Another Machine Check

Hi,

This is another machine. There one result that said I have a trojan I select ignore as was told from the readme. Attach is the logs.

 

This is the same machine with the standard account. I turn it into an admin account and did the same test. Here are the logs. This is the account that normally runs.

 

Hello Hikarusan,

Remember to run the below scans / fixes on the affected user account.

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 35

__

Delete items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now press the Delete button.
Attach the latest numbered RKreport[?].txt to your next message. (How to attach)

__

Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the text-field.

Code:

[COLOR="DarkRed"]:files[/COLOR]
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP /d
C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP /d
C:\Users\Game 2\AppData\Local\{68233d00-d565-d304-3e4d-fde54591f180} /d
C:\Windows\installer\{68233d00-d565-d304-3e4d-fde54591f180} /d
C:\Users\Game\AppData\Local\Apple Computer\Apple\ofonmws.dll /d
dir /s C:\Users\Game\AppData\Local\Apple Computer /c
[COLOR="DarkRed"]:commands[/COLOR]
[clearallrestorepoints]
[emptytemp]
[resethosts]

Now click the button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

__

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure all the options are checked
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool was run.
• Please attach FSS.txt to your next message. (How to attach)

 

Sorry, which account was I suppose to do his on, the admin account (Hikaru) or the Ghost account?

 

Do them from Hikaru

 

Hi, thank you for help.

Here are the log of the step you ask me to do. Is the Ghost account clean?

 

Not sure yet.

Please attach the Delete log from RogueKiller. You attached a Scan log.

 

I was just re-install the new Java and notice a redirect in google search. any idea?

 

I was in the process of running some more test and realize I attach the wrong roguekiller file. Here is the correct one.

 

You shouldn't be installing stuff yet as we are still trying to remove malware from your computer.

We need to be working from one user account only. Which one has the redirect issue and why did you scan using two different accounts?

 

Oh I thought I was fix by running your clean stuff. Sorry.

 

I wasn't noticing any behavior issue. I got an email from Comcast that one of my machine got a bot. So I was doing a scan of my machine. On Windows 7 I was told in the past that each account could have its own virus so I was scanning the two account on the machine.

After I apply your fix, I thought I was clean so I was en-installing Java, my bad. The Ghost account was a standard user account, but I was told in the past to scan propertly I have to make it an admin account. I did so just for the scan and then turn it back to standard.

 

Where were you redirected to? Does this consistently happen?

__

Please download Junkware Removal Tool to your desktop.

• Please save the work in your browsers before proceeding.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Double-click JRT.exe to run (Vista/7 right-click and select Run as Administrator)
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• Please ignore any and all error messages as these are normal.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Please attach JRT.txt to your next message. (See: HOW TO: Attach Items To Your Post )

 

It direct me to some other random site, usually trying to get me to buy something. It doesn't happen often, I have notice it only happen once in a long time and I can usually repro it when I reboot, but once I click on a few, it stop and I can't get it to happen again.

 

Ok, here is the file. I didn't get to it right away, sorry. Thanks again for the help.

 

It looks like JRT found an infection related to redirects in FireFox.
Can you test FireFox and let me know if you are still experiencing redirects?

 

I did about 3 restart and about 20 searches and I did not get redirected. It looks good right now, but I will continue to test throughout the day. Thanks. Should I rescan my user account now?

 

You're welcome.

• Which user account?
• With what scan?
• Are you experiencing issues on the user account you are referring to?

 

I already scanned it once, Ghost account.

 

Which user account name are you referring to? Game or Game 2?

Which issues are you currently experiencing?

 

Sorry, forgot that when you change account name it doesn't rename the user directory. Ghost is Game 2. Game one is the original account that I saw the redirect on and was told my system was clean. I haven't had a chance to delete it yet as I am still migrating files to game 2. Is it possible to fix both?

 

Scan from the alternate account (Ghost) if you want me to review those logs.