Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Win32 and various redirects.

Started by crzycrl , Sep 15 2011 06:46 PM

  • Please log in to reply

#1
crzycrl
Posted 15 September 2011 - 06:46 PM

crzycrl

    New Member

  • Member
  • Pip
  • 1 posts
Hi! Thanks in advance for any help you can provide. I'm getting redirected to various jackpot sites and "Winner!" pages whenever I use google searches.

Also, if I try to open a downloaded file, I get the following message:
c:\(file location) is not a valid win32 application.

Here is my OTL file:

OTL logfile created on: 15/09/2011 8:18:06 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Carol S\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1015.23 Mb Total Physical Memory | 525.32 Mb Available Physical Memory | 51.74% Memory free
2.38 Gb Paging File | 1.80 Gb Available in Paging File | 75.56% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 114.75 Gb Free Space | 76.99% Space Free | Partition Type: NTFS

Computer Name: CAROL | User Name: Carol S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 20:14:07 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol S\Desktop\OTL.scr
PRC - [2011/09/15 06:52:46 | 000,199,680 | ---- | M] () -- C:\Documents and Settings\Carol S\Local Settings\Temp\csrss.exe
PRC - [2011/09/14 05:58:20 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\dwm.exe
PRC - [2011/09/09 07:27:47 | 000,179,712 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\Microsoft\conhost.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/02/02 01:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 01:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/07/06 17:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/06/29 16:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/29 16:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/06/02 23:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/04/15 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/15 06:52:46 | 000,199,680 | ---- | M] () -- C:\Documents and Settings\Carol S\Local Settings\Temp\csrss.exe
MOD - [2011/09/14 05:58:20 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\dwm.exe
MOD - [2011/09/09 07:27:47 | 000,179,712 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\Microsoft\conhost.exe
MOD - [2011/08/11 03:21:50 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/08/11 03:15:29 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/11 03:14:55 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/11 03:11:52 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/29 03:10:30 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/03/03 12:08:23 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/02 23:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
MOD - [2008/04/15 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/15 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2009/06/29 16:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/02 23:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 09:10:07 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110428.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 09:10:07 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110428.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110426.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/07/02 07:39:03 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/28 21:07:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/21 04:14:04 | 002,481,536 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/09/22 21:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/04 17:46:08 | 000,045,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/08/29 20:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/02 03:10:54 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)
DRV - [2009/06/29 16:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/06/02 05:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 05:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 05:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/04/21 13:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/13 17:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/14 10:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/...t={SUB_RFC1766}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/...t={SUB_RFC1766}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64242

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64242
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Carol S\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2011/07/20 16:00:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/02 19:28:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/02 19:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol S\Application Data\Mozilla\Extensions
[2011/08/02 19:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/20 16:00:15 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPLGN
[2010/03/03 12:04:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/01/24 16:08:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 03:31:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/15 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\14.0.835.163\npchrome_frame.dll (Google Inc.)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Carol S\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [NSSInstallation] C:\Documents and Settings\Carol S\My Documents\Downloads\NSSstub.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\Carol S\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\CAROLS~1\LOCALS~1\Temp\csrss.exe) -C:\Documents and Settings\Carol S\Local Settings\Temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E06CFDD9-C620-4EE0-B99B-8623FBABF155}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\14.0.835.163\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Carol S\Application Data\dwm.exe) -C:\Documents and Settings\Carol S\Application Data\dwm.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Carol S\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carol S\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell - "" = AutoRun
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell\install\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{76271880-4b1d-11df-afda-18a905de7c4e}\Shell - "" = AutoRun
O33 - MountPoints2\{76271880-4b1d-11df-afda-18a905de7c4e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76271880-4b1d-11df-afda-18a905de7c4e}\Shell\AutoRun\command - "" = D:\ONSPCLCK.exe
O33 - MountPoints2\{99c3a07e-5327-11df-8fa3-18a905de7c4e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99c3a07e-5327-11df-8fa3-18a905de7c4e}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{99c3a07e-5327-11df-8fa3-18a905de7c4e}\Shell\Install\Command - "" = D:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 20:14:03 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carol S\Desktop\OTL.scr
[2011/09/08 14:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/08/25 17:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol S\My Documents\My Received Files
[2011/08/25 17:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol S\Local Settings\Application Data\BearShare
[2011/08/25 17:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2011/08/25 17:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BearShare
[2011/08/25 17:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2011/08/25 17:54:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{8F6A59AE-835F-46B0-90B3-07ADBC8494F0}
[2011/08/25 17:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol S\Local Settings\Application Data\PackageAware
[2010/01/21 04:13:00 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/01/21 04:12:47 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/15 20:24:53 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2011/09/15 20:14:07 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol S\Desktop\OTL.scr
[2011/09/15 20:12:22 | 000,119,707 | ---- | M] () -- C:\Documents and Settings\Carol S\Desktop\OTL.exe
[2011/09/15 20:08:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/15 14:18:02 | 000,436,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/15 14:18:02 | 000,069,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/15 14:13:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/15 14:13:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/15 14:13:04 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/14 05:58:20 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\dwm.exe
[2011/09/10 13:36:44 | 000,022,204 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\3FAE.470
[2011/09/07 19:02:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 20:21:25 | 000,001,535 | ---- | M] () -- C:\Documents and Settings\Carol S\Desktop\Install_NSS.lnk
[2011/08/26 18:37:28 | 000,061,977 | ---- | M] () -- C:\Documents and Settings\Carol S\My Documents\ApplicationForm[1].pdf
[2011/08/25 17:55:00 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2011/08/25 17:54:42 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2011/08/25 17:54:42 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Carol S\Desktop\BearShare.lnk
[2011/08/24 03:00:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/15 20:12:22 | 000,119,707 | ---- | C] () -- C:\Documents and Settings\Carol S\Desktop\OTL.exe
[2011/09/01 20:21:25 | 000,001,541 | ---- | C] () -- C:\Documents and Settings\Carol S\Start Menu\Programs\Install_NSS.lnk
[2011/09/01 20:21:25 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\Carol S\Desktop\Install_NSS.lnk
[2011/08/31 23:11:04 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\Carol S\Application Data\dwm.exe
[2011/08/31 23:10:46 | 000,022,204 | ---- | C] () -- C:\Documents and Settings\Carol S\Application Data\3FAE.470
[2011/08/26 18:37:28 | 000,061,977 | ---- | C] () -- C:\Documents and Settings\Carol S\My Documents\ApplicationForm[1].pdf
[2011/08/25 17:55:00 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2011/08/25 17:54:42 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\Carol S\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2011/08/25 17:54:42 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Carol S\Desktop\BearShare.lnk
[2011/08/02 19:28:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/18 17:20:06 | 000,000,124 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI
[2010/04/18 15:10:30 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Carol S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 00:55:52 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/02/16 00:55:52 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/01/21 04:13:00 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/01/21 04:13:00 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/01/21 04:13:00 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/01/20 23:02:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/11/20 16:27:12 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/11/20 15:56:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/10 22:25:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/10 22:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/10 22:06:58 | 000,436,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/10 22:06:58 | 000,069,482 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/10 22:01:42 | 000,300,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/10 21:58:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/10 21:57:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/15 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/15 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/15 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/15 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/15 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/15 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/15 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/15 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/29 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/29 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/08/25 17:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2011/06/23 19:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/24 16:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/21 03:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/01/20 22:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/06/05 17:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/26 09:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/08/25 17:55:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8F6A59AE-835F-46B0-90B3-07ADBC8494F0}
[2011/04/07 08:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\BitTorrent
[2010/02/16 23:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\Facebook
[2010/11/06 10:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\GARMIN
[2010/03/16 12:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\GetRightToGo
[2011/03/29 19:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\MSNInstaller
[2010/03/16 12:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\OfficeRecovery
[2010/03/03 23:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\OpenOffice.org
[2011/06/23 19:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\Research In Motion
[2010/01/20 22:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol S\Application Data\WildTangent
[2011/09/15 20:24:53 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 15 September 2011 - 10:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64242
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64242
FF - prefs.js..network.proxy.type: 1
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Carol S\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
F3 - HKCU WinNT: Load - (C:\DOCUME~1\CAROLS~1\LOCALS~1\Temp\csrss.exe) -C:\Documents and Settings\Carol S\Local Settings\Temp\csrss.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Carol S\Application Data\dwm.exe) -C:\Documents and Settings\Carol S\Application Data\dwm.exe ()
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell - "" = AutoRun
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{2ed87a42-4268-11df-8dce-18a905de7c4e}\Shell\install\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{76271880-4b1d-11df-afda-18a905de7c4e}\Shell - "" = AutoRun
O33 - MountPoints2\{76271880-4b1d-11df-afda-18a905de7c4e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76271880-4b1d-11df-afda-18a905de7c4e}\Shell\AutoRun\command - "" = D:\ONSPCLCK.exe
O33 - MountPoints2\{99c3a07e-5327-11df-8fa3-18a905de7c4e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99c3a07e-5327-11df-8fa3-18a905de7c4e}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{99c3a07e-5327-11df-8fa3-18a905de7c4e}\Shell\Install\Command - "" = D:\Start.exe
[2011/09/14 05:58:20 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\dwm.exe
[2011/09/10 13:36:44 | 000,022,204 | ---- | M] () -- C:\Documents and Settings\Carol S\Application Data\3FAE.470
[2011/09/15 20:24:53 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config HidServ start= disabled /c
sc config AppMgmt start= disabled /c
C:\Documents and Settings\Carol S\Local Settings\Temp\csrss.exe
C:\Documents and Settings\Carol S\Application Data\dwm.exe
C:\Documents and Settings\Carol S\Application Data\Microsoft\conhost.exe
    
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.


Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Are you still getting redirected?

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP