIUOY8\si[5].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\21NIUOY8\si[6].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\0WIG31SH\ads[8].htm not found!
    File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\0WIG31SH\page-2[1].htm not found!
    File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7e0.dat not found!
    [2012/07/20 11:45:25 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5
    Registry entries deleted on Reboot...
     
  16. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    I seem to be having problems with Java. I ran JavaRa and it appears to have deleted all Java versions. I went back to the Java site and reinstalled the latest version. The installation process appears to conclude successfully, but the Java version checker doesn't recognize any version of Java installed. I ran JavaRa again to try and start from scratch, but the exact same thing happened - installation appears to be successful but the Java site does not recognize any version of Java as being installed. Java applets are showing up as empty boxes wtih a small red X in the upper left corner.

    When it did it the first time, the Java site did recognize an older version of Java and recommended an update, which I did.

    Have you experienced this before? Any ideas how I can get Java back up and running? I'll continue working the issue on my end, but the last two hours have not yielded any results so I'm officially asking for help.
     
  17. turkishharem

    turkishharem TS Rookie Topic Starter Posts: 30

    I'm trying to uninstall Java and start from a clean slate. Following the uninstall directions from the Java site indicates that uninstallation should take place from the "Add/Remove Programs" section of Control Panel. In the list, the previous version of Java (Java 6 Update 29) was listed as still having been installed. I tried uninstalling it, but the uninstallation process returned a fatal error.

    The program list also shows the latest version of Java (Java 7 Update 5), so I tried uninstalling that also. Unfortunately, that process also returns a fatal error.

    I also tried running JavaRa to uninstall old versions again to see if that would help. The JavaRa log file shows that it isn't finding any old versions of Java.
     
  18. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.