I'm not sure if its configuration or infection

Fiery

Level 1
Jan 11, 2011
2,007
For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    hs_err_pid280
     hs_err_pid4032
     hs_err_pid6808
     hs_err_pid7600
     hs_err_pid8088
     temp.res
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
Hi,
done that see attached

Fiery said:
For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    hs_err_pid280
     hs_err_pid4032
     hs_err_pid6808
     hs_err_pid7600
     hs_err_pid8088
     temp.res
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 

Attachments

  • SystemLook.txt
    938 bytes · Views: 75

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
Broke the OTL into 4 and posted these

http://pastebin.com/xwc8fmhE - Canamalar-1-OTL2
http://pastebin.com/bTNemMnA - Canamalar-2-OTL2
http://pastebin.com/ucXcJTNz - Canamalar-OTL2
http://pastebin.com/nSazF4Xr - Canamalar-OTL2




canamalar said:
Hi,
done that see attached

Fiery said:
For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    hs_err_pid280
     hs_err_pid4032
     hs_err_pid6808
     hs_err_pid7600
     hs_err_pid8088
     temp.res
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

It seems the OTL fix didn't worked. You need to press Run fix

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109220&tt=201112_1849_4712_4&babsrc=SP_ss&mntrId=00be2c1d000000000000001b77bee5b2
[2011/04/04 02:17:07 | 000,011,730 | -HS- | C] () -- C:\Users\sony\AppData\Local\j638u7q3443b5j
[2011/04/04 02:17:07 | 000,011,730 | -HS- | C] () -- C:\ProgramData\j638u7q3443b5j
[2012/11/24 16:40:40 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\Babylon

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
what should the settings in OTL be, its all "use safe list" except "extra registry" which us set to "none"
file age - 30 days in the drop down
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
During the reboot I got a "mo bootable partition in the table" message

Where will I find the OTL report, it never saved to the desktop





Fiery said:
Hi,

It seems the OTL fix didn't worked. You need to press Run fix

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109220&tt=201112_1849_4712_4&babsrc=SP_ss&mntrId=00be2c1d000000000000001b77bee5b2
[2011/04/04 02:17:07 | 000,011,730 | -HS- | C] () -- C:\Users\sony\AppData\Local\j638u7q3443b5j
[2011/04/04 02:17:07 | 000,011,730 | -HS- | C] () -- C:\ProgramData\j638u7q3443b5j
[2012/11/24 16:40:40 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\Babylon

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
canamalar said:
During the reboot I got a "mo bootable partition in the table" message

Where will I find the OTL report, it never saved to the desktop





Fiery said:
Hi,

It seems the OTL fix didn't worked. You need to press Run fix

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109220&tt=201112_1849_4712_4&babsrc=SP_ss&mntrId=00be2c1d000000000000001b77bee5b2
[2011/04/04 02:17:07 | 000,011,730 | -HS- | C] () -- C:\Users\sony\AppData\Local\j638u7q3443b5j
[2011/04/04 02:17:07 | 000,011,730 | -HS- | C] () -- C:\ProgramData\j638u7q3443b5j
[2012/11/24 16:40:40 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\Babylon

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
rebooted and report opened but still not saved, have it opened

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
File C:\Users\sony\AppData\Local\j638u7q3443b5j not found.
File C:\ProgramData\j638u7q3443b5j not found.
Folder C:\Users\sony\AppData\Roaming\Babylon\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\sony\Desktop\Fix\cmd.bat deleted successfully.
C:\Users\sony\Desktop\Fix\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

User: sony
->Temp folder emptied: 31832 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 535344 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 04232013_230117

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000011A6E2DC7575BDFDD not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Fiery

Level 1
Jan 11, 2011
2,007
Ok. How is everything now

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
no option to quit microsoft essentials

Fiery said:
Ok. How is everything now

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
Hi,
I ran the app, file attached, then wasnt sure if you wanted me to let it remove the file, so i've left it.

canamalar said:
no option to quit microsoft essentials

Fiery said:
Ok. How is everything now

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

Attachments

  • scan.txt
    75 bytes · Views: 93

Fiery

Level 1
Jan 11, 2011
2,007
That is fine, the steps below will delete the quarantined item in Roguekiller.

If you are no longer experiencing any other issues, your PC appears to be clean!

Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall




Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For Vista
Create a restore point
Delete all but the most recent restore point




Keep your system updated
Please go to control panel and uninstall the following:

Java(TM) 6 Update 21
Adobe Reader 9.5.4


Delete older Java version from your computer by downloading JavaRa
  • Run JavaRa.exe, then click Remove JRE.
  • Let the tool run
  • Once it finishes, close JavaRa

Currently, the following programs on your PC are outdated:
  • Java - Update Java here
  • Adobe reader - Update Adobe Reader here
Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:
  • Download and install Update Checker. It will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here


Other steps that you may want to do to further protect your system/files:
  • Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
  • Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
Hi
thanks for all your help, just a couple more questions.

my fingerprint reading security has been corrupted and no longer works, three error messages appeared on reboot

Fingerprint sofrware error
(rpnpipe:rpnpipe:no-sw(00000001provmgrserver))
(provider:srv-proc-not-rdy)
(upeksw:provider:eek:pn-evnt-fld)

has the file found by ESET been removed (remember I never used the ESET tool to remove it)

I went into programs and features to remove the AdwCleaner and cant find the program, however I do have ESET online scanner v2.

is there any way I can remove windows internet explorer when I replace it.
when I do replace internet explorer will all my stored passwords also be removed and is there any way I can transfer them, as some ar so old I have forgotten them and rely on this.


Fiery said:
That is fine, the steps below will delete the quarantined item in Roguekiller.

If you are no longer experiencing any other issues, your PC appears to be clean!

Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall




Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For Vista
Create a restore point
Delete all but the most recent restore point




Keep your system updated
Please go to control panel and uninstall the following:

Java(TM) 6 Update 21
Adobe Reader 9.5.4


Delete older Java version from your computer by downloading JavaRa
  • Run JavaRa.exe, then click Remove JRE.
  • Let the tool run
  • Once it finishes, close JavaRa

Currently, the following programs on your PC are outdated:
  • Java - Update Java here
  • Adobe reader - Update Adobe Reader here
Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:
  • Download and install Update Checker. It will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here


Other steps that you may want to do to further protect your system/files:
  • Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
  • Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.





 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
after I loaded the new java updater a pdf to word converter I had previously installed (Doxillon) opened up.
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

my fingerprint reading security has been corrupted and no longer works, three error messages appeared on reboot

According to the Sony website,

"If you have fingerprint recognition, please go to the drivers folder and open the Fingerprint driver folder and run the Setup file."

If that doesn't work, the driver can be found here: http://www.sony.co.uk/support/en/product/VGN-TZ21WN_B/updates

has the file found by ESET been removed (remember I never used the ESET tool to remove it)

That file is fine :)

I went into programs and features to remove the AdwCleaner and cant find the program, however I do have ESET online scanner v2.

You can Uninstall ESET. To uninstall adwcleaner, you have to open the adwCleaner .exe file and it will have an option to Uninstall.

is there any way I can remove windows internet explorer when I replace it.
when I do replace internet explorer will all my stored passwords also be removed and is there any way I can transfer them, as some ar so old I have forgotten them and rely on this.

I don't think you can "remove" Internet explorer, just don't use it. If you download Firefox or Chrome, the passwords will remain saved in Internet Explorer
 

canamalar

New Member
Thread author
Verified
Apr 22, 2013
80
Thanks for all your help it has been a real pleasure, I have thoroughly enjoyed the experience,come payday I will be donating.

I noticed sandboxie slows down the web browser a fair bit, is there anything faster ?

My next excursion into the world of computer control systems will be to stop processes which I will not use, as I understand this will further speed up the response time.
Can you recommend a site or wiz kid who could help me do this safely.



Fiery said:
Hi,

my fingerprint reading security has been corrupted and no longer works, three error messages appeared on reboot

According to the Sony website,

"If you have fingerprint recognition, please go to the drivers folder and open the Fingerprint driver folder and run the Setup file."

If that doesn't work, the driver can be found here: http://www.sony.co.uk/support/en/product/VGN-TZ21WN_B/updates

has the file found by ESET been removed (remember I never used the ESET tool to remove it)

That file is fine :)

I went into programs and features to remove the AdwCleaner and cant find the program, however I do have ESET online scanner v2.

You can Uninstall ESET. To uninstall adwcleaner, you have to open the adwCleaner .exe file and it will have an option to Uninstall.

is there any way I can remove windows internet explorer when I replace it.
when I do replace internet explorer will all my stored passwords also be removed and is there any way I can transfer them, as some ar so old I have forgotten them and rely on this.

I don't think you can "remove" Internet explorer, just don't use it. If you download Firefox or Chrome, the passwords will remain saved in Internet Explorer
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top