[SweetTech]

hmm... I need to do some research on things. While i am doing that please do the following:

MalwareBytes' Anti-Malware Uninstall
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. http://www.malwareby.../mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
• Select the Update tab
• Click Check for Updates
• After the update have been completed, Select the Scanner tab.
• Select Perform quick scan, then click on Scan
• Leave the default options as it is and click on Start Scan
• When done, you will be prompted. Click OK, then click on Show Results
• Checked (ticked) all items and click on Remove Selected
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[Advertisements]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5350

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

12/18/2010 2:09:13 PM
mbam-log-2010-12-18 (14-09-13).txt

Scan type: Quick scan
Objects scanned: 156640
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[iamunderrated]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5350

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

12/18/2010 2:09:13 PM
mbam-log-2010-12-18 (14-09-13).txt

Scan type: Quick scan
Objects scanned: 156640
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[SweetTech]

Please run the ESET Online Scanner:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

[iamunderrated]

C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\255ed02b-3d3d5c8d multiple threats
C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\47e7863d-6b1407ad multiple threats

[SweetTech]

Hello,

How are things running?



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :Services
  :OTL
  
  :Reg
  
  :Files
  C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\255ed02b-3d3d5c8d
  C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\47e7863d-6b1407ad
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[iamunderrated]

All processes killed
Error: Unable to interpret <:Services:OTL:Reg:FilesC:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\255ed02b-3d3d5c8dC:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\47e7863d-6b1407adipconfig /flushdns /c:Commands[purity][resethosts][CreateRestorePoint][emptytemp][EMPTYFLASH]> in the current context!
Error: Unable to interpret < > in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 12192010_145341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[iamunderrated]

Results of screen317's Security Check version 0.99.8
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
CyberDefender Registry Scanner CDregclean.exe
``````````End of Log````````````

[SweetTech]

Hello,

Please try to re-run the OTL fix in this post: http://www.geekstogo...ost__p__1943804


Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Look for "Java Platform, Standard Edition".
• Click the "Download JRE" button to the right.
• Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
• Click Continue and the page will refresh.
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the Java Setup - Welcome window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
• Click Ok and reboot your computer.

[iamunderrated]

All processes killed
Error: Unable to interpret <:Services:OTL:Reg:FilesC:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\255ed02b-3d3d5c8dC:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\47e7863d-6b1407adipconfig /flushdns /c:Commands[purity][resethosts][CreateRestorePoint][emptytemp][EMPTYFLASH]> in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 12192010_165215

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[SweetTech]

Hello,


How are things running?


Launch Notepad, and copy/paste everything in the codebox below into the new document. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as runme.bat.

@echo off
if exist results.txt del results.txt
FOR %%H IN (
"C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\255ed02b-3d3d5c8d"
"C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\47e7863d-6b1407ad"
) DO (
attrib -r -h -s %%H
del /q /f %%H >> results.txt 2>>&1
)
del %0

Locate runme.bat on your desktop, and double click it to run the fix. Post results.txt that it should create.

[iamunderrated]

offif exist results.txt del results.txtFOR %H IN ("C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\255ed02b-3d3d5c8d""C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\47e7863d-6b1407ad") DO (attrib -r -h -s %Hdel /q /f %H )del "C:\Users\Cory Nichols\Desktop\runme.bat"

[SweetTech]

Was that what the contents of the Results.txt file?

[iamunderrated]

Was that what the contents of the Results.txt file?

Yes it was...does it not look right?

[SweetTech]

Hello,

No, unfortunately it does not look right. Lets try something slightly different.

Try using these instructions:

Double click on fix.bat

• Open Notepad. To open notepad do the following go to Start > Run > type Notepad and then click on Ok.
  

  or you can use the Windows Shortcut for getting the Run Dialog Box to appear. To use this method you need to press the "Windows Key" on your keyboard as well as the letter "R"

• Copy and Paste the text that is below into Notepad: (So you'd put your mouse before the @ sign, left click your mouse and drag down until you get to down to where it says exit. Make sure that the word "exit" is in the text that you are copying.
  

  @echo off
  takeown /f "C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\255ed02b-3d3d5c8d"
  del /f /q "C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\255ed02b-3d3d5c8d"
  takeown /f "C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\47e7863d-6b1407ad"
  del /f /q "C:\Users\Cory Nichols\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\47e7863d-6b1407ad"
  del %0
  exit
  

• Go to File > Save As
• Save File name as runme.bat
• Change Save as Type to All Files and save the file to your Desktop.
• It should look like this:
• Now you need to right click on the runme.bat and select "Run as Administrator".
• You will see a black window that will pop-up on your screen and then disappear again. The runme.bat will self-delete upon completion. This is normal.

[iamunderrated]

I followed the runme.bat steps...the black window went away but is a "results" doc supposed to be produced on my desktop?