Solved google redirect virus for vista

ebsgirl · 2011/01/02

OTL Extras logfile created on: 1/2/2011 12:26:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 116.99 Gb Free Space | 52.79% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.08 Gb Free Space | 9.62% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B76F31-0F64-4C69-A39A-E27D13823E49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{098C5B66-59F0-4DCE-AEAC-13BB2AD2903D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{0CC12195-C559-4D28-A9A0-F9D56B747CBF}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{13D4318B-FAB3-4132-A38B-37A51C7C58A0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{292125DE-BBE4-4AFA-B9D3-5A42515208AF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{4D5CE9A2-9B11-47ED-8B57-ADD53F5101E9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{616439E8-C5BD-4DEC-9C9D-EE7FE5E32A27}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{6291FE9B-674A-4A68-9CC1-3C3C6DB6C952}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{67387183-10B9-4623-BE6F-8ECB92E0A2D2}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7EBD71A0-7327-44E8-A4A8-EDB1136FFBB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{7F751C0D-1A0E-4890-9C77-A944D41CFAF6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8040ABE8-88F2-49B3-8F40-DD4013A40420}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{CAA50E09-91D2-443F-8856-C746F540CC2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D6A938-C4F7-4534-8E71-87B694C88346}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{0AAFA8EE-431E-4CA9-90A1-9DC638E3BA5F}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{21B2CCCC-71C9-4A51-AD86-95FEBDA0B354}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{51952A2C-FF4B-4B68-9968-874BFCDE7588}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{66806813-C9F2-413E-B258-E589FD195E8C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6BDA8B78-13B8-4AD4-9D2E-416246DABE9A}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9D6C5E70-E4E8-44D6-9C91-F1F13F05E3C2}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{9DD80EDE-B317-4860-8BEC-FD9907214D55}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\iexplore.exe.exe |
"{AD4860DA-E0AE-4CBD-A03B-1D1517A77557}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B908C744-C07B-42EB-AB5C-57996233F5D8}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\iexplore.exe.exe |
"{C3381F52-FA3D-42C4-9840-E07986568A00}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E48A5C4C-47AD-46AE-858C-4EF22BA3F029}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"TCP Query User{2AD03DF5-E425-40ED-8171-BD91A11C28FC}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{A8C6EA26-5C07-41D2-87BE-7896961F3523}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1113470A-6543-4F3C-96A5-1D1CA2677AA4}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{F435CD71-80E6-4E46-A548-B5DFDF4E8202}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Free Antivirus
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math Games Level 1_is1" = Math Games Level 1 1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MultitrackStudio_is1" = MultitrackStudio Lite 6.3
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Photo Pos Pro" = Photo Pos Pro
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PoiZone" = PoiZone
"Revo Uninstaller" = Revo Uninstaller 1.83
"Sawer" = Sawer
"Shockwave" = Shockwave
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = HP Games
"WTA-5b50d068-955c-4d34-9838-982d7621c328" = Book of Legends
"WTA-8bb21c78-f5f3-4b25-8e86-6409c0ede6cc" = Jojo's Fashion Show 2 - Las Cruces

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2011 7:38:34 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2011 9:13:45 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0ef05930, process id 0x2f0, application start time
0x01cba9a8484a50ca.

Error - 1/1/2011 4:23:20 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2011 4:37:09 PM | Computer Name = Owner-PC | Source = SPP | ID = 16387
Description =

Error - 1/1/2011 4:37:09 PM | Computer Name = Owner-PC | Source = System Restore | ID = 8193
Description =

Error - 1/1/2011 5:13:14 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program TFC.exe version 3.1.7.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 17a4 Start Time: 01cba9f88435ff9a Termination Time: 0

Error - 1/1/2011 5:15:25 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2011 5:18:44 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2011 5:22:36 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2011 5:25:40 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/24/2009 5:29:35 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 6:05:36 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/28/2009 5:30:23 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/10/2009 6:41:04 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/10/2009 6:48:03 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 1/2/2011 1:46:01 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/2/2011 1:48:01 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.34 for the Network Card with network address
0021976AB979 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent
a DHCPNACK message).

Error - 1/2/2011 2:35:17 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.35 for the Network Card with network address
0021976AB979 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent
a DHCPNACK message).

Error - 1/2/2011 3:19:27 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/2/2011 3:20:36 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/2/2011 3:20:52 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/2/2011 3:29:23 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/2/2011 4:03:23 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/2/2011 4:04:14 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/2/2011 4:10:34 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

< End of report >

broni · 2011/01/02

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe File not found
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/12/30 23:14:01 | 000,000,112 | ---- | C] () -- C:\ProgramData\1VjM2R.dat
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:B3A1E064
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3DAC3B29
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:B3D74A13
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:109734F6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CB0AACC9


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 "AntiVirusOverride" = -

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

ebsgirl · 2011/01/02

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netzero.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netzero.net\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\x-sdch\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1759355-3EEC-4C1E-B0F1-B719FE26E377}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\1VjM2R.dat moved successfully.
ADS C:\ProgramData\Temp:FAB64002 deleted successfully.
ADS C:\ProgramData\Temp:B3A1E064 deleted successfully.
ADS C:\ProgramData\Temp:BAC2F271 deleted successfully.
ADS C:\ProgramData\Temp:3DAC3B29 deleted successfully.
ADS C:\ProgramData\Temp:B3D74A13 deleted successfully.
ADS C:\ProgramData\Temp:109734F6 deleted successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride scheduled to be deleted on reboot.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 38857 bytes
->Temporary Internet Files folder emptied: 54992350 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 4997 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01022011_131320

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD4S4I97\background-banner-middle-v9[1].jpg moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD4S4I97\background-banner-right-v9a[1].jpg moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD4S4I97\background_banner_green_50_v9a[1].jpg moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD4S4I97\background_banner_green_50_v9[1].jpg moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD4S4I97\list-item-plus[1].png moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M90IJXUO\background-banner-middle-v45[1].jpg moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M90IJXUO\background-banner-right-v9[1].jpg moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7WFRQYZ\background-banner-right-v45[1].jpg moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7WFRQYZ\background_button_green_full[1].png moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQZEU368\background-banner-middle-v9a[1].jpg moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQZEU368\background_banner_green_50_v45[1].jpg moved successfully.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride scheduled to be deleted on reboot.

broni · 2011/01/02

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

ebsgirl · 2011/01/02

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

broni · 2011/01/02

Uninstall Java(TM) 6 Update 7 .

=================================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

ebsgirl · 2011/01/02

heres the ssaet online scan log....

C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\4F73E13A\3E688669\stbapp.dll a variant of Win32/Adware.DoubleD.AL application
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll a variant of Win32/Adware.DoubleD.AL application
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B3AC8875\3E688669\stbMsn.dll a variant of Win32/Adware.DoubleD.AL application
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B75FA91E\3E688669\stbsvc.exe a variant of Win32/Adware.DoubleD.AB application
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll a variant of Win32/Adware.DoubleD.AL application
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C41B8701\3E688669\stbAol.dll a variant of Win32/Adware.DoubleD.AL application
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\4F73E13A\3E688669\stbapp.dll a variant of Win32/Adware.DoubleD.AL application
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll a variant of Win32/Adware.DoubleD.AL application
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B3AC8875\3E688669\stbMsn.dll a variant of Win32/Adware.DoubleD.AL application
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B75FA91E\3E688669\stbsvc.exe a variant of Win32/Adware.DoubleD.AB application
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll a variant of Win32/Adware.DoubleD.AL application
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C41B8701\3E688669\stbAol.dll a variant of Win32/Adware.DoubleD.AL application

ebsgirl · 2011/01/02

can i go ahead and install the adobe reader? and I need to uninstall java again? do i follow the same steps as last time?

broni · 2011/01/02

Just uninstall Java(TM) 6 Update 7.

Go ahead with Adobe...

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\4F73E13A\3E688669\stbapp.dll 
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll 
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B3AC8875\3E688669\stbMsn.dll 
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B75FA91E\3E688669\stbsvc.exe 
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll 
C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C41B8701\3E688669\stbAol.dll 
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\4F73E13A\3E688669\stbapp.dll 
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll 
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B3AC8875\3E688669\stbMsn.dll 
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B75FA91E\3E688669\stbsvc.exe 
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll 
C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C41B8701\3E688669\stbAol.dll

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

ebsgirl · 2011/01/02

The only java I see is java (TM) 6 update 23...sorry..i take it this isnt the one to uninstall correct?

broni · 2011/01/02

That's fine.
Proceed with next steps.

ebsgirl · 2011/01/02

It said there was an error when running OTL and it shut down...I got this log:
Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Take it I should just try again?

ebsgirl · 2011/01/02

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\4F73E13A\3E688669\stbapp.dll not found.
File\Folder C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll not found.
File\Folder C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B3AC8875\3E688669\stbMsn.dll not found.
File\Folder C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B75FA91E\3E688669\stbsvc.exe not found.
File\Folder C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll not found.
File\Folder C:\ProgramData\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C41B8701\3E688669\stbAol.dll not found.
File\Folder C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\4F73E13A\3E688669\stbapp.dll not found.
File\Folder C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll not found.
File\Folder C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B3AC8875\3E688669\stbMsn.dll not found.
File\Folder C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\B75FA91E\3E688669\stbsvc.exe not found.
File\Folder C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll not found.
File\Folder C:\Users\All Users\{C1B2B02A-9D52-423D-861A-498B050BB4A2}\OFFLINE\C41B8701\3E688669\stbAol.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 472935 bytes
->Temporary Internet Files folder emptied: 5319446 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 653 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01022011_210426

Files\Folders moved on Reboot...
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFD0AF.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFD0BA.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFD107.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFD113.tmp not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O1UP3VK1\01[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O1UP3VK1\blank[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M9221A4D\launch[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AIZIT0X\blank[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AIZIT0X\fc[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AIZIT0X\iframescript[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AIZIT0X\like[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0PTHA90X\97087-active-google-redirect-virus-vista-4[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0PTHA90X\openmail.app[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0PTHA90X\openmail.app[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

broni · 2011/01/02

Good job

Go on....

ebsgirl · 2011/01/02

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 505543 bytes
->Temporary Internet Files folder emptied: 4685758 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 950 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01022011_211542

Files\Folders moved on Reboot...
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF22FE.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF2308.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF23A1.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF23AC.tmp not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QS5U4TVY\iframescript[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QS5U4TVY\launch[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QS5U4TVY\openmail.app[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QS5U4TVY\st[1] moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q25M33QD\blank[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q25M33QD\fc[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G9KA4E3J\97087-active-google-redirect-virus-vista-4[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G9KA4E3J\blank[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFDCWBS2\blank[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFDCWBS2\openmail.app[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

broni · 2011/01/02

12. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready....

ebsgirl · 2011/01/02

Thank you so much Broni! I gratly appreciate all your help and you've saved me alot of time and hasstle. I'll let you know how its doing in a couple days..Thanks again!!

ebsgirl · 2011/01/02

it seems to be great so far

broni · 2011/01/02

Very well

I don't lock my topics, so if anything comes up, you can always holler here.

Meanwhile...

Good luck and stay safe

ebsgirl · 2011/01/02

ok so i tried to enable windows defender and it said error code 0x800106ba...couldn't turn on..but when i double checked, it was back on...so dnt know what that was about

then ran the PSI program you suggest i install and it said 2 insecure programs, 5 end-of-life programs, and 50 patch programs..is that loose files and stuff i need to clean up?

Log in or Sign up

Solved google redirect virus for vista

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

Share This Page

Log in or Sign up

Solved google redirect virus for vista

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

Share This Page

Useful Searches