27 replies to this topic

[MrCharlie]

Not much showing....please do this:

Download, upzip the attached file (flush.zip), don't run it yet.

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL
  O3 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  :Commands
  [EMPTYJAVA]
  [emptytemp]
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

This will reboot the computer.

Now right click on flush.bat and choose "Run as Administrator"

-------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Attached Files

•  flush.zip   291bytes   23 downloads

[RedBarron]

Hey, sorry I didn't see your last post, I will do it tomorrow.. btw. this is the last time Malwarebytes blocked anything:

2012/04/26 00:59:13 +0800 IP-BLOCK 60.190.222.181 (Type: outgoing, Port: 50196, Process: chrome.exe)

so fingers crossed, maybe something helped along the way

[MrCharlie]

OK, I changed the OTL script a little, MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[RedBarron]

Ok, so I thought I was good, then I got the same thing again:

2012/05/02 10:52:53 +0800 IP-BLOCK 122.70.141.101 (Type: outgoing, Port: 59021, Process: chrome.exe)

Here is the OTL log:


All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Arne
->Java cache emptied: 10237700 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 10.00 mb


[EMPTYTEMP]

User: All Users

User: Arne
->Temp folder emptied: 56522282 bytes
->Temporary Internet Files folder emptied: 56483518 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80288214 bytes
->Google Chrome cache emptied: 363081678 bytes
->Flash cache emptied: 112725 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74464 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 531.00 mb


OTL by OldTimer - Version 3.2.42.1 log created on 05032012_122652

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Here is the MBAM, ran a full scan:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.03.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
[administrator]

Protection: Enabled

03.05.2012 13:29:15
mbam-log-2012-05-03 (13-29-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293548
Time elapsed: 1 hour(s), 26 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

I'm running out of ideas......please run this scan:

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
http://www.eset.eu/online-scanner
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Advanced settings and select the following:

• Scan potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!