Java trojan etc. help needed

[ziggyhd1 0]

I've been having slow down issues on Facebook only. All other websites have no problems. Today I ran a deep scan using your anti-malware and it found 20 various trojans etc. all to do with JAVA. Here are the files you have requested. I also installed the newest version of Java today.

[Kevin Zoll 309]

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O4 - HKLM..\Run: []  File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O33 - MountPoints2\K\Shell - "" = AutoRun
  O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
  [2011/03/11 08:58:26 | 000,010,896 | -HS- | C] () -- C:\ProgramData\3567006381
  [2011/03/11 08:58:26 | 000,010,888 | -HS- | C] () -- C:\Users\Ziggy\AppData\Local\3567006381 
  @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:C22674B6
  @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:94B46CA2
  @Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:C15969A6
  @Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:4673E9EA
  @Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:A745DB5D
  @Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:F7E83BDD
  @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:260575F1
  @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0AC32449
  @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A02025CE
  @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:996104FC
  @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:E1D6C864
  
  :Commands
  [Purity]
  [EmptyFlash]
  [start Explorer]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Attach the new log produced by OTL

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[ziggyhd1 0]

I did what you asked. Then I assumed (although you didn't say to) ran the OTL.exe scan again same as earlier to get log. I dsidn't see a log from what you told me to do.

Anyway, here it is. If that was wrong, then advise.

[ziggyhd1 0]

Still having same problem of Facebook being slow. Only website I have a problem with. Slow when typing comments, slow scrolling through page, very slow streaming posted videos (however when I view same video on Youtube they play fine)

I guess the easy gfix would be to stay off of FB. LOL

[Kevin Zoll 309]

The problem may very well be with facebook. What browser are you using and do you experience the same thing using a different browser?

[ziggyhd1 0]

IE8 I've never used another browser.

[Kevin Zoll 309]

Try using either FireFox or Google Chrome to surf facebook and see if there is a difference in speed. If so, then we need to take a look at what is affecting IE8.

[ziggyhd1 0]

Ok I'll try that. Should I now run another Emsisoft Anti Malware scan or did what you had me do clear up the trojans that were on my computer?

[ziggyhd1 0]

I just tried Google Chrome and FB works great. My wife and I are both reluctant to change default browsers. Is there anything we can try to fix why FB isn't working on IE8?

[Kevin Zoll 309]

OK, let's see if we can figure out what is going on.

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

---

Attach logs for:

• ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[ziggyhd1 0]

I disabled AVG, downloaded Combofix, attempted to run Combofix. Combofix window popped up and said that it could not run with AVG installed and that I had to uninstall AVG. I REALLY don't want to have to do that, if I don't have to.

I apologize, I know you're trying to help and its very appreciated.

[Kevin Zoll 309]

Unfortunately AVG interferes with ComboFix and it will have to be uninstalled in order for ComboFix to work. There are other tools I can use but none of them are as powerful and effective as ComboFix.

[ziggyhd1 0]

I uninstalled AVG. Rebooted.Attempted to run Combofix, this time it tells me again to disable AVG 2011 (hard to do when its not installed) also says to disable Adaware. I've tried several times over the last few months to get rid of Adaware as I had some problems the last time I used it. It doesn't seem to be able to be removed in its current state. I want to get my antivirus back up as soon as possible.

[Kevin Zoll 309]

You will need to delete the AVG folder.

[ziggyhd1 0]

Thanks for your help, but with my work schedule I'm going to have to wait for the weekend to try and get rid of Adaware manually and then remove AVG again, etc. to try and run Combofix again.

[Kevin Zoll 309]

OK, I'll leave this thread open until Monday evening.

[ziggyhd1 0]

Thank you.

[Kevin Zoll 309]

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, SpySentinel, or JeanInMontana to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread