Hi. I downloaded avast a couple of days ago and ran it. Ever since installation I have been getting the following pop-up windows every several minutes:
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log )
Essexboy will look at the log`s when he arrives here later today
Yes and no - you have a Purity infection so if you see an apparent system32 folder going do not be afraid C:\WINDOWS\s?stem32
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< HOSTS File > ([2004/04/10 12:30:34 | 000,003,233 | ---- | M] - 112 lines) -> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
YN -> Reset Hosts ->
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3944651745-3248677297-1107779084-1006\] > -> HKEY_USERS\S-1-5-21-3944651745-3248677297-1107779084-1006\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_USERS\S-1-5-21-3944651745-3248677297-1107779084-1006\] > -> HKEY_USERS\S-1-5-21-3944651745-3248677297-1107779084-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Aida" -> ["C:\WINDOWS\SSTEM3~1\taskmgr.exe" -vt yazb]
YN -> "Hiexe" -> [C:\WINDOWS\SYSTEM32\Οracle\sсanregw.exe]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3944651745-3248677297-1107779084-1006\] > -> HKEY_USERS\S-1-5-21-3944651745-3248677297-1107779084-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key error.]
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls
YN -> \\"coniTUTL" -> [C:\WINDOWS\system32\EVENaint.dll]
[Files/Folders - Modified Within 30 Days]
NY -> Pdasejuhediqad.dat -> C:\WINDOWS\Pdasejuhediqad.dat
NY -> Kdizacocuw.bin -> C:\WINDOWS\Kdizacocuw.bin
NY -> lnjd024uh5mjq03i -> C:\Documents and Settings\Robert\Local Settings\Application Data\lnjd024uh5mjq03i
NY -> lnjd024uh5mjq03i -> C:\Documents and Settings\All Users\Application Data\lnjd024uh5mjq03i
[Files - No Company Name]
NY -> Pdasejuhediqad.dat -> C:\WINDOWS\Pdasejuhediqad.dat
NY -> Kdizacocuw.bin -> C:\WINDOWS\Kdizacocuw.bin
NY -> lnjd024uh5mjq03i -> C:\Documents and Settings\Robert\Local Settings\Application Data\lnjd024uh5mjq03i
NY -> lnjd024uh5mjq03i -> C:\Documents and Settings\All Users\Application Data\lnjd024uh5mjq03i
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
thanks so much essexboy. i had to come to my office for a bit, but i will follow your instructions as soon as i get home and report the results back here for you to look at.
i’m not really following, but i guess that’s not important. what i do know is that numerous full scans with eset, malwarebytes, superantispyware, microsoft security essentials, and avast, came up clean (why would that be?). other than that borekoso blocked url warning from avast, nothing seems amiss on my computer. congratulations and thank you essexboy for uncovering what my problem is. i am now home and will follow your last set of instructions.
Essexboy, I ran the fix in OTS. It did not complete and my desktop has not returned after about 10 minutes. The last thing it said after it hung up was “creating restore point, do not interrupt” or something like that. Please advise what I should do now. Thank you.
OK if it hangs at that point then reboot, the desktop will disappear as OTS kills all processes so that files can be removed. It is normal to lose the desktop