I seem to have picked up a nasty bug somewhere. Avast is cranking out alerts every 15 seconds or so from explorer.exe. Avast doesn’t pick anything up in scans and neither does Malwarebytes so any help is appreciated.
also attach aswMBR log?
Malwarebytes was not updated when you did the scan!
malware removers are notified. it may take hours before one arrive so be patient
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
[2011/12/13 12:32:28 | 000,010,858 | --S- | C] () -- C:\Users\Bison\AppData\Local\277271h6v746o542y228t0dio2s3
[2011/12/09 13:35:31 | 000,010,110 | ---- | C] () -- C:\Users\Bison\AppData\Local\l4mp08n1tm5clc
[2011/12/09 13:35:31 | 000,010,110 | ---- | C] () -- C:\ProgramData\l4mp08n1tm5clc
:Reg
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-3453149310-1416415931-1673008695-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
[*] Download RogueKiller and save it on your desktop.
NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan
https://dl.dropbox.com/u/73555776/RKScan.GIF
[]Wait for the end of the scan.
[] The report has been created on the desktop.
thanks for the timely response, I appreciate the help. I wasn’t able to get aswMBR to run at all earlier which is why there was no log. I ran the scans but avast is still giving me alerts. Here are the new logs you asked for.
It seems as though Roguekiller has problems reading LL2
Do you have a usb drive handy ?
Download the following three programmes to your desktop :
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
http://dl.dropbox.com/u/73555776/wintoboot.JPG
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
http://dl.dropbox.com/u/73555776/usb%20progress.JPG
It will let you know when it is done
Then copy Listparts64 to the same USB
http://dl.dropbox.com/u/73555776/frstwintoboot.JPG
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7.
Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Select your operating system
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\Listparts.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
https://dl.dropbox.com/u/73555776/listparts.GIF
Press Scan button.
It will make a log (results.txt) on the flash drive. Please copy and paste it to your reply.
I downloaded all three files, however when running WiNTBootIc, I get a “Flashing Failed” error. Tried running it on another computer with both a 15G and 4G flash drive to no avail.
OK do you have the option “repair my computer” when you reboot to the safe mode menu ?
Reboot the computer then press and hold F8
Can you burn a CD ?
Yes, I do have the “repair your computer” option, and I am able to burn a cd.
OK copy listparts64 to a USB stick
Reboot to Safe mode menu and select repair my computer
Select command prompt
Insert the USB with listparts64
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\Listparts.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
https://dl.dropbox.com/u/73555776/listparts.GIF
Press Scan button.
It will make a log (results.txt) on the flash drive. Please copy and paste it to your reply.
Tried the “repair your computer” option, but every time I hit it the computer goes to a black screen and then hangs there.
OK we will burn the ISO you have downloaded to a CD
To do this you will need a burning software that will make it bootable, if you do not have one then download ImgBurn http://www.filehippo.com/download_imgburn/
And use that to burn the CD
http://www.imgburn.com/index.php?act=screenshots
You need the write image file to disc option
Then boot from the CD and follow the previous instructions from
When you reboot you will see this although yours will say windows 7.
Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Followed your instructions, however, my operating system was not listed after loading the boot cd. I hit next and ran Listparts anyway. Starting to think I have bigger problems than i thought here.
OK it is a malware partition. I will now delete it and set the system partition as active
If after running this fix the system fails to boot then run the recovery console
Select Startup repair, this will reset the boot sequence if needed
Download the attached fix.txt to the same USB as listparts
Run listparts as before except this time select Fix
Once it has completed reboot the computer and run aswMBR
No more alerts, that may have done the trick. You sir, deserve many internets this day. ;D Gonna post the log for that last aswMBR scan, which was I was able to run this time without a problem. Just looking for the all clear from you before I uncork the champagne.
Nice ;D Any outstanding problems before I remove my rubbish ?
None so far, my pc is looking pretty good now. But before I go, any advice on how I can avoid viruses like this that activate out of my temp folder?
I would suggest that you get into the habit of clearing cache folders and temp folders fairly frequently
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [resethosts] [emptytemp] [Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
[] Go to this site and click Do I have Java
[] It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe