I have scanned with all my programs probably half a dozen times. I had nowhere else to turn, so I followed essexboy’s stick and have attached my OTS log.
I hope I can get some help here as I am losing my mind over this one
I have scanned with all my programs probably half a dozen times. I had nowhere else to turn, so I followed essexboy’s stick and have attached my OTS log.
I hope I can get some help here as I am losing my mind over this one
Scanned with aswMBR, here is the log you requested
P.S. Thanks for getting on this so quick!
aswMBR log looks clean to me…
so i leave this to Essexboy…
i will send him a PM. He is usually in here 08:00pm - 11:59pm uk time
Your expediatory demeanor is much appreciated!
I look forward to the next response.
It is trying to redirect me to: 64.111.211.172
Yes this is ISPrime and if you do a forum search for that you will see many such topics and will require the analysis of your OTS log and a fix compiled for your specific system. Fixes are unique to each system and not interchangeable.
So unfortunately that means waiting a while for a malware removal specialist, a.k.a. essexboy, etc.
Hi let me know if this resolves the problem
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\"XMLHTTP_UUID_Default" -> 53 51 DA 04 6D B3 CC 42 8B 53 20 50 BA F4 7D 5B [binary data]
YN -> HKEY_CURRENT_USER\: "ProxyEnable" -> 1
YN -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:52970
< FireFox Extensions [User Folders] > ->
YY -> XUL Cache -> C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\n05z9378.default\extensions\{827c634a-404a-4a6a-be8f-9d64b65d0d27}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {04DA5153-B36D-42CC-8B53-2050BAF47D5b} [HKLM] -> [Reg Error: Value error.]
YN -> {D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> [Ask.com Toolbar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> [Ask.com Toolbar]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{13C1DBF6-7535-495c-91F6-8C13714ED485}" [HKLM] -> [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> 1515175373 -> C:\WINDOWS\System32\1515175373
[File - Lop Check]
NY -> .# -> C:\Documents and Settings\Master\Application Data\.#
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
I did as you requested. Here is the log:
All Processes Killed
[Registry - Safe List]
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer deleted successfully.
C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\n05z9378.default\extensions{827c634a-404a-4a6a-be8f-9d64b65d0d27}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\n05z9378.default\extensions{827c634a-404a-4a6a-be8f-9d64b65d0d27}\defaults folder moved successfully.
C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\n05z9378.default\extensions{827c634a-404a-4a6a-be8f-9d64b65d0d27}\chrome folder moved successfully.
C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\n05z9378.default\extensions{827c634a-404a-4a6a-be8f-9d64b65d0d27} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{04DA5153-B36D-42CC-8B53-2050BAF47D5b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{04DA5153-B36D-42CC-8B53-2050BAF47D5b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{13C1DBF6-7535-495c-91F6-8C13714ED485} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{13C1DBF6-7535-495c-91F6-8C13714ED485}\ not found.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\System32\1515175373 moved successfully.
[File - Lop Check]
C:\Documents and Settings\Master\Application Data.# folder moved successfully.
[Empty Temp Folders]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Master
->Temp folder emptied: 702938 bytes
->Temporary Internet Files folder emptied: 118385 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44243259 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1081 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 123198 bytes
Total Files Cleaned = 43.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: Master
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07212011_150950
Files\Folders moved on Reboot…
File move failed. C:\WINDOWS\temp_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot…
Everything seems good so far, thanks for the help!
If it makes another appearance I’ll be back.
hi i have the same prob as the above user can i use this fix or is all fixes diff i have tried malawarebytes/avast 6 free/tdsskiller all to no avail i have posted my log below hope you can help
No, you shouldn’t. You need to start your own topic and place your own logs there. BTW, you MBR looks clean so it it worth to attach log of OTS.
thanks will do that