Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus


  • This topic is locked This topic is locked

#1
barryweb

barryweb

    New Member

  • Member
  • Pip
  • 1 posts
My XP machine redirects google searches to various advertising sites. The problem happens in both IE and Firefox. I tried all of the steps listed in forum topic 267402 and the problem still exists. I ran OTL.exe as suggested and it generated the following log:

OTL logfile created on: 7/26/2011 7:49:53 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Barryweb\Desktop\Software\Google redirect fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 269.77 Mb Available Physical Memory | 26.63% Memory free
2.39 Gb Paging File | 2.03 Gb Available in Paging File | 84.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 93.98 Gb Free Space | 63.09% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 667.57 Gb Free Space | 71.67% Space Free | Partition Type: NTFS

Computer Name: BARRY1 | User Name: Barryweb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/26 19:48:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barryweb\Desktop\Software\Google redirect fix\OTL.exe
PRC - [2011/06/01 13:45:00 | 016,007,168 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/12/09 19:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 19:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/07 00:34:59 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 15:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/06 14:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/07/26 19:48:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barryweb\Desktop\Software\Google redirect fix\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:12:05 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\security.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WmdmPmSN32)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/12/04 18:41:50 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2009/06/03 13:52:26 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2008/12/09 19:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 19:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/12/04 18:32:56 | 000,024,064 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/04 18:31:18 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/05/04 15:57:18 | 000,148,096 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/03/31 14:45:42 | 000,190,080 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2009/01/14 14:20:01 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/11/24 11:54:12 | 000,495,104 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008/07/07 00:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/08 17:22:16 | 000,273,107 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AIRPLUS.sys -- (AIRPLUS)
DRV - [2001/08/10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB 65 19 02 67 31 CA 4C BF 85 01 4D A0 C2 2A 9C [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3121225d-d9fe-491b-98ce-7737278ec4f2}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/17 12:00:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 22:41:28 | 000,000,000 | ---D | M]

[2011/04/17 12:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barryweb\Application Data\Mozilla\Extensions
[2011/07/26 19:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barryweb\Application Data\Mozilla\Firefox\Profiles\q3jkmrxg.default\extensions
[2011/07/02 16:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barryweb\Application Data\Mozilla\Firefox\Profiles\q3jkmrxg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/02 16:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barryweb\Application Data\Mozilla\Firefox\Profiles\q3jkmrxg.default\extensions\staged-xpis
[2011/06/18 11:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 17:24:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/24 17:23:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/24 17:23:54 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/26 19:15:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {021965CB-3167-4CCA-BF85-014DA0C22A9c} - C:\WINDOWS\system32\autodisc32.dll (Dmitry Streblechenko)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (c060c58a) - {83274F1D-8334-8365-4A3F-7AA9E777D9AE} - C:\WINDOWS\system32\msdxmlc32.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\msdxmlc32.dll) - C:\WINDOWS\system32\msdxmlc32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Barryweb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barryweb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/09 16:17:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d5aaa96-f5d9-11df-82cc-001ec932ae87}\Shell - "" = AutoRun
O33 - MountPoints2\{1d5aaa96-f5d9-11df-82cc-001ec932ae87}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d5aaa96-f5d9-11df-82cc-001ec932ae87}\Shell\AutoRun\command - "" = H:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 19:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barryweb\Desktop\GooredFix Backups
[2011/07/26 19:15:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/26 19:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/21 14:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barryweb\Application Data\Media Player Classic
[2011/07/21 14:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barryweb\Application Data\DivX
[2011/07/05 13:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/07/05 10:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barryweb\Local Settings\Application Data\Google
[2011/07/02 16:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barryweb\Start Menu\Programs\Windows XP Restore
[2011/07/02 13:57:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[1 C:\Documents and Settings\Barryweb\Desktop\*.tmp files -> C:\Documents and Settings\Barryweb\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Barryweb\*.tmp files -> C:\Documents and Settings\Barryweb\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/26 19:49:33 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/07/26 19:19:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 19:15:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/25 15:48:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/23 12:11:16 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/07/23 12:11:13 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/07/21 20:15:48 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Barryweb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 18:03:16 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/02 16:28:22 | 000,002,729 | ---- | M] () -- C:\WINDOWS\EZ-Filing.ini
[2011/07/02 16:28:22 | 000,000,032 | ---- | M] () -- C:\WINDOWS\ezufunct.INI
[2011/07/02 16:28:22 | 000,000,032 | ---- | M] () -- C:\WINDOWS\ezstreet.INI
[2011/07/02 16:28:22 | 000,000,032 | ---- | M] () -- C:\WINDOWS\ezecf.INI
[2011/07/02 16:28:22 | 000,000,032 | ---- | M] () -- C:\WINDOWS\ezdfunct.INI
[2011/07/02 16:28:22 | 000,000,032 | ---- | M] () -- C:\WINDOWS\ezcfunct.INI
[2011/07/02 16:26:00 | 000,359,424 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\autodisc32.dll
[2011/07/02 16:25:59 | 000,000,869 | -H-- | M] () -- C:\Documents and Settings\Barryweb\Desktop\Windows XP Restore.lnk
[2011/07/02 13:57:12 | 000,168,960 | ---- | M] () -- C:\WINDOWS\System32\msdxmlc32.dll
[2011/06/28 22:29:33 | 000,000,412 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_29.06.2011_05-06drv.spi
[1 C:\Documents and Settings\Barryweb\Desktop\*.tmp files -> C:\Documents and Settings\Barryweb\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Barryweb\*.tmp files -> C:\Documents and Settings\Barryweb\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 19:49:33 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/07/21 20:53:12 | 037,961,732 | ---- | C] () -- C:\Documents and Settings\Barryweb\Desktop\Baseball regular speed (2).mpg
[2011/06/28 22:29:33 | 000,000,412 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_29.06.2011_05-06drv.spi
[2011/06/18 11:24:54 | 000,104,182 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2011/06/18 11:24:54 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2011/06/09 20:27:33 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc32.dll
[2011/06/07 08:48:27 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
[2011/06/07 08:48:27 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524
[2011/06/07 08:48:18 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2011/04/21 23:12:59 | 000,000,131 | -H-- | C] () -- C:\Documents and Settings\Barryweb\Local Settings\Application Data\fusioncache.dat
[2011/04/17 13:08:04 | 000,104,182 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/04/17 13:08:04 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/01/17 22:48:05 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Barryweb\Application Data\FormsWorkFlow.lic
[2010/11/23 17:28:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ezufunct.INI
[2010/11/23 17:28:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ezstreet.INI
[2010/11/23 17:28:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ezecf.INI
[2010/11/23 17:28:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ezdfunct.INI
[2010/11/23 17:28:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ezcfunct.INI
[2010/11/23 17:25:14 | 000,002,729 | ---- | C] () -- C:\WINDOWS\EZ-Filing.ini
[2010/11/22 21:05:34 | 000,000,825 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/11/22 21:05:34 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/11/22 21:04:47 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/11/22 21:04:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/11/22 21:04:46 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/11/21 18:41:40 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/07/28 21:04:26 | 000,000,816 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2010/07/28 21:04:22 | 000,000,137 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2010/07/24 17:26:10 | 000,026,064 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2010/07/24 17:25:57 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/07/17 19:59:07 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/07/17 19:59:07 | 000,000,065 | -H-- | C] () -- C:\WINDOWS\System32\BD7440N.DAT
[2010/07/17 19:36:26 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Barryweb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 19:17:25 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2010/07/17 19:17:25 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2009/04/29 18:20:24 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/15 23:17:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/02/13 20:00:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/09 20:44:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/09 20:44:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/02/09 20:44:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/09 20:44:34 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/09 20:44:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/02/09 20:44:33 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/09 20:37:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/09 20:32:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2009/02/09 20:29:21 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/09 16:19:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/09 16:16:04 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/09 08:13:01 | 000,004,302 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/09 08:12:12 | 000,256,656 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/11 15:24:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2005/03/22 11:48:43 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 11:48:43 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2004/08/04 03:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,444,358 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,072,108 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/02 15:33:30 | 000,040,636 | -H-- | C] () -- C:\WINDOWS\System32\drivers\WLANGEN.bin
[2003/07/27 11:02:16 | 000,000,964 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RADIO11.bin
[2003/07/25 11:24:32 | 000,000,936 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RADIO0d.bin
[2003/05/18 20:04:46 | 000,000,912 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RADIO15.bin
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1995/10/05 13:42:22 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1995/09/28 01:57:52 | 000,013,207 | ---- | C] () -- C:\WINDOWS\123r5.ini
[1994/07/16 17:38:40 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\tvtalk.dll
[1994/05/23 11:09:26 | 000,000,478 | ---- | C] () -- C:\WINDOWS\lodbf04.ini

========== LOP Check ==========

[2010/11/21 18:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/02/09 23:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/21 18:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2010/10/30 14:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/02/21 22:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/09 19:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/21 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barryweb\Application Data\AT&T
[2010/07/18 08:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barryweb\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/29 09:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barryweb\Application Data\PC-FAX TX
[2010/11/21 18:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barryweb\Application Data\Sierra Wireless
[2010/07/28 20:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barryweb\Application Data\StumbleUpon
[2010/10/30 14:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barryweb\Application Data\TaxCut

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5060 bytes -> C:\Documents and Settings\Barryweb\Desktop\CCI04062010_00001.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >

Attached Files


  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello barryweb and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB 65 19 02 67 31 CA 4C BF 85 01 4D A0 C2 2A 9C [binary data]
    O2 - BHO: (no name) - {021965CB-3167-4CCA-BF85-014DA0C22A9c} - C:\WINDOWS\system32\autodisc32.dll (Dmitry Streblechenko)
    O2 - BHO: (c060c58a) - {83274F1D-8334-8365-4A3F-7AA9E777D9AE} - C:\WINDOWS\system32\msdxmlc32.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\msdxmlc32.dll) - C:\WINDOWS\system32\msdxmlc32.dll ()
    O33 - MountPoints2\{1d5aaa96-f5d9-11df-82cc-001ec932ae87}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d5aaa96-f5d9-11df-82cc-001ec932ae87}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1d5aaa96-f5d9-11df-82cc-001ec932ae87}\Shell\AutoRun\command - "" = H:\WIN\setup.exe
    [2011/07/02 16:26:00 | 000,359,424 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\autodisc32.dll
    [2011/07/02 13:57:12 | 000,168,960 | ---- | M] () -- C:\WINDOWS\System32\msdxmlc32.dll
    [2011/06/07 08:48:27 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
    [2011/06/07 08:48:27 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524
    [2011/06/07 08:48:18 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
    @Alternate Data Stream - 5060 bytes -> C:\Documents and Settings\Barryweb\Desktop\CCI04062010_00001.jpg:Q30lsldxJoudresxAaaqpcawXc

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default]
    "XMLHTTP_UUID_Default"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please do new OTL scan but this time make sure that All user option is selected. Post log after the scan

Step 3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • New OTL scan log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP