Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problem with links between websites and misdirections

Started by PhilipW97 , Apr 21 2009 08:18 AM

Please log in to reply

#16
Jimmy2012

Posted 12 May 2009 - 12:23 AM

Trusted Helper

Retired Staff
6,238 posts

Hello PhilipW97,

Please run the following program and see what it finds.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Double-click GooredFix.exe to run it.
Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

#17
PhilipW97

Posted 12 May 2009 - 03:06 AM

Member

Topic Starter
Member
147 posts

Hi Jimmy,

Herewith the Goored log:
GooredFix v1.92 by jpshortstuff
Log created at 10:36 on 12/05/2009 running Option #1 (Philip)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

This appeared virtualy instantaneously; is this the whole log, or did the programme hang?

This morning all Home Pages loaded on Firefox without any problems.

I haven't used Outlook for a while, because although it opens just fine, when I try to open a contact card it says that it has encountered a problem and needs to close. I have been entering details via my PDA and letting the PC synchronise with it; this works OK. The problem with Outlook started some while back (months) and originally it told me that it had a problem with the Kaspersky add-on. Since I removed Kaspersky it doesn't mention this just that it has encountered... I used Outlook this morning and it let me enter details of a new contact and then reopen that contact to set a category, so I thought perhaps it was OK. Then when I tried to open another contact it reverted to Outlook has encountered... Might this be connected to the other problems. I have tried to do a repair to Outlook from Control Panel Add/Remove Programmes, but although the Office repair activity ran to completion it has made no difference.

I tried to go into the Control Panel just now, but nothing happened, the hour glass appeared and then disappeared without the CP opening. Tried again and the same result, except that the start panel froze and although the mouse icon would move over the screen nothing happened on a click. Eventually, after about three minutes, the system freed up, but the CP did not open. I don't recall having this particular problem before.

I hope this is useful,

Philip

#18
Jimmy2012

Posted 12 May 2009 - 11:47 PM

Trusted Helper

Retired Staff
6,238 posts

Hello PhilipW97,

This appeared virtualy instantaneously; is this the whole log, or did the programme hang?

Yep, that is the whole log.

I tried to go into the Control Panel just now, but nothing happened,

That's strange.

We will now do a deep search of your processes and files

Download avz4.zip from here

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#19
PhilipW97

Posted 13 May 2009 - 08:09 AM

Member

Topic Starter
Member
147 posts

Hi Ji,,y,

Herewith the requested logs:

virusinfo_syscure.zip 42.42KB 132 downloads

virusinfo_syscheck.zip 35.61KB 204 downloads

Philip

#20
Jimmy2012

Posted 14 May 2009 - 11:48 PM

Trusted Helper

Retired Staff
6,238 posts

Hello PhilipW97,
Those logs look clean, please run the following scan and see if it is able to find anything else.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Please post the Dr.Web Cureit log in your next reply.

#21
PhilipW97

Posted 15 May 2009 - 03:14 PM

Member

Topic Starter
Member
147 posts

Hi Jimmy,

I downloaded Dr.Web and started running it. The Express scan ran through and produced a No Viruses Found result. I then set it off on a compete scan, where it reported that Combo fix was a virus problem and then found two examples of Trojan 142 on my C drive. I left it running and came back to find an awj4, or similar, I didn't think to write it down, has encountered a problem and needs to close message. I selected notify MS and when that completed Dr.Web closed. When I started it again, there was nothing saved to send to you.

I am now running it again, Express Scan has finished without finding anything and I am now setting it off on Complete Scan again. I will leave it on overnight and come back to you tomorrow.

Philip

#22
Jimmy2012

Posted 16 May 2009 - 12:14 AM

Trusted Helper

Retired Staff
6,238 posts

#23
PhilipW97

Posted 16 May 2009 - 04:04 AM

Member

Topic Starter
Member
147 posts

Hi Jimmy,

It did it again! Only this time, I thought to take a screen shot, which I attach. I think it failed at approximately the same point as last night and at the time it was scanning a back up copy that I no longer need of AdAware Personal on my external K Drive, which is basically long term storage and backup, so I have removed that bit of software and will try scanning again when I have finished today's work.

Dr.Web_problem.doc 126KB 11 downloads

Regards,

Philip

#24
PhilipW97

Posted 16 May 2009 - 01:01 PM

Member

Topic Starter
Member
147 posts

Once again, hi Jimmy,

Well it did it again, but on a different object this time, albeit about the same place! Screenshot attached.

Dr.Web_problem_2.doc 125KB 11 downloads

Regards,

Philip

#25
Jimmy2012

Posted 17 May 2009 - 11:41 PM

Trusted Helper

Retired Staff
6,238 posts

Hello PhilipW97,

Could you please give me a update on your computer, all problems you are still having?

#26
PhilipW97

Posted 18 May 2009 - 02:15 AM

Member

Topic Starter
Member
147 posts

Hi Jimmy,

I am still getting things like, I try to get into Control Panel or My Documents and it appears that I can't then 10 mins or so later it pops up. Also. I was running Diskeeper Lite yesterday and it started a defrag and then hung overnight. It also reports that there is an Autocheck run scheduled for Disk K and that it can't check that disk until this is complete. Could this be tied in with the lsdelete not found, Autocheck... splash screen at startup?

Otherwise it seems to be behaving itself quite well. The occurrences of Page load error seem to be related to when my ISP is busiest and now that we have the network running again we are seing the same things on my wife's PC and my laptop. (My ISP had a problem that they said was caused by my machine, but in the end they found a problem with their server and Netgear WiFi routers v7, which mine is!)

Regards,

Philip

#27
Jimmy2012

Posted 19 May 2009 - 12:59 PM

Trusted Helper

Retired Staff
6,238 posts

Hello PhilipW97,

Could this be tied in with the lsdelete not found, Autocheck... splash screen at startup?

It could, not sure yet. Please try the following and see if anything changes.

Please open OTListIt2.exe
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:OTLI
O34 - HKLM BootExecute: (lsdelete) - File not found

:Commands
[purity]
[emptytemp]
[reboot]
```
Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste.
Click the Run Fix button.
Let the program run until it is finished, reboot when it is done.
It will produce a log for you on reboot, please post that log in your next reply.

#28
PhilipW97

Posted 20 May 2009 - 03:59 AM

Member

Topic Starter
Member
147 posts

Hi Jimmy,

Here is the requested Log:

========== OTLISTIT ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:lsdelete deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temp\etilqs_fyWWtb9UFjKnBQ9EWs7Y scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temp\etilqs_w6sV9Iztr67Mi993Qrvq scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temp\etilqs_zAffiX0AHS8UuixJz30W scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temp\WCESMgr.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temp\~DF99B0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.Word\~WRF{73FD6B80-BBCA-4B3D-9555-51960F5AAED7}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.Word\~WRS{305946B1-4B75-4996-B1B7-7F63EC163A66}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.Word\~WRS{438A31B0-CC61-4936-AE28-9A7F04E2B2ED}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.IE5\YLYZ0IGT\index[9].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_fe8.dat scheduled to be deleted on reboot.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_680.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 05202009_114841

Files moved on Reboot...
File C:\Documents and Settings\Philip\Local Settings\Temp\etilqs_fyWWtb9UFjKnBQ9EWs7Y not found!
File C:\Documents and Settings\Philip\Local Settings\Temp\etilqs_w6sV9Iztr67Mi993Qrvq not found!
File C:\Documents and Settings\Philip\Local Settings\Temp\etilqs_zAffiX0AHS8UuixJz30W not found!
C:\Documents and Settings\Philip\Local Settings\Temp\WCESLog.log moved successfully.
C:\Documents and Settings\Philip\Local Settings\Temp\WCESMgr.log moved successfully.
File C:\Documents and Settings\Philip\Local Settings\Temp\~DF99B0.tmp not found!
C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.Word\~WRF{73FD6B80-BBCA-4B3D-9555-51960F5AAED7}.tmp moved successfully.
File C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.Word\~WRS{305946B1-4B75-4996-B1B7-7F63EC163A66}.tmp not found!
File C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.Word\~WRS{438A31B0-CC61-4936-AE28-9A7F04E2B2ED}.tmp not found!
C:\Documents and Settings\Philip\Local Settings\Temporary Internet Files\Content.IE5\YLYZ0IGT\index[9].htm moved successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_fe8.dat not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_680.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat not found!
C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwt9q5o0.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

I will wait and see what happens...

Philip

#29
PhilipW97

Posted 20 May 2009 - 08:36 AM

Member

Topic Starter
Member
147 posts

Hi Jimmy,

Well the lsdelete splash screen has gone and the PC seems to be running OK, except that Diskeeper Lite keeps telling me that a CHKDSK scan is scheduled for my L Drive and this will be done at next system start and that Diskeeper cannot defrag the drive until this has been cpmpleted. I tried restarting twice and the drive made some noises like it was trying to run and then went back to standby. I could access it normally, so have initiated a full CHKDSK scan manually and that is still running. I am off out now and will send you an update tomorrow.

Regards,

Philip