Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Redirects & Can't Run Malewarebytes Update

Started by ChrisPittts , Aug 07 2011 09:11 AM

  • This topic is locked This topic is locked

#1
ChrisPittts
Posted 07 August 2011 - 09:11 AM

ChrisPittts

    Member

  • Member
  • PipPip
  • 64 posts
Thanks in advance for your time and expertise...

I'm trying to clean up a friend's laptop. When doing any browser searches the first time you follow a link you are redirected, but it works on the second try. Also - can not run malewarebytes update. It gives the error "PROGRAM_ERROR_UPDATING (11004,0,No address found) ". Also - when I run Task Mgr the tabs are missing so I can only see the running processes screen.

Here is the OTL Scan:

OTL logfile created on: 8/7/2011 10:59:46 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Michael Belmont\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.36 Mb Total Physical Memory | 172.41 Mb Available Physical Memory | 34.25% Memory free
1.20 Gb Paging File | 0.72 Gb Available in Paging File | 59.71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.85 Gb Total Space | 12.34 Gb Free Space | 44.29% Space Free | Partition Type: NTFS

Computer Name: MJ-BEB851079773 | User Name: Michael Belmont | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michael Belmont\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\hp print screen utility\prnsys.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Michael Belmont\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (nosGetPlusHelper) getPlus® -- File not found
SRV - (HidServ) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpKslb0210cf6) -- File not found
DRV - (MpKsld2c62d31) -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C5E2617-C252-4B56-B611-7F3A15EE5358}\MpKsld2c62d31.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-448539723-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.oblates....sian_quote.php"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 14:37:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/23 14:30:42 | 000,000,000 | ---D | M]

[2010/03/19 12:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Extensions
[2011/08/07 10:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Firefox\Profiles\3vtzljp6.default\extensions
[2011/07/31 18:33:58 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Firefox\Profiles\3vtzljp6.default\extensions\[email protected]
[2011/08/07 10:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 13:59:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/16 22:54:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/07/16 13:59:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 07:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-448539723-113007714-682003330-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\prnsys.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueZone Session Manager.LNK = C:\Program Files\SEAGULL\BlueZone\BZSM.EXE (Seagull Software Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.23 213.109.75.218 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/05 11:27:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/10 13:34:09 | 000,002,147 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O33 - MountPoints2\{5ff079e0-2ec3-11df-ac13-e59138676cbc}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 10:40:27 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael Belmont\Desktop\OTL.exe
[2011/07/31 18:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Application Data\Malwarebytes
[2011/07/31 18:44:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 18:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 18:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/07/31 18:44:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 18:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 18:37:05 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Michael Belmont\Desktop\mbam-clean.exe
[2011/07/31 18:21:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael Belmont\Recent
[2011/07/31 18:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dell Wireless
[2011/07/31 18:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Start Menu\Programs\Dell Inc
[2011/07/31 17:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Deployment
[2011/07/31 17:38:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/07/31 17:37:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/07/31 17:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/28 15:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Activision Value
[2011/07/28 13:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Imagineering
[2004/11/29 19:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 10:40:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Belmont\Desktop\OTL.exe
[2011/08/07 10:38:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/07 10:30:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/07 10:30:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 21:06:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1006UA.job
[2011/07/31 20:23:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1003UA.job
[2011/07/31 18:37:06 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Michael Belmont\Desktop\mbam-clean.exe
[2011/07/31 18:25:58 | 000,056,802 | ---- | M] () -- C:\WINDOWS\System32\DellSystem.xml
[2011/07/31 18:18:22 | 000,400,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/31 18:18:22 | 000,061,148 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/30 02:23:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1003Core.job
[2011/07/30 01:06:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1006Core.job
[2011/07/28 15:11:42 | 000,000,129 | ---- | M] () -- C:\WINDOWS\disney.ini
[2011/07/28 13:38:21 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/07/28 13:38:20 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/07/28 13:38:18 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/07/28 13:37:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\EReg515.dat
[2011/07/28 13:32:52 | 000,000,172 | ---- | M] () -- C:\WINDOWS\disneysy.ini
[2011/07/28 13:13:46 | 000,000,500 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2011/07/28 00:34:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/19 22:55:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/14 22:20:18 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Michael Belmont\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/14 22:20:16 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Michael Belmont\Desktop\Google Chrome.lnk
[2011/07/14 16:48:42 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/10 12:31:16 | 000,076,674 | ---- | M] () -- C:\Documents and Settings\Michael Belmont\Desktop\cwvDm9asA3Lw9bMWwbl5etGTDA.jpg
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 17:58:43 | 000,056,802 | ---- | C] () -- C:\WINDOWS\System32\DellSystem.xml
[2011/07/28 13:37:58 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/07/28 13:37:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/07/28 13:37:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/07/28 13:37:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2011/07/28 13:33:24 | 000,000,129 | ---- | C] () -- C:\WINDOWS\disney.ini
[2011/07/28 13:32:33 | 000,000,172 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2011/07/28 00:39:15 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/10 12:31:27 | 000,076,674 | ---- | C] () -- C:\Documents and Settings\Michael Belmont\Desktop\cwvDm9asA3Lw9bMWwbl5etGTDA.jpg
[2011/03/24 12:03:22 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 13:09:31 | 000,000,313 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/07/16 09:06:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/22 19:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/21 16:07:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/04/21 16:05:12 | 000,000,500 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/04/19 16:11:57 | 000,001,426 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2010/04/11 15:48:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/04/10 17:23:21 | 000,000,411 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/03/19 14:01:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/03/19 14:01:35 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/03/19 14:01:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/03/19 12:47:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/13 01:14:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 01:06:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/12 16:45:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/12 16:44:11 | 000,145,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 18:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 18:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,400,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,061,148 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 14:14:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2003/08/18 06:55:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2003/08/18 06:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 07:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== LOP Check ==========

[2006/10/05 13:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/19 16:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/10/20 13:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2011/07/28 13:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Imagineering
[2010/09/13 12:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\f-secure
[2010/04/20 09:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg
[2010/12/06 22:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/10/10 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Funk Software
[2006/10/10 13:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Seagull Software
[2006/10/10 13:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedexadmin.FEDEX-FD4755747\Application Data\Funk Software
[2006/10/10 13:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedexadmin.FEDEX-FD4755747\Application Data\Seagull Software
[2010/06/03 22:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Belmont\Application Data\Canon
[2010/04/19 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Belmont\Application Data\f-secure
[2010/04/19 16:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Belmont\Application Data\InterTrust
[2010/09/22 20:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommy\Application Data\Canon
[2011/08/07 10:38:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 09 August 2011 - 09:42 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :unsure:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Can you please post the contents of the Extras.txt log for me to review?

DO you recognize this file?

[2011/07/10 12:31:16 | 000,076,674 | ---- | M] () -- C:\Documents and Settings\Michael Belmont\Desktop\cwvDm9asA3Lw9bMWwbl5etGTDA.jpg



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
DRV - (MpKslb0210cf6) -- File not found
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
[2010/07/16 13:59:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/16 22:54:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-448539723-113007714-682003330-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.23 213.109.75.218 1.1.1.1
O33 - MountPoints2\{5ff079e0-2ec3-11df-ac13-e59138676cbc}\Shell\AutoRun\command - "" = E:\setupSNK.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/04/19 16:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9

:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#3
ChrisPittts
Posted 09 August 2011 - 02:04 PM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
ST -
Thank you so much. I will do my best to follow your directions to the letter...

I will post the log below, and then begin on your other instructions...

OTL Extras logfile created on: 8/7/2011 10:59:46 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Michael Belmont\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.36 Mb Total Physical Memory | 172.41 Mb Available Physical Memory | 34.25% Memory free
1.20 Gb Paging File | 0.72 Gb Available in Paging File | 59.71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.85 Gb Total Space | 12.34 Gb Free Space | 44.29% Space Free | Partition Type: NTFS

Computer Name: MJ-BEB851079773 | User Name: Michael Belmont | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}" = hp deskjet 6122
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.1
"EOS Utility" = Canon Utilities EOS Utility
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 6122 series_Driver" = hp deskjet 6122 series
"hp print screen utility" = hp print screen utility
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Progress Bar" = Progress Bar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2011 9:45:27 PM | Computer Name = MJ-BEB851079773 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/19/2011 9:45:27 PM | Computer Name = MJ-BEB851079773 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 129640

Error - 4/19/2011 9:45:27 PM | Computer Name = MJ-BEB851079773 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 129640

Error - 4/19/2011 10:29:55 PM | Computer Name = MJ-BEB851079773 | Source = Application Hang | ID = 1002
Description = Hanging application EOS Utility.exe, version 1.0.3.17, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2011 10:30:08 PM | Computer Name = MJ-BEB851079773 | Source = Application Hang | ID = 1001
Description = Fault bucket 276856383.

Error - 4/21/2011 6:21:46 PM | Computer Name = MJ-BEB851079773 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/21/2011 6:21:46 PM | Computer Name = MJ-BEB851079773 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/25/2011 9:35:08 AM | Computer Name = MJ-BEB851079773 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/25/2011 9:35:08 AM | Computer Name = MJ-BEB851079773 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3125

Error - 4/25/2011 9:35:08 AM | Computer Name = MJ-BEB851079773 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3125

[ OSession Events ]
Error - 2/25/2011 5:04:50 PM | Computer Name = MJ-BEB851079773 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27885
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/28/2011 12:28:38 AM | Computer Name = MJ-BEB851079773 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.109.392.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 7/31/2011 5:02:37 PM | Computer Name = MJ-BEB851079773 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.109 for the Network Card with network
address 000E9BD198B7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/31/2011 7:36:46 PM | Computer Name = MJ-BEB851079773 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 7/31/2011 7:36:46 PM | Computer Name = MJ-BEB851079773 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 7/31/2011 8:41:58 PM | Computer Name = MJ-BEB851079773 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/31/2011 8:42:44 PM | Computer Name = MJ-BEB851079773 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm MpFilter

Error - 7/31/2011 8:49:38 PM | Computer Name = MJ-BEB851079773 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/31/2011 8:51:35 PM | Computer Name = MJ-BEB851079773 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 000E9BD198B7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/7/2011 10:33:39 AM | Computer Name = MJ-BEB851079773 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/7/2011 10:33:39 AM | Computer Name = MJ-BEB851079773 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

#4
SweetTech
Posted 09 August 2011 - 02:06 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Thank you so much. I will do my best to follow your directions to the letter...

:)
  • 0

#5
ChrisPittts
Posted 09 August 2011 - 02:07 PM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
The file you asked about is a photo download. This is not my laptop - but it looks like a normal photo...
  • 0

#6
SweetTech
Posted 09 August 2011 - 02:15 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay, thanks for that information. I asked because the file name looked pretty funky.
  • 0

#7
ChrisPittts
Posted 09 August 2011 - 03:06 PM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Ok - Hope I did this right...

OTL log followed by combo fix...

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Error: No service named MpKslb0210cf6 was found to stop!
Service\Driver key MpKslb0210cf6 not found.
File File not found not found.
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-448539723-113007714-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ff079e0-2ec3-11df-ac13-e59138676cbc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ff079e0-2ec3-11df-ac13-e59138676cbc}\ not found.
File E:\setupSNK.exe not found.
C:\WINDOWS\002923_.tmp deleted successfully.
C:\WINDOWS\002925_.tmp deleted successfully.
C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP folder deleted successfully.
C:\WINDOWS\invcol.tmp deleted successfully.
C:\WINDOWS\SET29.tmp deleted successfully.
C:\WINDOWS\SET2A.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET7E.tmp deleted successfully.
C:\WINDOWS\System32\SET82.tmp deleted successfully.
C:\WINDOWS\System32\SET83.tmp deleted successfully.
C:\WINDOWS\System32\SET8A.tmp deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9 folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Michael Belmont\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael Belmont\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Michael Belmont\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael Belmont\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: fedexadmin.FEDEX-FD4755747
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81920 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matthew
->Temp folder emptied: 53754426 bytes
->Temporary Internet Files folder emptied: 65603 bytes
->Java cache emptied: 25571 bytes
->FireFox cache emptied: 79684897 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 487 bytes

User: Michael Belmont
->Temp folder emptied: 86094671 bytes
->Temporary Internet Files folder emptied: 24731322 bytes
->Java cache emptied: 6090168 bytes
->FireFox cache emptied: 97030201 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2136 bytes

User: MJ
->Temp folder emptied: 385986448 bytes
->Temporary Internet Files folder emptied: 2392064 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52181835 bytes
->Flash cache emptied: 1957278 bytes

User: Mommy
->Temp folder emptied: 243452964 bytes
->Temporary Internet Files folder emptied: 7127040 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53005389 bytes
->Flash cache emptied: 2831078 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 1408924 bytes
->Temporary Internet Files folder emptied: 582082 bytes

User: Peter
->Temp folder emptied: 55016681 bytes
->Temporary Internet Files folder emptied: 458752 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47829339 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3787540 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67653806 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 116819172 bytes

Total Files Cleaned = 1,326.00 mb


[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: fedexadmin.FEDEX-FD4755747

User: LocalService

User: LocalService.NT AUTHORITY

User: Matthew
->Flash cache emptied: 0 bytes

User: Michael Belmont
->Flash cache emptied: 0 bytes

User: MJ
->Flash cache emptied: 0 bytes

User: Mommy
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Peter
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08092011_160929

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXKTOT8J\noperf=1;alias=93315260;cfp=1;noaddonpl=y;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93315260;target=_blank;aduho=-240;grp=151005203;misc=151005203[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXKTOT8J\size=386x80;noperf=1;alias=93309870;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93309870;target=_blank;aduho=-240;grp=151606906;misc=151606906[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\IPADEBQ3\size=300x345;noperf=1;alias=93309792;cfp=1;noaddonpl=y;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93309792;target=_blank;aduho=-240;grp=151606906;misc=151606906[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\IPADEBQ3\size=300x75;noperf=1;alias=93309868;cfp=1;noaddonpl=y;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93309868;target=_blank;aduho=-240;grp=151606906;misc=151606906[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVGT8RM1\size=300x345;noperf=1;alias=93309792;cfp=1;noaddonpl=y;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93309792;target=_blank;aduho=-240;grp=151005203;misc=151005203[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVGT8RM1\size=61x21;noperf=1;alias=93309869;cfp=1;noaddonpl=y;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93309869;target=_blank;aduho=-240;grp=151606906;misc=151606906[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\AT6RML0L\noperf=1;alias=93315260;cfp=1;noaddonpl=y;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93315260;target=_blank;aduho=-240;grp=151606906;misc=151606906[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\AT6RML0L\size=300x75;noperf=1;alias=93309868;cfp=1;noaddonpl=y;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93309868;target=_blank;aduho=-240;grp=151005203;misc=151005203[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\A

T6RML0L\size=386x80;cfp=1;rndc=131215101;noperf=1;alias=93309870;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93309870;target=_blank;aduho=-240;grp=151005203;misc=15100520[1] not found!
File\Folder C:\Documents and Settings\Michael Belmont\Local Settings\Temp\Temporary Internet Files\Content.IE5\AT6RML0L\size=61x21;noperf=1;alias=93309869;cfp=1;noaddonpl=y;kvugc=0;kvui=b96bf736bbc311e087bc8bcc72f4c36b;kvmn=93309869;target=_blank;aduho=-240;grp=151005203;misc=151005203[1] not found!
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...


COMBO FIX

ComboFix 11-08-09.02 - Michael Belmont 08/09/2011 16:33:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.123 [GMT -4:00]
Running from: c:\documents and settings\Michael Belmont\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matthew\WINDOWS
c:\documents and settings\Michael Belmont\WINDOWS
c:\documents and settings\Peter\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 20:19 . 2011-08-09 20:19 28752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C5E2617-C252-4B56-B611-7F3A15EE5358}\MpKsl2db6cfa9.sys
2011-08-09 20:09 . 2011-08-09 20:09 -------- dc----w- C:\_OTL
2011-08-09 20:07 . 2011-08-09 20:07 -------- dc----w- C:\2ff5a2b8e12ee606e568002813df103b
2011-08-09 20:03 . 2011-08-09 20:03 -------- dc----w- C:\32ada37ebc0a802f5407f0
2011-08-09 20:03 . 2011-08-09 20:09 -------- dc----w- C:\413584e0a82357ba95a1
2011-08-09 20:00 . 2011-08-09 20:00 28752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C5E2617-C252-4B56-B611-7F3A15EE5358}\MpKslccf2734d.sys
2011-08-07 14:45 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C5E2617-C252-4B56-B611-7F3A15EE5358}\mpengine.dll
2011-07-31 23:40 . 2011-07-31 23:40 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\WMTools Downloaded Files
2011-07-31 23:37 . 2011-07-31 23:37 -------- d-----w- c:\documents and settings\Matthew\Application Data\Malwarebytes
2011-07-31 22:44 . 2011-07-31 22:44 -------- d-----w- c:\documents and settings\Michael Belmont\Application Data\Malwarebytes
2011-07-31 22:44 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 22:44 . 2011-07-31 22:44 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-07-31 22:44 . 2011-07-31 22:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 22:44 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 21:59 . 2011-07-31 22:03 -------- d-----w- c:\documents and settings\Michael Belmont\Local Settings\Application Data\Deployment
2011-07-31 21:07 . 2011-07-31 21:07 -------- d-----w- c:\program files\CCleaner
2011-07-28 19:14 . 2011-07-28 19:14 -------- d-----w- c:\program files\Activision Value
2011-07-28 17:38 . 2011-07-28 17:38 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Disney Imagineering
2011-07-28 17:37 . 2011-07-28 17:38 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-07-28 17:37 . 2011-07-28 17:38 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-07-28 17:37 . 2011-07-28 17:38 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-07-28 04:31 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2010-09-14 17:35 6881616 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 23:14 . 2010-09-13 17:01 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"PrnSys Executable"="c:\program files\Hewlett-Packard\hp print screen utility\PrnSys.exe" [2002-08-01 36864]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-08-30 188416]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\MJ\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Peter\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Michael Belmont\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
.
R1 MpKsl2db6cfa9;MpKsl2db6cfa9;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C5E2617-C252-4B56-B611-7F3A15EE5358}\MpKsl2db6cfa9.sys [8/9/2011 4:19 PM 28752]
R1 MpKslccf2734d;MpKslccf2734d;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C5E2617-C252-4B56-B611-7F3A15EE5358}\MpKslccf2734d.sys [8/9/2011 4:00 PM 28752]
S1 MpKsl07dabd06;MpKsl07dabd06;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E99541B-259E-4DEC-9DDF-1B7DF991F4E9}\MpKsl07dabd06.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E99541B-259E-4DEC-9DDF-1B7DF991F4E9}\MpKsl07dabd06.sys [?]
S1 MpKsl30841899;MpKsl30841899;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64366DD8-D550-43D3-A51F-DCCDDB68B7AF}\MpKsl30841899.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64366DD8-D550-43D3-A51F-DCCDDB68B7AF}\MpKsl30841899.sys [?]
S1 MpKsl36d05cb1;MpKsl36d05cb1;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E598FC65-15B9-45DA-9A1F-76117939C2E9}\MpKsl36d05cb1.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E598FC65-15B9-45DA-9A1F-76117939C2E9}\MpKsl36d05cb1.sys [?]
S1 MpKsl3e1e0fd0;MpKsl3e1e0fd0;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82B31AE4-1DD4-4950-ADB9-0115F1A06BF3}\MpKsl3e1e0fd0.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82B31AE4-1DD4-4950-ADB9-0115F1A06BF3}\MpKsl3e1e0fd0.sys [?]
S1 MpKsl437a4a91;MpKsl437a4a91;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EBA0ED57-04BE-4175-B1F7-50B358C5CB24}\MpKsl437a4a91.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EBA0ED57-04BE-4175-B1F7-50B358C5CB24}\MpKsl437a4a91.sys [?]
S1 MpKsl43a2d531;MpKsl43a2d531;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{417A6826-FF58-46C5-8D9B-BF8B7A60DD6F}\MpKsl43a2d531.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{417A6826-FF58-46C5-8D9B-BF8B7A60DD6F}\MpKsl43a2d531.sys [?]
S1 MpKsl48f80826;MpKsl48f80826;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71E92729-3A49-4AA6-850C-43656986FA0E}\MpKsl48f80826.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71E92729-3A49-4AA6-850C-43656986FA0E}\MpKsl48f80826.sys [?]
S1 MpKsl4bca8e73;MpKsl4bca8e73;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35B79E03-D6DE-4FDD-B2CF-AD0393C85CCB}\MpKsl4bca8e73.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35B79E03-D6DE-4FDD-B2CF-AD0393C85CCB}\MpKsl4bca8e73.sys [?]
S1 MpKsl4c5f7fdc;MpKsl4c5f7fdc;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7883D68-A794-42A8-826A-6BAF2B39EFB5}\MpKsl4c5f7fdc.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7883D68-A794-42A8-826A-6BAF2B39EFB5}\MpKsl4c5f7fdc.sys [?]
S1 MpKsl54b6248d;MpKsl54b6248d;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EBBFB68-0077-454F-B739-51D79D2D7196}\MpKsl54b6248d.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EBBFB68-0077-454F-B739-51D79D2D7196}\MpKsl54b6248d.sys [?]
S1 MpKsl55271886;MpKsl55271886;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E99541B-259E-4DEC-9DDF-1B7DF991F4E9}\MpKsl55271886.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E99541B-259E-4DEC-9DDF-1B7DF991F4E9}\MpKsl55271886.sys [?]
S1 MpKsl6f0c5a08;MpKsl6f0c5a08;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A244634A-DC31-450F-B1E2-3D95F8A0519B}\MpKsl6f0c5a08.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A244634A-DC31-450F-B1E2-3D95F8A0519B}\MpKsl6f0c5a08.sys [?]
S1 MpKsl802ef946;MpKsl802ef946;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E2694B2-0547-4174-96C2-622335A30CB1}\MpKsl802ef946.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E2694B2-0547-4174-96C2-622335A30CB1}\MpKsl802ef946.sys [?]
S1 MpKsl85f23ca2;MpKsl85f23ca2;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDA461E-3A53-464F-8F46-545E1405786E}\MpKsl85f23ca2.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDA461E-3A53-464F-8F46-545E1405786E}\MpKsl85f23ca2.sys [?]
S1 MpKsl8874233f;MpKsl8874233f;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B2DE1D5-3BAF-4E74-9F39-BD47B6BA13E8}\MpKsl8874233f.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B2DE1D5-3BAF-4E74-9F39-BD47B6BA13E8}\MpKsl8874233f.sys [?]
S1 MpKsl891ce307;MpKsl891ce307;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CB5012B-FD27-4A54-9182-5C5EF8D444E9}\MpKsl891ce307.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CB5012B-FD27-4A54-9182-5C5EF8D444E9}\MpKsl891ce307.sys [?]
S1 MpKsl8da7c233;MpKsl8da7c233;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BBFC3DA-DA9E-4986-BDC3-3254B33F95EC}\MpKsl8da7c233.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BBFC3DA-DA9E-4986-BDC3-3254B33F95EC}\MpKsl8da7c233.sys [?]
S1 MpKslafb24840;MpKslafb24840;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBA66609-C37E-46FC-BD08-6B4D54CCA15C}\MpKslafb24840.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBA66609-C37E-46FC-BD08-6B4D54CCA15C}\MpKslafb24840.sys [?]
S1 MpKslc3542fdf;MpKslc3542fdf;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{106A567B-C9AD-47A8-AB5A-F7860F9B906B}\MpKslc3542fdf.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{106A567B-C9AD-47A8-AB5A-F7860F9B906B}\MpKslc3542fdf.sys [?]
S1 MpKslc83c2d22;MpKslc83c2d22;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D1667AD-8B3D-4C13-8B98-6A7F759CE489}\MpKslc83c2d22.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D1667AD-8B3D-4C13-8B98-6A7F759CE489}\MpKslc83c2d22.sys [?]
S1 MpKsld2c62d31;MpKsld2c62d31;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C5E2617-C252-4B56-B611-7F3A15EE5358}\MpKsld2c62d31.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C5E2617-C252-4B56-B611-7F3A15EE5358}\MpKsld2c62d31.sys [?]
S1 MpKsle7e9ed98;MpKsle7e9ed98;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6E2BF3C-5229-4ADE-A5E6-20A9C162A6D1}\MpKsle7e9ed98.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6E2BF3C-5229-4ADE-A5E6-20A9C162A6D1}\MpKsle7e9ed98.sys [?]
S1 MpKslf6b148ea;MpKslf6b148ea;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3804DE78-F441-470D-A763-6D61A0563584}\MpKslf6b148ea.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3804DE78-F441-470D-A763-6D61A0563584}\MpKslf6b148ea.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/31/2011 6:44 PM 41272]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 6:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL2DB6CFA9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1003Core.job
- c:\documents and settings\Michael Belmont\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-11 17:03]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1003UA.job
- c:\documents and settings\Michael Belmont\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-11 17:03]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1006Core.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-17 05:01]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1006UA.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-17 05:01]
.
2011-08-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.109.66.23 213.109.75.218 1.1.1.1
FF - ProfilePath - c:\documents and settings\Michael Belmont\Application Data\Mozilla\Firefox\Profiles\3vtzljp6.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.oblates.org/the_oblates/salesian_quote.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Xmarks: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-09 16:49:08
ComboFix-quarantined-files.txt 2011-08-09 20:49
.
Pre-Run: 13,768,298,496 bytes free
Post-Run: 13,740,314,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 31D9F0E4079F0340BBBAEEB27056ADF0
  • 0

#8
ChrisPittts
Posted 09 August 2011 - 08:13 PM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Sorry - I reread everything and noticed I didn't report on how the computer is running... It is still having the redirect problem, and seems very slow and sluggish...
  • 0

#9
SweetTech
Posted 11 August 2011 - 08:45 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Okay. Lets run this tool and see if it finds anything.


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#10
ChrisPittts
Posted 11 August 2011 - 08:49 AM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Great! I will run this in a bit and get right back to you. Thanks again!!!!
  • 0

Advertisements

#11
SweetTech
Posted 11 August 2011 - 09:27 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#12
ChrisPittts
Posted 11 August 2011 - 11:45 AM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
2011/08/11 13:42:08.0281 2880 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/11 13:42:08.0812 2880 ================================================================================
2011/08/11 13:42:08.0812 2880 SystemInfo:
2011/08/11 13:42:08.0812 2880
2011/08/11 13:42:08.0812 2880 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/11 13:42:08.0812 2880 Product type: Workstation
2011/08/11 13:42:08.0812 2880 ComputerName: MJ-BEB851079773
2011/08/11 13:42:08.0812 2880 UserName: Michael Belmont
2011/08/11 13:42:08.0812 2880 Windows directory: C:\WINDOWS
2011/08/11 13:42:08.0812 2880 System windows directory: C:\WINDOWS
2011/08/11 13:42:08.0812 2880 Processor architecture: Intel x86
2011/08/11 13:42:08.0812 2880 Number of processors: 1
2011/08/11 13:42:08.0812 2880 Page size: 0x1000
2011/08/11 13:42:08.0812 2880 Boot type: Normal boot
2011/08/11 13:42:08.0812 2880 ================================================================================
2011/08/11 13:42:14.0531 2880 Initialize success
2011/08/11 13:42:19.0140 1304 ================================================================================
2011/08/11 13:42:19.0140 1304 Scan started
2011/08/11 13:42:19.0140 1304 Mode: Manual;
2011/08/11 13:42:19.0140 1304 ================================================================================
2011/08/11 13:42:23.0890 1304 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/11 13:42:24.0843 1304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/11 13:42:26.0218 1304 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/11 13:42:26.0671 1304 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/11 13:42:27.0390 1304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/11 13:42:27.0562 1304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/11 13:42:27.0906 1304 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/11 13:42:28.0062 1304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/11 13:42:28.0203 1304 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/08/11 13:42:28.0875 1304 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/11 13:42:29.0406 1304 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/11 13:42:29.0968 1304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/11 13:42:30.0218 1304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/11 13:42:30.0437 1304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/11 13:42:30.0828 1304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/11 13:42:31.0125 1304 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/08/11 13:42:31.0828 1304 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/11 13:42:32.0375 1304 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/11 13:42:32.0718 1304 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/11 13:42:32.0875 1304 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/11 13:42:33.0125 1304 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/11 13:42:33.0296 1304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/11 13:42:33.0515 1304 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/11 13:42:33.0859 1304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/11 13:42:34.0500 1304 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/11 13:42:34.0875 1304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/11 13:42:35.0218 1304 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/11 13:42:35.0687 1304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/11 13:42:36.0171 1304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/11 13:42:36.0359 1304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/11 13:42:36.0562 1304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/11 13:42:36.0765 1304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/11 13:42:37.0062 1304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/11 13:42:37.0218 1304 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/11 13:42:37.0375 1304 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/08/11 13:42:37.0625 1304 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2011/08/11 13:42:37.0859 1304 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/11 13:42:38.0203 1304 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/11 13:42:38.0468 1304 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/11 13:42:38.0703 1304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/11 13:42:38.0968 1304 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/11 13:42:39.0156 1304 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/11 13:42:39.0328 1304 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/11 13:42:39.0484 1304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/11 13:42:39.0625 1304 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/11 13:42:39.0781 1304 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/11 13:42:39.0875 1304 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/11 13:42:40.0062 1304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/11 13:42:40.0250 1304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/11 13:42:40.0421 1304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/11 13:42:40.0609 1304 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/11 13:42:40.0812 1304 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/11 13:42:41.0812 1304 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/11 13:42:42.0203 1304 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/11 13:42:42.0375 1304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/11 13:42:42.0578 1304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/11 13:42:42.0765 1304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/11 13:42:42.0875 1304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/11 13:42:43.0218 1304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/11 13:42:43.0406 1304 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/11 13:42:43.0640 1304 MpKsl050364f9 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFD9E757-036F-4D08-B8C4-86571EAF5A0A}\MpKsl050364f9.sys
2011/08/11 13:42:44.0703 1304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/11 13:42:44.0937 1304 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/11 13:42:45.0109 1304 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/11 13:42:45.0203 1304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/11 13:42:45.0375 1304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/11 13:42:45.0437 1304 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/11 13:42:45.0593 1304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/11 13:42:45.0671 1304 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/11 13:42:45.0890 1304 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/11 13:42:46.0109 1304 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/11 13:42:46.0265 1304 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/11 13:42:46.0312 1304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/11 13:42:46.0500 1304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/11 13:42:46.0671 1304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/11 13:42:46.0859 1304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/11 13:42:47.0078 1304 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/11 13:42:47.0187 1304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/11 13:42:47.0421 1304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/11 13:42:47.0578 1304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/11 13:42:47.0734 1304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/11 13:42:48.0093 1304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/11 13:42:48.0265 1304 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/11 13:42:48.0453 1304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/11 13:42:48.0625 1304 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/11 13:42:48.0843 1304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/08/11 13:42:49.0125 1304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/11 13:42:49.0609 1304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/11 13:42:49.0796 1304 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/11 13:42:50.0046 1304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/11 13:42:50.0390 1304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/11 13:42:50.0484 1304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/11 13:42:50.0671 1304 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/11 13:42:50.0750 1304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/11 13:42:51.0062 1304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/11 13:42:51.0265 1304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/11 13:42:51.0437 1304 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/11 13:42:51.0625 1304 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/11 13:42:51.0781 1304 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/11 13:42:51.0906 1304 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/11 13:42:52.0046 1304 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/11 13:42:52.0109 1304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/11 13:42:52.0250 1304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/11 13:42:52.0515 1304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/11 13:42:52.0687 1304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/11 13:42:52.0781 1304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/11 13:42:53.0156 1304 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2011/08/11 13:42:53.0359 1304 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/11 13:42:53.0531 1304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/11 13:42:53.0828 1304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/11 13:42:54.0265 1304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/11 13:42:54.0515 1304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/11 13:42:54.0796 1304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/11 13:42:55.0265 1304 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/11 13:42:55.0765 1304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/11 13:42:56.0359 1304 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/11 13:42:56.0687 1304 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/11 13:42:57.0000 1304 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/11 13:42:57.0265 1304 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/11 13:42:57.0453 1304 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/11 13:42:57.0625 1304 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/11 13:42:57.0812 1304 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/11 13:42:58.0187 1304 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/11 13:42:58.0406 1304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/11 13:42:58.0640 1304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/11 13:42:58.0968 1304 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/11 13:42:59.0203 1304 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/11 13:42:59.0453 1304 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/11 13:42:59.0921 1304 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/11 13:43:00.0078 1304 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/11 13:43:00.0140 1304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/11 13:43:00.0437 1304 Boot (0x1200) (f6a4d8f8fb7a3f3773662be6af466ba7) \Device\Harddisk0\DR0\Partition0
2011/08/11 13:43:00.0468 1304 ================================================================================
2011/08/11 13:43:00.0468 1304 Scan finished
2011/08/11 13:43:00.0468 1304 ================================================================================
2011/08/11 13:43:00.0515 3828 Detected object count: 0
2011/08/11 13:43:00.0515 3828 Actual detected object count: 0
  • 0

#13
SweetTech
Posted 12 August 2011 - 02:02 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Are you experiencing the redirect on any other computers in the household? Do you connect via a router?
  • 0

#14
ChrisPittts
Posted 12 August 2011 - 08:05 PM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Yes - we use a router, but only experienced a similar redirect a few months ago on my laptop - but thanks to the able help of a moderator on this site we fixed the computer. I've since changed laptops, and the new one has had no problems at all. My sister has a very, very old laptop that she only uses occasionally - and I believe it has the redirect problem.
  • 0

#15
SweetTech
Posted 13 August 2011 - 02:45 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Okay. I'm going to provide you with instructions to reset your router, and see if that fixes the redirect issue.

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
  • Under General tab:
  • Select "Obtain an IP address automatically".
  • Select "Obtain DNS server address automatically".

[*]Click OK twice to save the settings.
[*]Reboot if you had to change any setting.[/list][/list]

NEXT:



Flush the DNS cache
  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following
ipconfig /flushdns
  • then hit enter
  • Exit the command window.

After that, Reboot and be sure to let me know if that takes care of the redirect issue.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP