Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect Virus - Tried the guide and failed

Started by BisonFan , Apr 29 2011 02:56 PM

  • This topic is locked This topic is locked

#1
BisonFan
Posted 29 April 2011 - 02:56 PM

BisonFan

    New Member

  • Member
  • Pip
  • 1 posts
Greetings and salutations,

We appear to have the infamous google redirect virus/malware on our small businesses primary pc. Also affected is our printing, for some reason we sometimes have to manually feed the paper for our lexmark printer, despite having the settings correct for selecting from the proper source. We are running many thousands of dollars in software that have some very complex configurations, so we would prefer not to have to reformat/start over.

I have tried the guide to remove it.

I had previously tried many other solutions asI had not found the guide when I first attempted to solve the problem.

Any help with this issue is most appreciated.

Thank you in advance,

Clint

OTL log:
OTL logfile created on: 4/29/2011 3:32:31 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 851.95 Gb Free Space | 91.47% Space Free | Partition Type: NTFS
Drive D: | 547.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 15:32:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL(1).exe
PRC - [2011/04/29 13:59:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/13 04:19:17 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/12/07 19:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 15:32:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL(1).exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (B-Service)
SRV - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/01/13 04:19:17 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/12/21 13:46:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/12/07 19:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/11/16 17:17:18 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/09/13 18:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/04/25 11:17:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/29 16:00:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/12 16:57:12 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2010/10/12 16:57:12 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/10/12 16:57:12 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/04/16 21:24:34 | 000,022,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/11/06 16:09:54 | 000,014,976 | ---- | M] (ULS, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\MVXPROBL.sys -- (MVXPRO)
DRV - [2009/08/24 12:54:46 | 000,023,808 | ---- | M] (Universal Laser Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULSPRINT.SYS -- (ULSPrint)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2008/10/20 19:23:22 | 000,154,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\CLBUDFR.sys -- (CLBUDFR)
DRV - [2008/10/20 19:23:22 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2008/10/07 15:54:16 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/04/27 08:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/04/27 08:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 36 3F BE F9 C2 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 13:59:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/27 16:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/04/27 16:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/29 13:59:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/29 15:15:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ULS Software] C:\Program Files\ULS\UlsControl.exe (Universal Laser Systems, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DD-ConsentPromptBehaviorAdmin = 5
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cabinetvision.com ([esupport] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BBF0D44D-14E6-4DB3-8211-AEF1ABA7EE84} http://esupport.cabi...ebKeyButton.CAB (WebKeyBtn Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (iders) - File not found
O30 - LSA: Security Packages - (ngs...) - File not found
O30 - LSA: Security Packages - (ecution Options\IEInstal.exe) - File not found
O30 - LSA: Security Packages - (e) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/11/06 14:04:32 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{4103aae9-5236-11df-a984-001cc0a2e691}\Shell - "" = AutoRun
O33 - MountPoints2\{4103aae9-5236-11df-a984-001cc0a2e691}\Shell\AutoRun\command - "" = D:\Decorating_with_a_Laser_Resource_CD.exe -- [2007/11/06 14:04:32 | 000,415,064 | R--- | M] (TechSmith Corporation)
O33 - MountPoints2\{bc0989a4-4fa5-11df-8629-001cc0a2e691}\Shell - "" = AutoRun
O33 - MountPoints2\{bc0989a4-4fa5-11df-8629-001cc0a2e691}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 15:22:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2011/04/29 15:19:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\GooredFix Backups
[2011/04/29 15:18:48 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Owner\Desktop\GooredFix.exe
[2011/04/29 15:15:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/29 15:13:17 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTM.exe
[2011/04/29 15:08:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/29 15:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/29 15:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/29 13:26:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Jean Hruby
[2011/04/27 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Staybridge
[2011/04/27 16:45:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2011/04/27 16:45:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2011/04/27 16:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/27 08:25:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Spy Sweeper Stuff
[2011/04/24 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Recovery
[2011/04/23 13:44:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/04/23 13:44:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/23 13:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/23 13:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/23 13:44:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/23 13:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/20 10:30:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\IM
[2011/04/20 10:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2011/04/20 10:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\IM
[2011/04/19 13:07:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\StayBridge Info
[2011/04/15 08:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/15 08:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/15 08:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/15 08:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/04/15 08:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/14 18:00:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Estimates VIP
[2011/04/11 15:59:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/04/11 15:58:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/04/11 15:53:44 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/04/11 14:34:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft Games
[2011/04/11 13:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/11 13:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/11 13:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/11 09:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/04/11 08:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/04/11 08:59:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Anti-Malware
[2011/04/06 17:58:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Blue Prints
[2011/03/31 09:15:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JE Doors & More - Images
[2010/01/29 15:18:00 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2010/01/29 15:18:00 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll

========== Files - Modified Within 30 Days ==========

[2011/04/29 15:31:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/29 15:30:57 | 2406,862,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 15:24:40 | 000,015,024 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 15:24:40 | 000,015,024 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 15:21:56 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/29 15:21:56 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 15:21:55 | 001,263,721 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2011/04/29 15:18:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Owner\Desktop\GooredFix.exe
[2011/04/29 15:15:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/29 15:13:19 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTM.exe
[2011/04/29 15:08:01 | 000,000,894 | ---- | M] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
[2011/04/29 15:08:01 | 000,000,875 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2011/04/28 08:59:38 | 008,495,104 | R--- | M] () -- C:\Users\Owner\Desktop\JE Doors & More.QBW
[2011/04/27 16:41:28 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/26 16:36:13 | 009,375,744 | R--- | M] () -- C:\Users\Owner\Desktop\john edwards construction.QBW
[2011/04/26 10:18:44 | 022,892,419 | ---- | M] () -- C:\Users\Owner\Desktop\CutOutz.psd
[2011/04/25 12:22:39 | 000,056,361 | ---- | M] () -- C:\mbr.exe
[2011/04/25 12:18:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/04/24 10:54:55 | 000,003,445 | ---- | M] () -- C:\Users\Owner\Desktop\buildingOps.spo
[2011/04/16 03:25:05 | 002,297,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/11 10:53:54 | 000,491,861 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache
[2011/04/11 10:53:40 | 000,140,459 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache
[2011/04/11 08:35:50 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2011/04/29 15:21:52 | 001,263,721 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2011/04/29 15:08:01 | 000,000,894 | ---- | C] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
[2011/04/29 15:08:01 | 000,000,875 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2011/04/27 16:41:28 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/27 16:41:27 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/26 10:18:42 | 022,892,419 | ---- | C] () -- C:\Users\Owner\Desktop\CutOutz.psd
[2011/04/25 12:24:45 | 000,056,361 | ---- | C] () -- C:\mbr.exe
[2011/04/25 12:18:49 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/04/24 10:54:55 | 000,003,445 | ---- | C] () -- C:\Users\Owner\Desktop\buildingOps.spo
[2011/04/11 15:54:48 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/04/11 15:53:22 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/04/11 15:52:55 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/04/11 10:53:54 | 000,491,861 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2011/04/11 10:53:40 | 000,140,459 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2011/04/11 08:35:50 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/09/23 12:45:16 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/09 09:33:56 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/03/13 17:20:26 | 000,110,080 | ---- | C] () -- C:\Windows\System32\xapi.dll
[2010/01/29 18:37:25 | 000,052,864 | R--- | C] () -- C:\Windows\System32\SetupWizard.exe
[2010/01/25 13:53:30 | 000,000,295 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 002,297,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/19 17:18:00 | 003,817,472 | ---- | C] () -- C:\Windows\System32\SketchUpReader.dll
[2007/07/23 00:35:10 | 000,004,282 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2002/02/27 11:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2002/02/27 11:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2002/02/27 11:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[1998/09/14 23:43:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\eztw32.dll
[1996/11/18 02:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\CO2C40EN.DLL
[1996/01/16 14:53:08 | 000,007,684 | ---- | C] () -- C:\Windows\System32\SCP.DLL
[1996/01/16 14:53:06 | 000,024,410 | ---- | C] () -- C:\Windows\System32\OLE2PROX.DLL

========== LOP Check ==========

[2011/02/05 12:48:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Temp
[2010/10/24 14:52:33 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
ldtate
Posted 30 April 2011 - 08:36 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Posted Image

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt in your next reply

  • 0

#3
ldtate
Posted 04 May 2011 - 02:23 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP