Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google/Yahoo Redirect, Internet Security virus [Solved]


  • This topic is locked This topic is locked

#31
kyn

kyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL logfile created on: 4/10/2012 9:35:40 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Storey\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 376.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32.51 Gb Total Space | 9.74 Gb Free Space | 29.96% Space Free | Partition Type: NTFS
Drive D: | 32.26 Gb Total Space | 12.42 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.30 Gb Free Space | 68.84% Space Free | Partition Type: FAT

Computer Name: STOREY-PC | User Name: Storey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/10 04:34:25 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/23 17:37:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Storey\Desktop\OTL.exe
PRC - [2007/07/15 22:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/06/21 18:25:46 | 000,118,464 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2007/06/21 18:25:44 | 000,257,736 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2007/06/21 18:25:22 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2007/06/21 18:24:12 | 001,076,832 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2007/05/22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/05/16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/05/10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/03/14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/02/13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/20 21:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/20 21:44:28 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/20 21:43:42 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 17:37:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Storey\Desktop\OTL.exe
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gotomypc)
SRV - File not found [Auto | Stopped] -- -- (dcpflics)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2007/09/03 14:07:55 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/03 13:09:42 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/21 18:25:46 | 000,118,464 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/06/21 18:25:44 | 000,257,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/06/21 18:24:12 | 001,076,832 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2007/05/22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/05/16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/05/10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/20 21:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/20 21:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/20 21:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/20 21:43:42 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/20 21:42:52 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/20 21:42:12 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/02/13 01:38:53 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/10 14:54:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007/09/03 14:09:17 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/06/18 03:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/13 19:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/29 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/20 21:45:42 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/20 21:45:42 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/20 21:45:42 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/20 21:45:36 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/20 21:44:14 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/11/20 21:44:12 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
DRV - [2006/11/20 21:44:10 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/20 21:42:22 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 15:41:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/09/09 14:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Storey\AppData\Roaming\Mozilla\Extensions
[2012/03/16 20:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Storey\AppData\Roaming\Mozilla\Firefox\Profiles\xlmh055o.default\extensions
[2011/09/09 14:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\STOREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XLMH055O.DEFAULT\EXTENSIONS\[email protected]
[2012/03/18 15:41:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/02/17 14:23:39 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2012/02/17 14:23:39 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/30 22:02:53 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 07:17:55 | 000,000,000 | ---D | C] -- C:\Users\Storey\AppData\Local\temp
[2012/04/05 07:01:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/05 06:10:14 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Storey\Desktop\tdsskiller.exe
[2012/04/04 22:52:22 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/04 05:03:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/04 05:03:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/04 05:03:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/04 05:03:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012/04/04 05:02:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/03 11:20:15 | 000,087,552 | ---- | C] (Kaspersky Lab) -- C:\Windows\clipmmc.dll
[2012/03/30 12:21:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Storey\Desktop\OTL.exe
[2012/03/30 12:20:12 | 004,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Storey\Desktop\mbam-setup.exe
[2012/03/30 12:20:06 | 004,455,902 | R--- | C] (Swearware) -- C:\Users\Storey\Desktop\ComboFix.exe
[2012/03/29 10:27:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/26 21:58:16 | 000,000,000 | ---D | C] -- C:\found.000
[2012/03/22 08:14:13 | 000,090,624 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\clipmmc.dll
[2012/03/21 21:16:36 | 000,000,000 | ---D | C] -- C:\Users\Storey\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/21 21:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/21 21:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/21 21:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/21 21:09:46 | 015,495,768 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Storey\Desktop\SUPERAntiSpyware.exe
[2012/03/19 21:24:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/19 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Storey\Desktop\tdsskiller
[2012/03/19 21:10:49 | 000,000,000 | ---D | C] -- C:\Users\Storey\Desktop\GooredFix Backups
[2012/03/19 14:25:32 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/03/19 13:02:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/16 21:42:56 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Storey\Desktop\OTM.exe
[2012/03/16 21:42:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/16 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Storey\Desktop\erunt
[2012/03/16 18:27:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/08 10:03:58 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/09/03 13:38:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 09:31:01 | 000,003,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 09:31:01 | 000,003,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 09:31:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/10 08:06:24 | 1063,272,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/06 05:52:36 | 000,642,838 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/06 05:52:36 | 000,111,854 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/05 06:07:32 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Storey\Desktop\tdsskiller.exe
[2012/04/04 17:55:52 | 000,001,356 | ---- | M] () -- C:\Users\Storey\AppData\Local\d3d9caps.dat
[2012/04/04 04:55:42 | 004,455,902 | R--- | M] (Swearware) -- C:\Users\Storey\Desktop\ComboFix.exe
[2012/04/03 12:27:20 | 000,087,552 | ---- | M] (Kaspersky Lab) -- C:\Windows\clipmmc.dll
[2012/03/31 09:53:40 | 000,001,579 | ---- | M] () -- C:\Users\Storey\Desktop\firefox - Shortcut (2).lnk
[2012/03/31 09:53:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/03/31 07:20:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/31 07:20:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/30 22:02:53 | 000,000,761 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/30 12:21:43 | 000,000,822 | ---- | M] () -- C:\Users\Storey\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/03/30 04:52:27 | 000,001,579 | ---- | M] () -- C:\Users\Storey\Desktop\firefox - Shortcut.lnk
[2012/03/22 08:14:13 | 000,090,624 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\clipmmc.dll
[2012/03/22 06:32:11 | 129,751,823 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/21 21:11:15 | 015,495,768 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Storey\Desktop\SUPERAntiSpyware.exe
[2012/03/19 21:07:13 | 002,044,822 | ---- | M] () -- C:\Users\Storey\Desktop\tdsskiller.zip
[2012/03/16 21:43:19 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Storey\Desktop\OTM.exe
[2012/03/16 21:40:46 | 000,513,320 | ---- | M] () -- C:\Users\Storey\Desktop\erunt.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/05 06:05:21 | 1063,272,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/04 05:03:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/04 05:03:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/04 05:03:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/04 05:03:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/04 05:03:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/31 10:04:40 | 000,000,822 | ---- | C] () -- C:\Users\Storey\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/03/31 10:04:25 | 000,000,947 | ---- | C] () -- C:\Users\Storey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/31 10:04:25 | 000,000,902 | ---- | C] () -- C:\Users\Storey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/31 10:04:25 | 000,000,834 | ---- | C] () -- C:\Users\Storey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/31 10:04:25 | 000,000,258 | ---- | C] () -- C:\Users\Storey\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/31 10:04:25 | 000,000,240 | ---- | C] () -- C:\Users\Storey\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/31 09:53:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/03/31 07:36:00 | 000,001,579 | ---- | C] () -- C:\Users\Storey\Desktop\firefox - Shortcut (2).lnk
[2012/03/31 07:20:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/03/31 07:20:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/03/30 04:52:26 | 000,001,579 | ---- | C] () -- C:\Users\Storey\Desktop\firefox - Shortcut.lnk
[2012/03/19 21:06:53 | 002,044,822 | ---- | C] () -- C:\Users\Storey\Desktop\tdsskiller.zip
[2012/03/19 13:02:03 | 129,751,823 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/16 21:39:15 | 000,513,320 | ---- | C] () -- C:\Users\Storey\Desktop\erunt.zip
[2011/12/12 09:52:20 | 000,001,356 | ---- | C] () -- C:\Users\Storey\AppData\Local\d3d9caps.dat
[2011/10/15 17:14:36 | 000,003,584 | ---- | C] () -- C:\Users\Storey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/08 10:27:46 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2011/09/08 10:27:38 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2011/09/08 10:03:58 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/09/03 14:53:39 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/09/03 13:44:52 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/09/03 13:39:01 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/09/03 13:39:01 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/09/03 13:38:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/09/03 12:05:59 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/09/03 12:05:10 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/03 12:05:10 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/03 12:05:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/04/25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,231,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,642,838 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,111,854 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/09/08 10:08:45 | 000,000,000 | ---D | M] -- C:\Users\Storey\AppData\Roaming\Acer
[2011/09/09 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\Storey\AppData\Roaming\FrostWire
[2011/09/08 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\Storey\AppData\Roaming\Leadertech
[2011/09/09 15:27:08 | 000,000,000 | ---D | M] -- C:\Users\Storey\AppData\Roaming\uTorrent
[2012/04/10 06:33:19 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: CMD.EXE >
[2006/11/02 02:44:59 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=349CD4318E6E351C9BB72EE13B7CA807 -- C:\Windows\System32\cmd.exe
[2006/11/02 02:44:59 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=349CD4318E6E351C9BB72EE13B7CA807 -- C:\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6000.16386_none_88d604c11d71789b\cmd.exe
[2008/01/19 00:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) MD5=74F26FC01B180D4A99A168ED69C30A53 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6001.18000_none_8b0cc6bd1a5c896f\cmd.exe

< End of report >
  • 0

Advertisements


#32
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi kyn,

Looks like cmd.exe is corrupted. We'll replace it.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    C:\Windows\System32\cmd.exe|C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6001.18000_none_8b0cc6bd1a5c896f\cmd.exe /replace

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Let's try to run sfc again.We are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

click Start
click All Programs, then Accessories
right click on the Command Prompt option,
on the drop down menu which appears, click on the Run as Administrator option.
At the prompt type sfc /scannow (Please note that there is a single space between sfc and /scannow).
press Enter

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
It would be helpful if you could post each log in separate post
  • 0

#33
kyn

kyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I get the same error message when trying to run Command Prompt

OTL log:

========== OTL ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\cmd.exe with C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6001.18000_none_8b0cc6bd1a5c896f\cmd.exe without a reboot.

OTL by OldTimer - Version 3.2.22.3 log created on 04112012_063713

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#34
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart your PC and try it again. If you fail then go to

C:\Windows\System32\cmd.exe

Double click cmd.exe to run it. If it starts then to sfc /scannow step.
  • 0

#35
kyn

kyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hello mailprog,

Here is what's happening...

The computer will shut off every 2 minutes it seems. I was able to run the sfc /scannow, and it was at 22%, before the computer just shut down again. I tried in Safe Mode as well, with the same results
  • 0

#36
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you try to start Windows in Safe Mode.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

If it starts then try to run sfc /scannow and let me know results.
  • 0

#37
kyn

kyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Okay I was finally able to complete the scan. Someone suggested to me that my laptop may have been overheating. Is there a log I should post?
  • 0

#38
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Overheating can cause you BIG problems. No, there is no log to post.

Can you tell me what problems you have now if any?
  • 0

#39
kyn

kyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I was using Google on the computer just now, and I'm still being redirected to strange websites. My only other issue would be if the computer shut itself off again, but I'll see how it runs for the rest of the day.

Edited by kyn, 12 April 2012 - 03:27 PM.

  • 0

#40
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Do you get redirected in all browsers or just Firefox?

Test Internet Explorer for redirection too.
  • 0

Advertisements


#41
kyn

kyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I was being redirected in Firefox. I just tested Internet Explorer, and it's fine, no problems there.
  • 0

#42
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK- Let's test this.

Click on Start then Run...
Type

firefox.exe -safe-mode

And press OK button
If it ask you press Continue in Safe Mode
Test Google searches now and let me know results.
  • 0

#43
kyn

kyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hello mailprog, sorry for the late update.

Google is running smoothly now. I've tested it a couple times, and haven't been redirected yet.
  • 0

#44
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If you don't experience any problems in safe-mode then you must check your add-ons in Firefox.

Open Firefox and from Tools menu select Add-ons
Disable them all and restart your Firefox
If you don't experience any problems then go to Add-ons and enable first add-on then restart Firefox
If problems starts then this is the bad one
If problems don't start then enable another one and so on until you find bad one

When you find it remove it from Add-ons.

Let me know results.
  • 0

#45
kyn

kyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I have tried for almost 2 days to complete the next step you posted, However, my computer will shut off without notice. It didn't do this before it was infected, is there a way to fix this? It shuts off randomly at different times, sometimes after 30 minutes, sometimes 10. When I turn it back on, I get a black screen with a blinking cursor in the top left corner. It takes me several attempts before getting back to Windows.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP