“Anti Virus” by designte.com has attacked me. Can’t clean it up.
As you requested, I have run MalwareBytes. I also ran OTL (a couple of times). Below my comments are the readouts. A couple of other problems (that I HOPE are related) are this:
CD tray opens sporadically
Can’t do a system restore (either in normal or safe mode)
If I put in an XP pro disk, it does not recognize the hard drive.
Thanks for any help you can provide…
Is this the one you have ?
did you update malwarebytes before you scanned ?
can you post the scan log ?
Remove Antivirus Scan (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-scan
I THINK I have it.
I HAVE updated Malwarebyte.
The scan log is too long to post. Is there a way for me to do it?
Of course I CAN attach it but I sure don’t blame you for not wanting to open one of my files. 
lower left corner > aditional options > attach
If you are referring to the OTL scan file, I posted it in my first post but will post it here again followed by the EXTRAS file, which I had to get via a full scan (NOT quick scan).
And the EXTRA file (One was NOT generated via the Quick Scan option)
and the Malwarebytes scan log
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5571
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/22/2011 4:10:25 PM
mbam-log-2011-01-22 (16-10-25).txt
Scan type: Full scan (C:|D:|E:|)
Objects scanned: 505406
Time elapsed: 2 hour(s), 55 minute(s), 47 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
c:\documents and settings\greg ellis.pc139818592325\application data\microsoft\conhost.exe (Trojan.Agent) → 18300 → Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) → Value: conhost → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) → Value: load → Delete on reboot.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) → Bad: (C:\DOCUME~1\GREGEL~1.PC1\LOCALS~1\Temp\csrss.exe) Good: () → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\greg ellis\application data\Mozilla\Firefox\Profiles\euby6z0j.default\yoono\yoono_running_commands.log (Trojan.Zbot) → Quarantined and deleted successfully.
c:\documents and settings\greg ellis.pc139818592325\local settings\Temp\28B.exe (Trojan.Downloader) → Quarantined and deleted successfully.
c:\documents and settings\greg ellis.pc139818592325\application data\microsoft\conhost.exe (Trojan.Agent) → Quarantined and deleted successfully.
c:\documents and settings\greg ellis.pc139818592325\local settings\Temp\csrss.exe (Trojan.Agent) → Delete on reboot.
OK Essexboy is notified 
Probably wont work, but you may try updating an running a quick scan with MBAM again as there have been some updates released since you scanned
Hi there may be a deeper problem so I would like you to run an additional programme on completion of the OTL fix
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL IE - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63111 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 63111 FF - prefs.js..network.proxy.type: 4 O3 - HKLM\..\Toolbar: (no name) - {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - No CLSID value found. O3 - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\..\Toolbar\WebBrowser: (no name) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No CLSID value found. O3 - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\..\Toolbar\WebBrowser: (no name) - {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - No CLSID value found. O3 - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-1360784826-3158860248-318043405-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present [2011/01/23 07:46:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
.
THEN
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
OK. Starting this now. Thanks.
I have the same virus. I have tried most items listed in the post except the otl and custom scan. What is otl and what else can I do? Thanks in advance fir the help.
What is otl and what else can I do?OTL will produce two log files where Essexboy can see what and where the malware is located....and then remove it
if you are going to do it you should start your own topic where you attach the logs
helping multiple users in the same topic will only create chaos as you also may have different needs…
Essexboy - I ran the OTL (with the code you provided) I kept getting an “access violation address 005CC7ED in module otl.exe - read address of 00000000” UNTIL I removed the “:OTL”. Then I got the attached file:
Then I ran TDSS Killer and got the attached report.
I am willing and able to do anything to get this computer back to “normal”. Thank you!
Greg
Finally, after I did all of the above, I updated and ran a full MBAM scan. Results:
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5584
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/24/2011 7:19:04 AM
mbam-log-2011-01-24 (07-19-04).txt
Scan type: Full scan (C:|D:|E:|)
Objects scanned: 502001
Time elapsed: 3 hour(s), 9 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information_restore{92ec12a7-009b-4d77-899d-ff91068a8284}\rp313\a0095775.exe (Trojan.Downloader) → Quarantined and deleted successfully.
c:\system volume information_restore{92ec12a7-009b-4d77-899d-ff91068a8284}\RP316\A0096181.exe (Trojan.Dropper.PGen) → Quarantined and deleted successfully.
c:\system volume information_restore{92ec12a7-009b-4d77-899d-ff91068a8284}\RP316\A0096961.exe (Adware.Agent) → Quarantined and deleted successfully.
I suspect if I were to run it again, it would find more viruses. It puzzles me that it finds a new one (or threee as in this case)each run.
TH three found were in system restore - so resetting restore should clear them. The OTL error was generated because you pressed run scan as opposed to run fix ;D
Could you run the OTL script again please but press run fix
Ok. I did the scan again and clicked RUNFIX. The results are attached.
Followed by the QUICK SCAN of OTL. The results are enclosed.
Remember, I had the following problems:
CD tray opens sporadically
Can’t do a system restore (either in normal or safe mode)
If I put in an XP pro disk, it does not recognize the hard drive.