[Schoodic_pnt]

I haven't surfed the net yet to see if it keeps redirecting me to advertsing sites. But i can try after i run the next scans.

What is the virus Kaspersky found?

[Advertisements]

All processes killed
========== FILES ==========
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-3c008303 moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: LocalService

User: Mark
->Flash cache emptied: 48930 bytes

User: NetworkService
->Flash cache emptied: 2582 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297187 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Mark
->Temp folder emptied: 106974823 bytes
->Temporary Internet Files folder emptied: 13083037 bytes
->Java cache emptied: 128094 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 2798 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05092010_232408

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA642.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA683.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA749.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA76E.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA85B.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA866.tmp not found!
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\UKK69Q6F\iframe[1].htm moved successfully.
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\1QNCD2TT\Need-Help-Removing-advertising-when-using-browser-t276447[2].html moved successfully.

Registry entries deleted on Reboot...

[Schoodic_pnt]

All processes killed
========== FILES ==========
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-3c008303 moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: LocalService

User: Mark
->Flash cache emptied: 48930 bytes

User: NetworkService
->Flash cache emptied: 2582 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297187 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Mark
->Temp folder emptied: 106974823 bytes
->Temporary Internet Files folder emptied: 13083037 bytes
->Java cache emptied: 128094 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 2798 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05092010_232408

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA642.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA683.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA749.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA76E.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA85B.tmp not found!
File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\~DFA866.tmp not found!
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\UKK69Q6F\iframe[1].htm moved successfully.
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\1QNCD2TT\Need-Help-Removing-advertising-when-using-browser-t276447[2].html moved successfully.

Registry entries deleted on Reboot...

[RPMcMurphy]

It was garden variety exploit in your Java cache. Nothing too hairy. Go ahead and surf a bit and let me know if everything is OK.

[Schoodic_pnt]

Here's the latest log.

Attached Files

•  OTL2.Txt   128.58KB   99 downloads

[Schoodic_pnt]

Surfinf seems to be fine.

[RPMcMurphy]

Good work - that looks clean! Now I have some important cleanup for you to take care of:

Uninstall ComboFix

• Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
  Combofix /Uninstall

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.
• Manually delete any remaining logs or tools.

Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

• Restart any anti-malware programs that we disabled while we were cleaning your machine.
• Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
• Consider running in a limited user account. See this post for more information.
• Please carefully review the information in our Preventing Malware and Safe Computing thread located HERE

Please post once more so I know you are all set and I can close this thread. Good luck and stay safe!

[Schoodic_pnt]

Ok. Uninstalled it. Ran OTL clean up. Deleted logs.

Thank you for all of your help! You are excellent!!!!!!!!!!!!!!!!!!!!

[RPMcMurphy]

You're very welcome. Take care.

[RPMcMurphy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.