also @ TechSpot: Codemasters announces £125,000 special edition of GRID 2

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

System Check virus

Discussion in 'Virus and Malware Removal' started by Allieraptor, Jan 19, 2012.

Post New Reply

Page 3 of 4

Allieraptor Newcomer, in training Posts: 67

ESET Scan log

Here is the ESET Scan Log. Just FYI, the Allie_TR file was a renamed file that I created from my original Loaris Trojan Remover exe file.

__________________________________

C:\Documents and Settings\Jazz\Desktop\Computer Security\Trojan Remover\Allie_tro_.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\Program Files\Allie_TR_\Allie_TR-setup.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\Program Files\Allie_TR_\ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Program Files\Loaris\Trojan Remover\ltr.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\Programs\VeohWebPlayerSetup_eng.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\Programs\Free MP3 Converter\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Programs\FreeFLVConverter\Setup_FreeFlvConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Programs\FreeFLVConverter\Setup_FreeFlvConverterN.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Programs\_Buy Replay AV - Replay Converter\AV Stream Capture Suite SW\RSLSetup.exe probably a variant of Win32/TrojanDownloader.Agent.EMYMIEA trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ReactivateIE.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarBroker.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065453.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065474.exe a variant of Win32/Kryptik.ZCE trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065475.exe a variant of Win32/Kryptik.ZCE trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065718.sys a variant of Win32/Rootkit.Kryptik.HV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070178.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070180.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070181.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070182.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072396.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072404.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072406.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072407.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072408.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072409.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072410.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072411.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072412.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072413.exe probably a variant of Win32/TrojanDownloader.Agent.EMYMIEA trojan deleted - quarantined

Allieraptor, Jan 20, 2012

#41
Broni Malware Annihilator Posts: 39,437 +177
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
Broni, Jan 20, 2012

#42
Allieraptor Newcomer, in training Posts: 67

2nd OTL Fix Log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jazz
->Temp folder emptied: 1299160 bytes
->Temporary Internet Files folder emptied: 790774 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 158828178 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1991 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 154.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jazz
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jazz
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 01202012_201929

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Allieraptor, Jan 20, 2012

#43
Allieraptor Newcomer, in training Posts: 67

Computer Performance

Upon reboot I have twice gotten an Error Report Popup window for the jusched.exe file.

Also, my administrative tools are still not showing up.

My avast still will not uninstall so that I can reinstall. It also does not autorun upon startup anymore. It runs when I start it manually, but I still can not update it. However, it does say that it's release date was 1/18/2012 at 11 am and the last update attempt was on 1/19/2012 3 am.

One question about the security tool removal...should I remove my SD spybot and just run the Malwarebytes and Avast?

Allieraptor, Jan 20, 2012

#44
Broni Malware Annihilator Posts: 39,437 +177

Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

my administrative tools are still not showing up.

Download and run this: http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe

My avast still will not uninstall

Try free version of Revo: http://www.revouninstaller.com/revo_uninstaller_free_download.html

should I remove my SD spybot and just run the Malwarebytes and Avast?

Yeah, I consider Spybot as a tool of the past.

Broni, Jan 20, 2012

#45

Allieraptor Newcomer, in training Posts: 67

Computer Performance

Ok...got everything resolved except my Avast uninstall, which is just not going anywhere. I'm gonna try it in safe mode.

My control panel, admin tools, start menu etc are back to normal, except I still have some program files that are not showing the subfolders within the start menu. Such as all my adobe products do not show up under the programs\adobe option in my start menu. Any suggestions on how I can restore this?

One more question, I have several programs that run on start up that I would like to stop. How can I do that? I'm leery of attempting something like that without instruction since a friend of mine forbid me from entering "THE BIOS". lol

I can't tell you how much your assistance has meant to me. Thank you so very much!

Allieraptor, Jan 20, 2012

#46

Allieraptor Newcomer, in training Posts: 67

Computer Performance

Well, removing Avast is turning into a real pain. lol I can't do it in safe mode, nor can I manually delete the file folder. Suggestions?

Allieraptor, Jan 20, 2012

#47
Allieraptor Newcomer, in training Posts: 67

Computer Performance

I'm an *****. LOL I'm so sorry. Revo UNINSTALLER ... I get it now. Sheesh it's been a really long day or I'm going brain dead. One or the other, or possibly both! LOL

Allieraptor, Jan 20, 2012

#48
Broni Malware Annihilator Posts: 39,437 +177

Did you try Revo to uninstall Avast?

I still have some program files that are not showing the subfolders within the start menu

Some programs may have to be reinstalled.
You can also try my manual HERE

I have several programs that run on start up that I would like to stop

Download, and install Quick Startup: http://www.glarysoft.com/qs.html
Go File>Export, save report, and paste it into your next post.

Broni, Jan 20, 2012

#49
Allieraptor Newcomer, in training Posts: 67

Computer Performance

I ran Revo Uninstaller and it says it removed avast. When I go to add/remove programs it also says avast has been removed. However, if I look at my program files, the avast files are still there and I get the popup error when I try to delete.

Thank you for the link to your manual. I was able to get my programs back in my start menu.

Allieraptor, Jan 21, 2012

#50
Broni Malware Annihilator Posts: 39,437 +177

What does the pop-up say?

Broni, Jan 21, 2012

#51
Allieraptor Newcomer, in training Posts: 67

Computer Performance

It says that it:

Can not delete Avast_1033.chm:Access denied.

Make sure disk is not full or write-protected and that the files are not currently in use.

When I check out that specific file it says that it is a complied HTML Help file.

Allieraptor, Jan 21, 2012

#52
Allieraptor Newcomer, in training Posts: 67

Update

I'm going to call it a night. Thank you so very much for all your help today. I'll check back in first thing in the morning.

Allieraptor, Jan 21, 2012

#53
Allieraptor Newcomer, in training Posts: 67

I'm back!

Good morning and happy Saturday!

Allieraptor, Jan 21, 2012

#54
Broni Malware Annihilator Posts: 39,437 +177

Is it the only file which you can't remove?

Try.....

Download, and install Unlocker: http://cedrick.collomb.perso.sfr.fr/unlocker/
Restart computer.
It'll install under right click menu.

Open Windows Explorer.
Navigate to offending folder/file.

Right click on a folder/file. Click Unlocker
Select Delete from drop-down menu:

Click OK.
A folder/file will refuse to be deleted, but Unlocker will give you an option to delete on reboot:

Click Yes.
Restart computer.

==============================================================

If the above doesn't work, try...

LockHunter: http://lockhunter.com/

FileASSASSIN: http://www.snapfiles.com/get/fileassassin.html

Broni, Jan 21, 2012

#55
Allieraptor Newcomer, in training Posts: 67

Unlocker

The Link you have for the Unlocker program is giving me a page load error. I tried to find it on my own but I think I ended up with the wrong version.

Should I just try one of the other ones you provided?

Allieraptor, Jan 21, 2012

#56
Broni Malware Annihilator Posts: 39,437 +177

Sorry about it.
Here: http://www.emptyloop.com/unlocker/

Broni, Jan 21, 2012

#57
Allieraptor Newcomer, in training Posts: 67

Unlocker

Thank you for the new link. I installed Unlocker 1.9.1 and I think my problem may be user error generated. lol

I installed and rebooted. Then I open windows explorer and right click on the avast folder I want to delete. It pops open a Unlocker window with a few options which do not look like your screen grabs of the program. The options I have available are Kill Process, Unlock, Unlock All and Quit. I also have a pull down menu on the bottom left which are listed as follows: No action, delete, rename, move and copy.

I tried just hitting Unlock All and then I went to the folder and tried to delete it. No luck. Then I tried highlighting all the entries in the Unlocker popup window that it generated when I right clicked on the Avast file. No luck when I tried to delete the folder.

Am I supposed to be deleting the file folder from within Unlocker? If so, is that the Kill Process?

Sorry for my confusion.

Allieraptor, Jan 21, 2012

#58
Broni Malware Annihilator Posts: 39,437 +177

I also have a pull down menu on the bottom left which are listed as follows: No action, delete, rename, move and copy.

Re-read my instructions.

Broni, Jan 21, 2012

#59
Allieraptor Newcomer, in training Posts: 67

Avast Removal

I uninstalled the version of Unlock that I had installed because it did not match the version from your instructions. However, when I tried to click on the link for an older version of Unlocker, I got a page error. So, I moved on to LockHunter hoping to have better luck. It installed fine, I selected the proper folder and hit unlock. It gave me the following error message:

Cannot unlock the file because some processes are still locking it. Try to unlock the file again.

I tried again, with no luck. Apparently its my AvastSvc.exe file that is causing all the trouble. This is the exe file that I can see running in my background through the Task Manager.

I've never run into a program this difficult to get off my machine, except AOL. lol I'm sorry to be such a pain. Should I try the next unlocker program on the list?

Allieraptor, Jan 21, 2012

#60

Page 3 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.