Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect [Closed]

Started by busdrvr64 , May 28 2010 06:22 PM

  • This topic is locked This topic is locked

#31
busdrvr64
Posted 05 June 2010 - 02:41 AM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Here is the log
OTL logfile created on: 6/5/2010 4:35:36 AM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = c:\Users\new user\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 380.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.22 Gb Free Space | 59.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEWUSER-PC
Current User Name: new user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - c:\Users\new user\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)


========== Modules (SafeList) ==========

MOD - c:\Users\new user\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvrd32) -- C:\Windows\system32\DRIVERS\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce™ -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 CD 55 17 45 FB C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/05/30 09:55:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Sound Card Driver] C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [VQLH] File not found
O4 - Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/05 04:31:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/02 20:31:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/02 20:31:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/02 20:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/30 11:32:05 | 000,093,056 | ---- | C] (GMER) -- C:\kwldyfog.sys
[2010/05/30 09:58:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/30 09:58:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/30 09:58:45 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\temp
[2010/05/30 09:43:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/30 09:43:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/30 09:43:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/30 09:42:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/30 09:35:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/30 09:27:18 | 000,000,000 | ---D | C] -- C:\Users\new user\Desktop\GooredFix Backups
[2010/05/30 09:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/28 21:05:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/28 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Malwarebytes
[2010/05/28 19:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/30 20:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/30 20:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/26 05:10:35 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Avira
[2010/03/25 06:10:19 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/03/25 06:10:19 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

========== Files - Modified Within 90 Days ==========

[2010/06/05 04:38:54 | 001,835,008 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT
[2010/06/05 04:33:18 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/05 04:33:18 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/05 04:33:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/05 04:33:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/05 04:32:57 | 1002,983,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/05 04:32:26 | 000,524,288 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 04:32:26 | 000,065,536 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/06/04 19:27:40 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AFA7A386-982A-402B-A456-4FDB6DBE79EE}.job
[2010/06/04 06:28:42 | 001,121,931 | -H-- | M] () -- C:\Users\new user\AppData\Local\IconCache.db
[2010/06/03 06:23:02 | 000,000,273 | ---- | M] () -- C:\Windows\winhelp.ini
[2010/06/02 20:31:27 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 12:20:44 | 000,000,680 | ---- | M] () -- C:\Users\new user\AppData\Local\d3d9caps.dat
[2010/05/30 16:22:57 | 000,000,445 | ---- | M] () -- C:\Users\new user\Desktop\gmer - Shortcut.lnk
[2010/05/30 11:32:05 | 000,093,056 | ---- | M] (GMER) -- C:\kwldyfog.sys
[2010/05/30 09:55:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/30 09:55:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/30 09:41:47 | 000,000,569 | ---- | M] () -- C:\Users\new user\Desktop\ComboFix.exe - Shortcut.lnk
[2010/05/30 09:26:20 | 000,000,733 | ---- | M] () -- C:\Users\new user\Desktop\NTREGOPT.lnk
[2010/05/30 09:26:20 | 000,000,714 | ---- | M] () -- C:\Users\new user\Desktop\ERUNT.lnk
[2010/05/27 18:41:02 | 000,001,670 | ---- | M] () -- C:\Users\new user\Desktop\CCleaner.lnk
[2010/05/27 16:14:05 | 000,085,504 | RHS- | M] () -- C:\Users\new user\AppData\Roaming\comreply.dll
[2010/05/02 05:46:38 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/02 05:46:38 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/02 05:46:38 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 14:59:33 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/16 05:30:02 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/30 09:20:18 | 001,310,720 | -HS- | M] () -- C:\Users\new user\ntuser.dat_previous

========== Files Created - No Company Name ==========

[2010/06/02 20:31:27 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:01:31 | 1002,983,424 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/31 07:34:20 | 000,000,680 | ---- | C] () -- C:\Users\new user\AppData\Local\d3d9caps.dat
[2010/05/30 16:22:57 | 000,000,445 | ---- | C] () -- C:\Users\new user\Desktop\gmer - Shortcut.lnk
[2010/05/30 13:34:10 | 000,000,273 | ---- | C] () -- C:\Windows\winhelp.ini
[2010/05/30 09:43:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/30 09:43:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/30 09:43:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/30 09:43:22 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/30 09:43:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/30 09:41:47 | 000,000,569 | ---- | C] () -- C:\Users\new user\Desktop\ComboFix.exe - Shortcut.lnk
[2010/05/30 09:17:14 | 000,000,733 | ---- | C] () -- C:\Users\new user\Desktop\NTREGOPT.lnk
[2010/05/30 09:17:14 | 000,000,714 | ---- | C] () -- C:\Users\new user\Desktop\ERUNT.lnk
[2010/05/27 16:14:05 | 000,085,504 | RHS- | C] () -- C:\Users\new user\AppData\Roaming\comreply.dll
[2009/11/05 18:22:34 | 000,001,732 | ---- | C] () -- C:\Windows\hpdj3840.ini
[2009/07/16 15:12:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/04/25 21:33:32 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/20 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\PeerNetworking
[2009/04/21 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\Southwest Airlines
[2010/06/05 04:31:23 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/04 19:27:40 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AFA7A386-982A-402B-A456-4FDB6DBE79EE}.job

========== Purity Check ==========
  • 0

Advertisements

#32
Rorschach112
Posted 05 June 2010 - 05:53 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/05/30 11:32:05 | 000,093,056 | ---- | C] (GMER) -- C:\kwldyfog.sys

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#33
busdrvr64
Posted 05 June 2010 - 05:01 PM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
I still have it.
  • 0

#34
busdrvr64
Posted 05 June 2010 - 05:04 PM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
I put in google search "cheap caribbean" and this is what I got,






Top Resources for carribean


Best Caribbean Island
Save 50% Off All Inclusive Resorts. Sale Ends Soon, Book Caribbean Now
BookIt.com/Caribbean


Saint Martin Has It All
From stupendous beaches to nightlife, Caribbean tourism at its best.
us.franceguide.com


Bimini Bay Resort & Marina
Luxury Resort in the Bahamas. Hotel and Real Estate opportunities.
www.biminibayresort.com


Hilton Caribbean Hotels
Outstanding Caribbean Resorts. Relax In Luxury at Hilton Hotels.
www.HiltonCaribbean.com/


Caribbean Dining
Search Our Restaurants Listings For Local Caribbean Diners & Delivery.
yellowpages.com


West Carribean Cruises
Stop surfing and go cruising. Great deals on West Caribbean cruises.
www.smartcruiser.com


Shopping categories :

Bronzer
General Literature & Fiction
Import International Music












Privacy Policy | Terms & Conditions | contact us | Trademark Issue


Copyright © 2002-2010 ValueClick Brands. All Rights Reserved.
  • 0

#35
Rorschach112
Posted 05 June 2010 - 05:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
they all look like proper results from googling that term...


do you get redirected ?
  • 0

#36
busdrvr64
Posted 05 June 2010 - 08:23 PM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
yes i did. I directed to that page and not cheap caribbean.com

Edited by busdrvr64, 05 June 2010 - 08:24 PM.

  • 0

#37
Rorschach112
Posted 06 June 2010 - 06:26 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

  • 0

#38
busdrvr64
Posted 07 June 2010 - 03:51 PM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Again, that looks like the key logger. But here it is.
KY ONLINE SCANNER 7.0: scan report
Thursday, June 3, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 02, 2010 18:33:27
Records in database: 4196936
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 133359
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:34:19


File name / Threat / Threats count
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.l 1
C:\Users\new user\Music\microsoft.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.l 1

Selected area has been scanned.
  • 0

#39
busdrvr64
Posted 07 June 2010 - 03:53 PM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
I dont know if this is anything. But I tried to get into my documents and it says Not accessible, access is denied. Dont know why.
  • 0

#40
busdrvr64
Posted 07 June 2010 - 03:54 PM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
What is this?
[.ShellClassInfo]
LocalizedResourceName=@%windir%\System32\ieframe.dll,-12385
  • 0

Advertisements

#41
busdrvr64
Posted 07 June 2010 - 03:57 PM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
I am not able to get into alot of stuff. Access is denied on all of it.
  • 0

#42
Rorschach112
Posted 07 June 2010 - 04:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do the instructions in my above post please
  • 0

#43
busdrvr64
Posted 07 June 2010 - 06:10 PM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
I thought I did. I ran it with the custom scan pasted from the other forum. You want me to run it with out the special instructions? Oh I see what I did. I will run it now.

Edited by busdrvr64, 07 June 2010 - 06:12 PM.

  • 0

#44
busdrvr64
Posted 08 June 2010 - 02:09 AM

busdrvr64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
I dont think I dl the file right. I can get it to save the report. I have a "file" on the desktop not a symbol for tdds. Is that right?
  • 0

#45
Rorschach112
Posted 08 June 2010 - 08:06 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
what other forum are you referring to
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP