Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Updates Fail, Firefox won't connect, IE does, but redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 10th, 2011, 10:56 am

Hi Cypher,

I ran junc.bat. The command prompt window popped up and it just stayed on the screen. I couldn't type in the box. It was just open. So, I tried running OTL again and then junc.bat. Same error from junc.bat. I attached the OTL log and junc log.

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3513781084-200415242-206230267-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" removed from browser.search.defaulturl
Prefs.js: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry key HKEY_USERS\S-1-5-21-3513781084-200415242-206230267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\secureserver.net\email\ not found.
Registry value HKEY_USERS\S-1-5-21-3513781084-200415242-206230267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Starting removal of ActiveX control Web-Based Email Tools
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File C:\Windows\tasks\RegCure Program Check.job not found.
File C:\Windows\tasks\RegCure.job not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayTrayManager\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ceb365-4de2-11dd-88bb-001d609c520a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80ceb365-4de2-11dd-88bb-001d609c520a}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e52ebc9d-4037-11de-a988-001d609c520a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e52ebc9d-4037-11de-a988-001d609c520a}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f26fe9d4-cb34-11dc-bf67-001d609c520a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f26fe9d4-cb34-11dc-bf67-001d609c520a}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f26fe9d5-cb34-11dc-bf67-001d609c520a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f26fe9d5-cb34-11dc-bf67-001d609c520a}\ not found.
========== FILES ==========
File\Folder c:\users\joylynn\BITE4F2.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\joylynn\Desktop\cmd.bat deleted successfully.
C:\Users\joylynn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: joylynn
->Flash cache emptied: 3192 bytes

User: LogMeInRemoteUser

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: joylynn
->Temp folder emptied: 110451 bytes
->Temporary Internet Files folder emptied: 73531252 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7183949 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33560 bytes
RecycleBin emptied: 157397 bytes

Total Files Cleaned = 77.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: joylynn
->Java cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.31.0 log created on 11102011_064018

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

..
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm
Advertisement
Register to Remove

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 10th, 2011, 12:23 pm

Hi rjmc,
Please delete the copy of ComboFix on your desktop if it's still there, then download a fresh copy from Here
Now disable your AV as you did previously and run ComboFix again.
Post the resulting ComboFix.txt in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 11th, 2011, 9:48 am

Hi Cypher,

Thanks for all your help. So, I deleted the old ComboFix and downloaded the new one via the link. When I run it, it gets stuck on this file. C:\32788R22FWJFW\handle.XE. My options are to Abort, Retry or Ignore. Retry wouldn't work, so I ignored it. It continues extracting and then at the end before the window disappears, it says something about outputing 32788R22FWJFW. In the C: drive there's no ComboFix log, but there is a file named 32788R22FWJFW. I didn't click it, but when I highlight it, it says the file "shows the disk drives and hardware connected to this computer."

rjmc
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 11th, 2011, 12:24 pm

Hi rjmc,
Thanks for all your help.

You're welcome.
Boot into safe mode then try running ComboFix again, if successful post the log in your next reply.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 14th, 2011, 1:24 am

Hi Cypher,

I booted in safe mode and ran ComboFix. It said I was infected with Rootkit.ZeroAccess. After it was done, pc rebooted normally and this window popped up. It was a window with all this text. It said, "An unauthorized change was made to windows. Error OxC004D301. Security processor reported that the trusted data store was tampered. Windows has discovered a change that will result in limited windows functionality. Ust the link below to find out how to fix Windows." I closed the screen and searched for the ComboFix log file. I didn't find one in C:/, but there was a ComboFix folder.

I ran ComboFix again like it told me to when I ran it in Safe Mode. It got stuck on this file. C:\32788R22FWJFW\pev.3xe. Same options as before, but before I could do anything a command prompt window popped up. It continued to run in the background and this is what it said. It never finished scanning. It got hung up after this.

This is was it said in ComboFix Command Prompt Window:
SED: can't read profiles.folder.dat: No such file or directory
SED: can't read appdata.folder.dat: No such file or directory
SED: can't read appdata.folder.dat: No such file or directory
The system cannot find the file AppData.folder.dat.
The system cannot find the file Desktop.folder. dat.
The system cannot find the file Favorites.folder.dat.
The system cannot find the file LocalAppdata.folder.dat.
The system cannot find the file LocalSettings.folder.dat,
The system cannot find the file Personal. folder.dat.
The system cannot find the file Profiles.folder.dat.
The system cannot find the file Programs.folder.dat.
The system cannot find the file StartMenu.folder.dat.
The system cannot find the file StartUp.folder.dat.
The system cannot find the file Templates.folder.dat.
The system cannot find the file LocalAppData.folder.dat.
grep: srizbi.md5: No such file or directory
SED: can't read LocalAppData.folder.dat: No such file or directory
SED: can't read appdata.folder.dat: No such file or directory
SED: can't read Profiles.folder.dat: No such file or directory
SED: can't read Desktop.folder.dat: No such file or directory
SED: can't read Startup.folder.dat: No such file or directory

I closed all the windows to see how the pc was running. I can't open control panels. This was the last thing that popped up on the screen. (see below)

WIndows Activation
Activate Windows now
Your activation period has expired. You must activate Windows to continue using all Windows features.

Activate Windows online now
Buy a new product key
Retype your product key
Show me other ways to activate

I don't know if that's a virus, so I just closed the window. Any ideas?

Thanks,
rjmc
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 14th, 2011, 7:22 am

Hi rjmc,
Do you have the vista installation disk that came with your computer, or did Vista come pre-installed?

Lets try to get another Junction scan, if the previous junc.bat is still on your desktop delete it then do the following.

  • Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:
    @ECHO OFF
    cd c:\
    junction -s c:\>log.txt
    start log.txt
    del %0
  • Save it to your desktop as File name: junc.bat.
  • Save as type: All Files.
    Image
    junc.bat<<------------- you should see this on your desktop.
  • Right click on junc.bat and select " Run as administrator " to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.

Logs/Information to Post in your Next Reply

  • Do you have the vista installation disk?
  • junction log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 14th, 2011, 8:38 am

Hi Cypher,

I don't have the installation disk, cuz Vista came pre-installed.

junc.bat won't run either. The black window pops up and stays on the screen. Nothing happens after that. Looks like I'm screwed, huh?
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 14th, 2011, 11:56 am

Hi rjmc,
I don't have the installation disk, cuz Vista came pre-installed.

You have a HP computer does it have a Recovery Partition?
junc.bat won't run either. The black window pops up and stays on the screen. Nothing happens after that.

When the black screen pops up it may look like nothing is happening but it is scanning you computer.
How long did you wait for? the scan can take some time to run.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 15th, 2011, 4:57 am

Hi Cypher,

Yes, I do have a HP and yes it has a Recovery Partition.

When the black screen popped up, I let it sit for 6 hours and nothing changed. I can do it again tonight and let it sit all night to see if anything changes in the morning.
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 15th, 2011, 7:34 am

Hi rjmc,
When the black screen popped up, I let it sit for 6 hours and nothing changed.

No it shouldn't take that long to run, it usually takes less than 10 minutes.
Yes, I do have a HP and yes it has a Recovery Partition.

You computer is infected with the ZeroAccess Rootkit, it has the ability to protect itself by blocking all removal attempts.
My fear is by continuing to try and remove this infection, it may render your computer unbootable, this can happen.
As you have a Recovery Partition the quickest and safest option now would be to reformat your computer.
We can keep trying to remove the infection but the decision is yours.
Please let me know what you would like to do.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby rjmc » November 15th, 2011, 7:22 pm

Hi Cypher,

Reformatting seems like the best option. I've never reformatted from a Recovery Partition, can you give me instructions please?

Thanks,
rjmc
rjmc
Regular Member
 
Posts: 22
Joined: October 16th, 2011, 11:14 pm

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 16th, 2011, 6:33 am

Hi rjmc,
Reformatting seems like the best option. I've never reformatted from a Recovery Partition, can you give me instructions please?

Yes no problem it's a simple procedure.
Click Start > All Programs > Recovery Manager > then Recovery Manager again.
This should bring up the recovery options, click on System Recovery to restore your computer to it's original factory state.
You can also find instructions by clicking Here

If you have any other questions feel free to ask.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Updates Fail, Firefox won't connect, IE does, but redire

Unread postby Cypher » November 18th, 2011, 7:58 am

As this issue will be resolved with a reformat, and there have been no further questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware