Other > Viruses and worms

Startup Issues: Suspected Trojan & Help Required

<< < (3/5) > >>

Pondus:
well there is always bunch of scanners you can try but i think the best is to wait for essexboy
you may post an OTS log if able to, essexboy will then see what and where and choose the right tool for it

see how to here  http://forum.avast.com/index.php?topic=53253.0

lower left corner > Additional Options > Attach (OTS log)

wingwangchung:
Here it is as requested, divided into two parts:

essexboy:
On completion of this run could you restart in normal mode and let me know what the current problems are

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.


--- Code: ---
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\"XMLHTTP_UUID_Default" -> A7 C7 AC 01 6D 06 23 4B 9D C2 38 F6 0F B2 D6 40  [binary data]
< FireFox Extensions [User Folders] > ->
YY -> XUL Cache   -> C:\Users\Wing Ho\AppData\Roaming\Mozilla\Firefox\Profiles\c46r8c3x.default\extensions\{199541eb-0fa6-4a0d-a475-00f7a3097e0d}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {01ACC7A7-066D-4B23-9DC2-38F60FB2D640} [HKLM] -> C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll [Reg Error: Value error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  api-ms-win-core-misc-l1-1-032.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
[Files/Folders - Modified Within 30 Days]
NY ->  2027058438 -> C:\Windows\SysWow64\2027058438
NY ->  api-ms-win-core-misc-l1-1-032.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
NY ->  api-ms-win-core-misc-l1-1-032.exe -> C:\ProgramData\api-ms-win-core-misc-l1-1-032.exe
[Files - No Company Name]
NY ->  api-ms-win-core-misc-l1-1-032.exe -> C:\ProgramData\api-ms-win-core-misc-l1-1-032.exe
NY ->  2027058438 -> C:\Windows\SysWow64\2027058438
NY ->  tmpAVATAR.0 -> C:\Users\Wing Ho\AppData\Local\tmpAVATAR.0
NY ->  tmpAVATAR.JPG -> C:\Users\Wing Ho\AppData\Local\tmpAVATAR.JPG
NY ->  tmpSEXY.3 -> C:\Users\Wing Ho\AppData\Local\tmpSEXY.3
NY ->  tmpSEXY.2 -> C:\Users\Wing Ho\AppData\Local\tmpSEXY.2
NY ->  tmpSEXY.1 -> C:\Users\Wing Ho\AppData\Local\tmpSEXY.1
NY ->  tmpSEXY.0 -> C:\Users\Wing Ho\AppData\Local\tmpSEXY.0
NY ->  tmpSEXY.JPG -> C:\Users\Wing Ho\AppData\Local\tmpSEXY.JPG
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]


--- End code ---

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

wingwangchung:
All seems well; the fix was indeed quick! Programs and files that I recognize are intact as well. I don't know what exactly was done, but I am now on the internet under normal circumstances and the speed seems fine. Anything else I should do? I'm always a little suspicious.

Also, here is the file it produced upon logging in:

------

All Processes Killed
[Registry - Safe List]
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
File C:\Users\Wing Ho\AppData\Roaming\Mozilla\Firefox\Profiles\c46r8c3x.default\extensions\{199541eb-0fa6-4a0d-a475-00f7a3097e0d} not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01ACC7A7-066D-4B23-9DC2-38F60FB2D640}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ACC7A7-066D-4B23-9DC2-38F60FB2D640}\ not found.
File C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
[Files/Folders - Created Within 30 Days]
File C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll not found!
[Files/Folders - Modified Within 30 Days]
File C:\Windows\SysWow64\2027058438 not found!
File C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll not found!
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.exe not found!
[Files - No Company Name]
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.exe not found!
File C:\Windows\SysWow64\2027058438 not found!
File C:\Users\Wing Ho\AppData\Local\tmpAVATAR.0 not found!
File C:\Users\Wing Ho\AppData\Local\tmpAVATAR.JPG not found!
File C:\Users\Wing Ho\AppData\Local\tmpSEXY.3 not found!
File C:\Users\Wing Ho\AppData\Local\tmpSEXY.2 not found!
File C:\Users\Wing Ho\AppData\Local\tmpSEXY.1 not found!
File C:\Users\Wing Ho\AppData\Local\tmpSEXY.0 not found!
File C:\Users\Wing Ho\AppData\Local\tmpSEXY.JPG not found!
[Custom Items]
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Wing Ho\Downloads\cmd.bat deleted successfully.
C:\Users\Wing Ho\Downloads\cmd.txt deleted successfully.
[Empty Temp Folders]
 
 
User: All Users
 
User: Anne
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Visitor
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Wing Ho
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 46422657 bytes
->Java cache emptied: 58488592 bytes
->FireFox cache emptied: 43856816 bytes
->Google Chrome cache emptied: 8561745 bytes
->Flash cache emptied: 376843 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2967040 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38730514 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 190.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Anne
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Guest
 
User: Public
 
User: Visitor
->Flash cache emptied: 0 bytes
 
User: Wing Ho
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
Error creating restore point.
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 08012011_132504

Files\Folders moved on Reboot...
File\Folder C:\Users\Wing Ho\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

---------

essexboy:
Could you run a fresh Malwarebytes scan please and confirm that there are no further problems

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version