So I did a avast full scan this morning and I get 22 several results involving the Windows/Temp folder and I’m no tech guy but I do know that exe and sys files tend to not belong there.

I wasn’t able to move them to chest nor delete them do to “access denied” and “this request is not supported(50)”. So I followed that with a quick scan of the folder and nothing came up again. Did a mbam full scan, nothing came up other than a solitary malware trace, I’ll post the log for that upon request.

Did another avast full scan and still there’s no trace of what came up earlier, any possible theories?

*Note, yes I did some browsing on the forums and elsewhere on the random tmp,dll,exe,sys files popping up in the temp folder and I have yet to discover why my shady bunch disappeared. And yes I’m a newbie when it comes to this and I’ll be in awe by you magical computer men.

Hi Twistedjoke

follow this guide and attach (not copy and paste)in your next reply, the logs from malwarebytes / OTL / aswMBR

http://forum.avast.com/index.php?topic=53253.0

Anthony

So I did a avast full scan this morning and I get 22 several results involving the

Here are the pics for your own eyes to see, and the scan logs are on the way.

Hi twistedjoke,

Good job with screenshots. Help is on the way as soon as the logs requested are attached.

if you put the mouse pointer on the vertical bar in front of sverity, and dragg sideways then we can see the full file path

not 100% sure but think windows/temp/setup(number…). has to do with windows update?

Oh you mean the results on the top, those have been there for months and I never bothered to take note of them, the ones I’m talking about are the “high severity”, but hey if you think the other ones are obscure in any way I’ll post them.

Thanks in advance, the ones in the temp folder are bothering me the most. They disappeared like a ghost without me even trying to remove them past avast capabilities. aswmbr log isn’t ready yet but heres the mbam and otl log.

I’ll take any answers, any theories, anything.

Just want to know whether its just a false flag or its actually something serious and someone is pulling strings here and there

They are all in temp files so I will clear them, are you experiencing any problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110014&babsrc=KW_ss&mntrId=9ab1adcc00000000000002004c4f4f50&q=" [2012/04/30 20:51:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found O3 - HKU\S-1-5-21-595859554-3908809609-1884332420-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. [2012/01/02 12:49:40 | 000,012,020 | -HS- | C] () -- C:\Users\Laptop\AppData\Local\650dui03v850ok83s5fhc4x772250a82f7436 [2012/01/02 12:49:40 | 000,012,020 | -HS- | C] () -- C:\ProgramData\650dui03v850ok83s5fhc4x772250a82f7436

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\BabylonToolbar

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Umm well my computer seems to be having a slower response and the cursor does the loading animation quite oftenly at random even when idle. Thanks for the support I’m running otl at this very moment.

Rebooted.
Now I’m getting this error and it won’t leave, and I can’t open up the otl window to run the quick scan as you told me to.

OK there is a corruption in the master file table and you need to run a chkdisk to repair it

There are some simple directions and pictures that show you how to do it here http://www.w7forums.com/use-chkdsk-check-disk-t448.html

Thanks for the link, otl finished some process it was doing and I finally could x it out, and some other log opened up. Do you want that also along with the quick scan log?

Run the check disc first that will be the priority… The logs will stay on the desktop until done then you can attach them

Heres the quick scan log as promised.

Oops missed some Babylon… How is the computer behaving ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110014&babsrc=SP_ss&mntrId=9ab1adcc00000000000002004c4f4f50 [2012/06/28 20:15:27 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\9AB1A [2012/04/30 20:51:54 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Babylon [2011/11/13 00:13:11 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\WmmHH6ssWJfELgZ [2011/11/12 15:57:33 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\WWJJ77dEL8gRZhX [2011/11/12 15:57:31 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\XssWWK7fEL

:Files
ipconfig /flushdns /c

:Commands
[CREATERESTOREPOINT]
[Reboot]