Solved Avast found Win32:Malware-gen, Win64-Sirefef-A, and Win32-Atraps-PF

... or I'll just paste the correct log this time. Sorry about the mixup.

The real OTL log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 321 bytes

User: al
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 396 bytes

User: All Users

User: avanderlinden
->Temp folder emptied: 2150811 bytes
->Temporary Internet Files folder emptied: 245078001 bytes
->Java cache emptied: 122664 bytes
->Flash cache emptied: 237594 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 321 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8683587 bytes
->Flash cache emptied: 14388 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 9889 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2289 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1308 bytes

Total Files Cleaned = 245.00 mb


[EMPTYJAVA]

User: Administrator

User: al

User: All Users

User: avanderlinden
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: al
->Flash cache emptied: 0 bytes

User: All Users

User: avanderlinden
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07182012_000400
Files\Folders moved on Reboot...
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\YKUGPQC4\WnxKoAwH1AwIAAED1AwAAABCABqzf-oS7wcjoYw%26num%3D1%26sig%3DAOD64_2oqd0o2smJiPbKOV3rJK9_pZKRVA%26client%3Dca-pub-7395890353660701%26adurl%3D;ord=1659222[1].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\F5KM7S1O\andes_c[1].html moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\CVEJDEA2\ads[1].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\1I63RUQG\page-2[1].txt moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3d4.dat not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\HPSLPSVC0107.log not found!
PendingFileRenameOperations files...
[2012/07/18 00:00:09 | 000,009,375 | ---- | M] () C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\YKUGPQC4\WnxKoAwH1AwIAAED1AwAAABCABqzf-oS7wcjoYw%26num%3D1%26sig%3DAOD64_2oqd0o2smJiPbKOV3rJK9_pZKRVA%26client%3Dca-pub-7395890353660701%26adurl%3D;ord=1659222[1].htm : MD5=CB1633DD5D47B14E9DBCE1D9A52E13FD
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\F5KM7S1O\andes_c[1].html not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\CVEJDEA2\ads[1].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\1I63RUQG\page-2[1].txt not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3d4.dat not found!
[2012/07/18 19:57:49 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5
File C:\WINDOWS\temp\HPSLPSVC0107.log not found!
Registry entries deleted on Reboot...
 
Security Check log:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java(TM) 6 Update 29
Out of date Java installed!
Adobe Flash Player ( 10.0.22.87) Flash Player Out of Date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
 
FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by avanderlinden (administrator) on 18-07-2012 at 20:22:59
Running from "C:\Documents and Settings\avanderlinden\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(10) DNE(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000800000005000000060000000700000009000000
IpSec Tag value is correct.
**** End of log ****
 
Gosh dang it! I'm sorry for not getting it correct, Broni. I will slow down and repeat your directions from post #22 from scratch, as it appears that I mixed things up on my first attempt. Thank you for your help and patience.
 
You did fine.
It's just about that error.
I posted possible solution in my reply #24.
You don't need to redo anything.
 
When done with fixing that error....

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

======================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=====================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
As indicated in reply #24, I reran OTL with the custom script and clicked on the "Fix" button. Here is the resulting log. I'm going to hold off proceeding to the directions in your latest reply until you confirm that I finally took care of reply #24.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: al
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: avanderlinden
->Temp folder emptied: 23570 bytes
->Temporary Internet Files folder emptied: 10102601 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14009 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


[EMPTYJAVA]

User: Administrator

User: al

User: All Users

User: avanderlinden
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: al
->Flash cache emptied: 0 bytes

User: All Users

User: avanderlinden
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07182012_223628
Files\Folders moved on Reboot...
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\GMS5KC12\si[1].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\GMS5KC12\si[2].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\DLHXLMCA\net[1].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\DLHXLMCA\page-2[1].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\ads[6].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\ads[7].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\partner[1].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\partner[2].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7ac.dat not found!
PendingFileRenameOperations files...
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\GMS5KC12\si[1].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\GMS5KC12\si[2].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\DLHXLMCA\net[1].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\DLHXLMCA\page-2[1].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\ads[6].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\ads[7].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\partner[1].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\4DLUSG6I\partner[2].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7ac.dat not found!
Registry entries deleted on Reboot...
 
Broni, I'm having problems. I want to follow your directions and make things easy because I really appreciate you sharing your expertise, and I thought that running your custom script in OTL and hitting the "Fix" button would address your comment in reply #24. I posted the results of that procedure in post #33, but it appears that I'm just missing something as evidenced by your latest reply. Can you please help me understand what I need to do to address/execute the possible solution posed in reply #24?

Broni Reply #24 (in response to my initial posting of the OTL log):
That's incorrect log.
You clicked on "Scan" button instead of "Fix" button.

Broni Reply #32:
You did fine.
It's just about that error.
I posted possible solution in my reply #24.
You don't need to redo anything.

Turk Post #33:
<< Used Broni's custom script from reply #22 and hit the "Fix" button, which should have generated the requested OTL log >>

Broni Reply #34:
Please re-read my previous reply.
 
I apologize.
My bad.
I was replying to a different topic.
Sorry about it :)

All I need is Eset scan log.
 
Phew! I thought I was really screwing things up. Glad that the solution was so simple. :)

I ran the ESET scan tool twice. The first time was yesterday, when I was motoring along and kind of got sidetracked trying to satisfy reply #24. That result is below. The second scan just finished and found nothing, so there is no second log.

Once I get confirmation that I am OK to this point, I will follow the directions in reply #33 to update my software, remove the old restore points, and create a new restore point.

ESETScan.txt:

C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jhtml.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jhtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jPlugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144047.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144052.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144053.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144060.dll probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4BC43425-B5B6-4BD4-9DCC-2B7F8AED8C21}\RP816\A0144066.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
 
OTL log from reply #33:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: al
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: avanderlinden
->Temp folder emptied: 115018 bytes
->Temporary Internet Files folder emptied: 19263887 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 715 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2290 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: al
->Flash cache emptied: 0 bytes

User: All Users

User: avanderlinden
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: al

User: All Users

User: avanderlinden
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07202012_114228
Files\Folders moved on Reboot...
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\K1GL3PYW\adsCAN0Q8PA.htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\K1GL3PYW\windows_new_ie[1].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\21NIUOY8\si[5].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\21NIUOY8\si[6].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\0WIG31SH\ads[8].htm moved successfully.
C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\0WIG31SH\page-2[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7e0.dat not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\K1GL3PYW\adsCAN0Q8PA.htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\K1GL3PYW\windows_new_ie[1].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\21NIUOY8\si[5].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\21NIUOY8\si[6].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\0WIG31SH\ads[8].htm not found!
File C:\Documents and Settings\avanderlinden\Local Settings\Temporary Internet Files\Content.IE5\0WIG31SH\page-2[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7e0.dat not found!
[2012/07/20 11:45:25 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5
Registry entries deleted on Reboot...
 
I seem to be having problems with Java. I ran JavaRa and it appears to have deleted all Java versions. I went back to the Java site and reinstalled the latest version. The installation process appears to conclude successfully, but the Java version checker doesn't recognize any version of Java installed. I ran JavaRa again to try and start from scratch, but the exact same thing happened - installation appears to be successful but the Java site does not recognize any version of Java as being installed. Java applets are showing up as empty boxes wtih a small red X in the upper left corner.

When it did it the first time, the Java site did recognize an older version of Java and recommended an update, which I did.

Have you experienced this before? Any ideas how I can get Java back up and running? I'll continue working the issue on my end, but the last two hours have not yielded any results so I'm officially asking for help.
 
I'm trying to uninstall Java and start from a clean slate. Following the uninstall directions from the Java site indicates that uninstallation should take place from the "Add/Remove Programs" section of Control Panel. In the list, the previous version of Java (Java 6 Update 29) was listed as still having been installed. I tried uninstalling it, but the uninstallation process returned a fatal error.

The program list also shows the latest version of Java (Java 7 Update 5), so I tried uninstalling that also. Unfortunately, that process also returns a fatal error.

I also tried running JavaRa to uninstall old versions again to see if that would help. The JavaRa log file shows that it isn't finding any old versions of Java.
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck and stay safe :)
 
Back