gmax

Members

View Profile See their activity

Posts
18
Joined
July 2, 2011
Last visited
July 6, 2011

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by gmax

Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Hi, Thanks for all your help! I have implemented your suggestions. I had trouble installing FileHippo, I'll try again on that later. One last question: Can you explain to me why several programs all failed to detect the virus, and why you were able to finally locate it? Thanks again!
- July 5, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Hi, I have posted the two requested logs below. The computer is running great, no more redirect issues. It also seems a little smoother, I have had some problems recently when scrolling down a page with the computer dragging. That is now much better. I uninstalled AVG Free antivirus at the start of this process to allow MBAM to run. I am thinking about using Avast free edition now. Thanks for your help. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7026 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/5/2011 8:36:20 AM mbam-log-2011-07-05 (08-36-20).txt Scan type: Quick scan Objects scanned: 160637 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=036983ebc66b7f4283fd7dee2f69bfce # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-05 01:32:26 # local_time=2011-07-05 09:32:26 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 4244303 4244303 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=68303 # found=0 # cleaned=0 # scan_time=2022
- July 5, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

I downloaded and ran TDSSKiller. It did find a malicious file. I am no longer being redirected when using Bing. Here is the log. 2011/07/04 21:15:36.0250 2416 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21 2011/07/04 21:15:36.0765 2416 ================================================================================ 2011/07/04 21:15:36.0765 2416 SystemInfo: 2011/07/04 21:15:36.0765 2416 2011/07/04 21:15:36.0765 2416 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/04 21:15:36.0765 2416 Product type: Workstation 2011/07/04 21:15:36.0765 2416 ComputerName: GREG-MAIN 2011/07/04 21:15:36.0765 2416 UserName: Greg 2011/07/04 21:15:36.0765 2416 Windows directory: C:\WINDOWS 2011/07/04 21:15:36.0765 2416 System windows directory: C:\WINDOWS 2011/07/04 21:15:36.0765 2416 Processor architecture: Intel x86 2011/07/04 21:15:36.0765 2416 Number of processors: 2 2011/07/04 21:15:36.0765 2416 Page size: 0x1000 2011/07/04 21:15:36.0765 2416 Boot type: Normal boot 2011/07/04 21:15:36.0765 2416 ================================================================================ 2011/07/04 21:15:38.0000 2416 Initialize success 2011/07/04 21:15:41.0718 3508 ================================================================================ 2011/07/04 21:15:41.0718 3508 Scan started 2011/07/04 21:15:41.0718 3508 Mode: Manual; 2011/07/04 21:15:41.0718 3508 ================================================================================ 2011/07/04 21:15:43.0125 3508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/04 21:15:43.0156 3508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/04 21:15:43.0218 3508 aeaudio (5ca3873be2477f5dc0035e9ff9c7be0f) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/07/04 21:15:43.0234 3508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/04 21:15:43.0281 3508 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/04 21:15:43.0312 3508 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/07/04 21:15:43.0500 3508 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys 2011/07/04 21:15:43.0546 3508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/04 21:15:43.0562 3508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/04 21:15:43.0593 3508 AtcL002 (2610034ecd11a675ed2e2601c87961af) C:\WINDOWS\system32\DRIVERS\l251x86.sys 2011/07/04 21:15:43.0640 3508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/04 21:15:43.0687 3508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/04 21:15:43.0718 3508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/04 21:15:43.0765 3508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/04 21:15:43.0812 3508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/04 21:15:43.0843 3508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/04 21:15:43.0859 3508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/04 21:15:44.0000 3508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/04 21:15:44.0046 3508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/04 21:15:44.0078 3508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys 2011/07/04 21:15:44.0125 3508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/04 21:15:44.0171 3508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/04 21:15:44.0234 3508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/04 21:15:44.0265 3508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/04 21:15:44.0312 3508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/07/04 21:15:44.0328 3508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/04 21:15:44.0343 3508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/07/04 21:15:44.0390 3508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/04 21:15:44.0406 3508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/04 21:15:44.0500 3508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/04 21:15:44.0531 3508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/04 21:15:44.0546 3508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/04 21:15:44.0593 3508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/04 21:15:44.0656 3508 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/07/04 21:15:44.0687 3508 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/07/04 21:15:44.0734 3508 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/07/04 21:15:44.0796 3508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/04 21:15:44.0875 3508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/04 21:15:44.0937 3508 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/07/04 21:15:44.0968 3508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/04 21:15:45.0140 3508 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/07/04 21:15:45.0187 3508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/07/04 21:15:45.0218 3508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/04 21:15:45.0265 3508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/04 21:15:45.0296 3508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/04 21:15:45.0328 3508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/04 21:15:45.0359 3508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/04 21:15:45.0390 3508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/04 21:15:45.0406 3508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/04 21:15:45.0421 3508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/04 21:15:45.0468 3508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/04 21:15:45.0500 3508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/04 21:15:45.0531 3508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/04 21:15:45.0578 3508 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 2011/07/04 21:15:45.0640 3508 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/07/04 21:15:45.0765 3508 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 2011/07/04 21:15:45.0812 3508 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2011/07/04 21:15:45.0828 3508 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/07/04 21:15:45.0875 3508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/04 21:15:45.0906 3508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/04 21:15:45.0921 3508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/04 21:15:45.0953 3508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/04 21:15:45.0984 3508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/04 21:15:46.0031 3508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/04 21:15:46.0078 3508 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/04 21:15:46.0109 3508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/04 21:15:46.0140 3508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/04 21:15:46.0171 3508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/04 21:15:46.0187 3508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/04 21:15:46.0234 3508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/04 21:15:46.0265 3508 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/07/04 21:15:46.0296 3508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/04 21:15:46.0328 3508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/04 21:15:46.0375 3508 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/04 21:15:46.0390 3508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/04 21:15:46.0421 3508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/04 21:15:46.0453 3508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/04 21:15:46.0500 3508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/04 21:15:46.0531 3508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/04 21:15:46.0593 3508 NETMDUSB (986acdece933131288f1957dc359865f) C:\WINDOWS\system32\Drivers\NETMDUSB.sys 2011/07/04 21:15:46.0625 3508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/04 21:15:46.0687 3508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/04 21:15:46.0750 3508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/04 21:15:47.0062 3508 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/07/04 21:15:47.0140 3508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/04 21:15:47.0171 3508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/04 21:15:47.0203 3508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/07/04 21:15:47.0234 3508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/04 21:15:47.0281 3508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/04 21:15:47.0312 3508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/04 21:15:47.0359 3508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/04 21:15:47.0406 3508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/04 21:15:47.0562 3508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/04 21:15:47.0609 3508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/04 21:15:47.0625 3508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/04 21:15:47.0671 3508 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/07/04 21:15:47.0765 3508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/04 21:15:47.0812 3508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/04 21:15:47.0859 3508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/04 21:15:47.0859 3508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/04 21:15:47.0921 3508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/04 21:15:47.0937 3508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/04 21:15:47.0984 3508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/04 21:15:48.0031 3508 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/04 21:15:48.0156 3508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/04 21:15:48.0265 3508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/04 21:15:48.0312 3508 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/04 21:15:48.0359 3508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/04 21:15:48.0390 3508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/07/04 21:15:48.0468 3508 smwdm (52484e4fa0f36b4894577858f313518e) C:\WINDOWS\system32\drivers\smwdm.sys 2011/07/04 21:15:48.0515 3508 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/07/04 21:15:48.0562 3508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/04 21:15:48.0609 3508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/04 21:15:48.0671 3508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/04 21:15:48.0703 3508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/04 21:15:48.0750 3508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/04 21:15:48.0859 3508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/04 21:15:48.0921 3508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/04 21:15:48.0968 3508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/04 21:15:49.0000 3508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/04 21:15:49.0046 3508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/04 21:15:49.0203 3508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/04 21:15:49.0281 3508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/04 21:15:49.0328 3508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/04 21:15:49.0359 3508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/04 21:15:49.0390 3508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/04 21:15:49.0437 3508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/04 21:15:49.0453 3508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/04 21:15:49.0500 3508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/04 21:15:49.0515 3508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/07/04 21:15:49.0562 3508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/04 21:15:49.0593 3508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/04 21:15:49.0640 3508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/04 21:15:49.0718 3508 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/07/04 21:15:49.0828 3508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/04 21:15:49.0906 3508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/04 21:15:49.0937 3508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/04 21:15:50.0062 3508 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0 2011/07/04 21:15:50.0062 3508 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0) 2011/07/04 21:15:50.0078 3508 Boot (0x1200) (677618c476a1e2831f710b5e92f70260) \Device\Harddisk0\DR0\Partition0 2011/07/04 21:15:50.0093 3508 Boot (0x1200) (250e21779b604628034d9afc79266a93) \Device\Harddisk0\DR0\Partition1 2011/07/04 21:15:50.0125 3508 Boot (0x1200) (1963cfeed6d7e1c89b087040d0351ecc) \Device\Harddisk0\DR0\Partition2 2011/07/04 21:15:50.0125 3508 ================================================================================ 2011/07/04 21:15:50.0125 3508 Scan finished 2011/07/04 21:15:50.0125 3508 ================================================================================ 2011/07/04 21:15:50.0140 2428 Detected object count: 1 2011/07/04 21:15:50.0140 2428 Actual detected object count: 1 2011/07/04 21:16:40.0984 2428 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot 2011/07/04 21:16:40.0984 2428 \Device\Harddisk0\DR0 - ok 2011/07/04 21:16:40.0984 2428 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/04 21:17:41.0859 3708 Deinitialize success Thanks!
- July 5, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

I have to leave now for about seven hours. I will perform the requested actions when I return. Thanks for your help.
- July 4, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Here is the log. I am still getting redirected. OTL logfile created on: 7/4/2011 10:41:28 AM - Run 3 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Greg\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.39% Memory free 3.83 Gb Paging File | 3.39 Gb Available in Paging File | 88.45% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 13.97 Gb Total Space | 2.09 Gb Free Space | 14.97% Space Free | Partition Type: NTFS Drive D: | 46.57 Gb Total Space | 35.64 Gb Free Space | 76.54% Space Free | Partition Type: NTFS Drive E: | 14.00 Gb Total Space | 13.15 Gb Free Space | 93.94% Space Free | Partition Type: NTFS Computer Name: GREG-MAIN | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr PRC - [2010/02/23 17:19:34 | 000,016,384 | ---- | M] () -- D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe ========== Modules (SafeList) ========== MOD - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010/02/23 17:19:34 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Greg\Local Settings\temp\IadHide4.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess) SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/04/21 20:26:56 | 000,778,240 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB) ========== Driver Services (SafeList) ========== DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007/07/03 06:33:26 | 000,029,696 | R--- | M] (Atheros Communications Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002) DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmaxventures.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.dogwoodguitars.com/" FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/14 18:27:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/05/06 08:13:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/05/06 08:13:18 | 000,000,000 | ---D | M] [2010/09/08 09:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions [2010/10/14 11:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\extensions [2007/11/20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll O1 HOSTS File: ([2011/06/15 14:16:26 | 000,618,793 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost #[iPv6] O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 abcstats.com O1 - Hosts: 127.0.0.1 a.abv.bg O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 ca.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 16379 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKCU..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe () O4 - HKCU..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM () O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://esource.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - D:\Program Files\Qualcomm\Eudora Mail\EuShlExt.dll (Qualcomm Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/21 01:00:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2000/01/07 20:57:58 | 000,000,131 | ---- | M] () - E:\AUTOEXEC.001 -- [ NTFS ] O32 - AutoRun File - [2001/07/04 10:10:26 | 000,000,254 | ---- | M] () - E:\Autoexec.Bat -- [ NTFS ] O32 - AutoRun File - [2000/08/30 09:06:42 | 000,000,131 | ---- | M] () - E:\autoexec.nai -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/04 10:34:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/07/04 07:52:07 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Greg\Desktop\mbam-setup.exe [2011/07/04 07:41:26 | 000,000,000 | ---D | C] -- C:\_OTL [2011/07/03 18:05:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr [2011/07/02 19:39:56 | 004,130,890 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe [2011/07/02 14:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes [2011/07/02 14:14:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/07/02 14:14:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/07/02 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\HiJackThis [2011/07/02 13:06:41 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/07/02 12:25:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/07/02 12:25:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/07/02 12:25:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/07/02 12:25:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/07/02 12:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/07/02 12:00:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/02 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools [2011/06/22 12:34:38 | 000,000,000 | ---D | C] -- C:\spoolerlogs [2011/06/04 13:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2011/07/04 10:38:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/07/04 10:37:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/04 10:35:29 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/07/04 10:35:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/04 10:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/07/04 09:39:53 | 004,130,890 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe [2011/07/04 09:07:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\RKUnhookerLE.EXE [2011/07/04 07:55:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/04 07:52:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Greg\Desktop\mbam-setup.exe [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr [2011/07/02 18:55:33 | 2138,222,592 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2011/07/02 13:06:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/06/29 11:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe [2011/06/24 09:33:55 | 001,036,375 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110702-112108.backup [2011/06/20 15:07:55 | 000,000,000 | ---- | M] () -- C:\Card_2 [2011/06/17 03:02:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/06/16 11:16:17 | 000,016,691 | ---- | M] () -- C:\WINDOWS\Debug.ini [2011/06/16 11:16:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\Temp.ini [2011/06/16 11:16:05 | 000,000,904 | ---- | M] () -- C:\WINDOWS\umaxuapi.ini [2011/06/15 15:51:44 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2011/06/15 14:16:26 | 000,618,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/06/06 12:16:34 | 001,035,883 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-093355.backup ========== Files Created - No Company Name ========== [2011/07/04 09:07:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\RKUnhookerLE.EXE [2011/07/04 07:55:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/02 13:06:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/07/02 13:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/07/02 12:25:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/07/02 12:25:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/07/02 12:25:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/07/02 12:25:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/07/02 12:25:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/07/02 12:17:16 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/06/20 15:07:55 | 000,000,000 | ---- | C] () -- C:\Card_2 [2010/02/23 17:19:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe [2009/12/21 20:42:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat [2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services [2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Greg\Application Data\InkjetPrinter [2009/11/09 11:50:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2009/11/09 11:50:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Keyboard Layouts [2009/08/14 18:18:57 | 000,149,152 | ---- | C] () -- C:\WINDOWS\hphins31.dat [2009/08/14 18:18:56 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat [2008/12/05 21:34:18 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll [2008/10/03 19:07:10 | 003,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll [2008/09/28 13:33:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll [2008/08/28 07:20:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll [2008/08/28 07:17:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll [2008/08/28 07:17:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll [2008/08/04 09:04:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\clk2PDF.INI [2008/06/09 16:46:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/15 16:59:23 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll [2008/03/18 12:24:11 | 000,000,904 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini [2008/03/18 12:23:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini [2008/03/18 11:31:51 | 000,001,178 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/03/18 11:31:44 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008/03/18 11:24:44 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2008/03/18 11:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI [2008/03/18 11:07:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008/03/18 11:04:23 | 000,016,691 | ---- | C] () -- C:\WINDOWS\Debug.ini [2008/03/18 11:01:44 | 000,000,181 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2008/03/18 11:01:32 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll [2008/03/18 11:01:20 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys [2008/02/11 12:17:48 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/10 17:45:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/02/10 12:22:44 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2008/02/10 12:22:44 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2008/02/10 12:22:41 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2008/02/10 12:22:41 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2008/01/22 12:54:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2008/01/22 01:41:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/01/21 03:09:52 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/01/21 02:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/01/21 01:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/01/21 00:56:24 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/01/20 18:41:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/01/20 18:38:07 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/12/05 02:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/12/05 02:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/12/05 02:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007/12/05 02:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/07/27 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/07/27 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/07/27 08:00:00 | 000,380,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2007/07/27 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/07/27 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/07/27 08:00:00 | 000,052,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2007/07/27 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/07/27 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/07/27 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/07/27 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/07/27 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2007/07/27 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2005/11/05 19:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe [2005/05/17 16:37:10 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe [2002/07/19 12:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe [2002/01/01 01:57:52 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2002/01/01 01:51:45 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2002/01/01 01:51:45 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2002/01/01 01:51:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011/07/02 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/18 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/18 19:52:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2009/02/02 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2011/07/02 12:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/11/09 11:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2010/11/19 20:58:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6} [2010/10/18 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10 [2008/06/04 05:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\IDS_COMPANY [2009/12/30 11:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Juniper Networks [2008/03/18 15:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasher [2011/07/04 08:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasherPro [2009/11/09 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Nikon [2010/01/01 17:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Octoshape [2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems [2011/07/04 10:38:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== < End of report >
- July 4, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Hi, I followed your directions and dragged the .txt file into the ComboFix icon. When ComboFix started it told me that a newer version was available. I clicked yes. ComboFix updated and then restarted itself. Here is the requested log: ComboFix 11-07-03.04 - Greg 07/04/2011 9:41.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1381 [GMT -4:00] Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Greg\Desktop\CFScript.txt . FILE :: "c:\windows\system32\drivers\xpsec.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Greg\LOCALS~1\Temp\IadHide4.dll c:\documents and settings\Greg\Local Settings\Temp\IadHide4.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip -------\Service_xpsec . . ((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 ))))))))))))))))))))))))))))))) . . 2011-07-04 11:41 . 2011-07-04 11:41 -------- d-----w- C:\_OTL 2011-07-02 23:14 . 2011-06-20 12:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DE1D799A-192F-4641-8883-BD7C84FD430C}\mpengine.dll 2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes 2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-02 18:14 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-02 18:14 . 2011-07-04 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-02 18:14 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-02 17:43 . 2011-07-02 17:43 388096 ----a-r- c:\documents and settings\Greg\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-02 17:43 . 2011-07-02 17:43 -------- d-----w- c:\program files\Trend Micro 2011-06-22 16:34 . 2011-06-22 16:34 -------- d-----w- C:\spoolerlogs 2011-06-16 20:32 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-22 16:48 . 2011-05-14 16:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 23:14 . 2009-10-02 16:22 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-02 15:31 . 2008-01-21 04:57 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2007-07-27 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2007-07-27 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2007-07-27 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-07-02_17.22.16 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-02 17:43 . 2011-07-02 17:43 1094656 c:\windows\Installer\148c72.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="d:\program files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2010-02-23 16384] "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nwiz"="nwiz.exe" [2007-12-05 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-22 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] Logitech Desktop Messenger.lnk - d:\program files\Desktop Messenger\8876480\Program\LDMConf.exe [2010-2-23 196608] Logitech SetPoint.lnk - d:\program files\SetPoint\SetPoint.exe [2008-11-3 805392] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "d:\program files\Qualcomm\Eudora Mail\EuShlExt.dll" [2005-11-14 86016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "d:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 8:58 AM 136176] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\x86\RaInfo.sys --> d:\program files\x86\RaInfo.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 8:58 AM 136176] . --- Other Services/Drivers In Memory --- . *Deregistered* - xcpip *Deregistered* - xpsec . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 12:57] . 2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 12:57] . 2011-07-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gmaxventures.com/ uInternet Settings,ProxyOverride = localhost IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.dogwoodguitars.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-04 09:48 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(704) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\windows\system32\LMIinit.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(2548) c:\windows\system32\WININET.dll c:\docume~1\Greg\LOCALS~1\Temp\IadHide4.dll c:\windows\system32\ieframe.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\RTHDCPL.EXE c:\program files\Sony\MD Simple Burner\NetMDSB.exe d:\program files\Blaze Media Pro\NMSAccess32.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2011-07-04 09:51:09 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-04 13:51 ComboFix2.txt 2011-07-02 23:54 ComboFix3.txt 2011-07-02 17:27 . Pre-Run: 2,314,391,552 bytes free Post-Run: 2,230,751,232 bytes free . - - End Of File - - E74F166700E50EAE36D8F1B71AD4D76E Thank you.
- July 4, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Hi, Here is the Rootkit report. I did not get the parasite warning. RkU Version: 3.8.389.593, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0xA9500000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4542464 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0xBF1AE000 C:\WINDOWS\System32\igxpdx32.DLL 2306048 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2154496 bytes 0x804D7000 RAW 2154496 bytes 0x804D7000 WMIxWDM 2154496 bytes 0xBF800000 Win32k 1859584 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xBF04D000 C:\WINDOWS\System32\igxpdv32.DLL 1445888 bytes (Intel Corporation, Component GHAL Driver) 0xB9C85000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1183744 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xA8EBE000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic) 0xA8F39000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xB9A70000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xA906C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xA885D000 C:\WINDOWS\system32\drivers\xcpip.sys 364544 bytes 0xA7F43000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver) 0xA7A7C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xB9ACE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xA7FEB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xA74D6000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xA8FD1000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 167936 bytes (Intel Corporation, Intel Graphics 2D Driver) 0xB9C49000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xA9044000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xA901E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xA94DC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xB9C25000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB9BEE000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xA7B85000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export)) 0xA8FFC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x806E5000 ACPI_HAL 134400 bytes 0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xA8EA6000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB9BD7000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xA8A1E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xB9C11000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver) 0xB9C71000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xA90C5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xA8A33000 C:\WINDOWS\system32\drivers\xpsec.sys 77824 bytes 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver) 0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB9B26000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xB9BC7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xBA308000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xBA2E8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver) 0xBA1F8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xBA318000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xA8B46000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xBA208000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xBA288000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000)) 0xBA2D8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xBA2C8000 C:\WINDOWS\system32\DRIVERS\l251x86.sys 53248 bytes (Atheros Communications Inc., Atheros Fast Ethernet Controller ndis miniport driver) 0xBA168000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xBA278000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0xBA188000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xBA108000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter) 0xBA248000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xBA2F8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xBA178000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xA8BA6000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver) 0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xBA1A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xA8AAE000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver) 0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xBA268000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xBA2B8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xBA198000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xBA238000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xBA258000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xBA488000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.) 0xBA440000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xBA450000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xBA3E0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver) 0xBA460000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xBA480000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.) 0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xBA468000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver) 0xBA478000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xBA470000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000)) 0xBA3E8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xA883D000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver) 0xBA3D0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xBA430000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xBA418000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver) 0xBA438000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xBA400000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xBA3F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xBA4B0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xB9A4F000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver) 0xBA578000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.) 0xBA5A4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xA8D5E000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xBA57C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xA932A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xB9A57000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xB9A53000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xBA588000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xBA574000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xBA5D0000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility) 0xBA5EE000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes 0xBA5E8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xBA5AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xBA604000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xBA5E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xBA5AC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver) 0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xBA5EA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xBA5C2000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver) 0xBA5EC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xBA5D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xBA5DC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xBA6F4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xBA76C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xBA6F3000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver) 0xBA7DC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) ============================================== >Stealth ============================================== 0x89F7FAFE Unknown page with executable code, 1282 bytes 0x89F8DAC4 Unknown page with executable code, 1340 bytes 0x89F8054E Unknown page with executable code, 2738 bytes 0x89F81502 Unknown page with executable code, 2814 bytes 0x89F8033B Unknown page with executable code, 3269 bytes 0x89F6BE9A Unknown page with executable code, 358 bytes 0x89F4B194 Unknown page with executable code, 3692 bytes 0x89F6C05F Unknown page with executable code, 4001 bytes 0x89F82DAE Unknown page with executable code, 594 bytes
- July 4, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Gotcha. The browser is still being redirected. The redirect path is http://overture.previewmediastation.com and then a long line of code. Also noticed that the things we have done removed my hosts file and now I'm seeing ads on sites that hosts previously blocked.
- July 4, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Yes, the browser search is still being redirected.
- July 4, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

I didn't see anything happening after I clicked OK. Should I run it again and wait longer?
- July 4, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

I ran both scans, the logs are posted below. NOTE: When the MBAM scan was completed I clicked OK, but could not find any tab or button to "Show Results." Because of that, I could not perform the final steps you gave me to check and remove files. I did get a log when MBAM finished the scan and I have posted that. Thanks. OTL logfile created on: 7/4/2011 7:58:06 AM - Run 2 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Greg\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.30% Memory free 3.83 Gb Paging File | 3.39 Gb Available in Paging File | 88.51% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 13.97 Gb Total Space | 2.21 Gb Free Space | 15.80% Space Free | Partition Type: NTFS Drive D: | 46.57 Gb Total Space | 35.64 Gb Free Space | 76.54% Space Free | Partition Type: NTFS Drive E: | 14.00 Gb Total Space | 13.15 Gb Free Space | 93.94% Space Free | Partition Type: NTFS Computer Name: GREG-MAIN | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr PRC - [2010/02/23 17:19:34 | 000,016,384 | ---- | M] () -- D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2004/04/21 20:26:56 | 000,778,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe ========== Modules (SafeList) ========== MOD - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010/02/23 17:19:34 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Greg\Local Settings\temp\IadHide4.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess) SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/04/21 20:26:56 | 000,778,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB) ========== Driver Services (SafeList) ========== DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007/07/03 06:33:26 | 000,029,696 | R--- | M] (Atheros Communications Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002) DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmaxventures.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.dogwoodguitars.com/" FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/14 18:27:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/05/06 08:13:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/05/06 08:13:18 | 000,000,000 | ---D | M] [2010/09/08 09:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions [2010/10/14 11:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\extensions [2007/11/20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll O1 HOSTS File: ([2011/07/04 07:43:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKCU..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe () O4 - HKCU..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM () O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://esource.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - D:\Program Files\Qualcomm\Eudora Mail\EuShlExt.dll (Qualcomm Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/21 01:00:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2000/01/07 20:57:58 | 000,000,131 | ---- | M] () - E:\AUTOEXEC.001 -- [ NTFS ] O32 - AutoRun File - [2001/07/04 10:10:26 | 000,000,254 | ---- | M] () - E:\Autoexec.Bat -- [ NTFS ] O32 - AutoRun File - [2000/08/30 09:06:42 | 000,000,131 | ---- | M] () - E:\autoexec.nai -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/04 07:52:07 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Greg\Desktop\mbam-setup.exe [2011/07/04 07:44:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/07/04 07:41:26 | 000,000,000 | ---D | C] -- C:\_OTL [2011/07/03 18:05:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr [2011/07/02 19:39:56 | 004,130,503 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe [2011/07/02 18:41:38 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe [2011/07/02 14:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes [2011/07/02 14:14:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/07/02 14:14:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/07/02 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\HiJackThis [2011/07/02 13:06:41 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/07/02 12:25:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/07/02 12:25:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/07/02 12:25:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/07/02 12:25:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/07/02 12:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/07/02 12:00:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/02 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools [2011/06/22 12:34:38 | 000,000,000 | ---D | C] -- C:\spoolerlogs [2011/06/04 13:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2011/07/04 07:55:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/04 07:52:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Greg\Desktop\mbam-setup.exe [2011/07/04 07:48:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/07/04 07:47:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/04 07:45:34 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/07/04 07:45:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/04 07:43:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2011/07/04 07:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr [2011/07/02 19:40:07 | 004,130,503 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe [2011/07/02 18:55:33 | 2138,222,592 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2011/07/02 18:41:51 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe [2011/07/02 13:06:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/06/29 11:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe [2011/06/24 09:33:55 | 001,036,375 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110702-112108.backup [2011/06/20 15:07:55 | 000,000,000 | ---- | M] () -- C:\Card_2 [2011/06/17 03:02:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/06/16 11:16:17 | 000,016,691 | ---- | M] () -- C:\WINDOWS\Debug.ini [2011/06/16 11:16:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\Temp.ini [2011/06/16 11:16:05 | 000,000,904 | ---- | M] () -- C:\WINDOWS\umaxuapi.ini [2011/06/15 15:51:44 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2011/06/06 12:16:34 | 001,035,883 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-093355.backup ========== Files Created - No Company Name ========== [2011/07/04 07:55:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/02 13:06:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/07/02 13:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/07/02 12:25:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/07/02 12:25:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/07/02 12:25:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/07/02 12:25:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/07/02 12:25:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/07/02 12:17:16 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/06/20 15:07:55 | 000,000,000 | ---- | C] () -- C:\Card_2 [2010/02/23 17:19:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe [2009/12/21 20:42:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat [2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services [2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Greg\Application Data\InkjetPrinter [2009/11/09 11:50:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2009/11/09 11:50:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Keyboard Layouts [2009/08/14 18:18:57 | 000,149,152 | ---- | C] () -- C:\WINDOWS\hphins31.dat [2009/08/14 18:18:56 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat [2008/12/05 21:34:18 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll [2008/10/03 19:07:10 | 003,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll [2008/09/28 13:33:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll [2008/08/28 07:20:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll [2008/08/28 07:17:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll [2008/08/28 07:17:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll [2008/08/04 09:04:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\clk2PDF.INI [2008/06/09 16:46:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/15 16:59:23 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll [2008/03/18 12:24:11 | 000,000,904 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini [2008/03/18 12:23:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini [2008/03/18 11:31:51 | 000,001,178 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/03/18 11:31:44 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008/03/18 11:24:44 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2008/03/18 11:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI [2008/03/18 11:07:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008/03/18 11:04:23 | 000,016,691 | ---- | C] () -- C:\WINDOWS\Debug.ini [2008/03/18 11:01:44 | 000,000,181 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2008/03/18 11:01:32 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll [2008/03/18 11:01:20 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys [2008/02/11 12:17:48 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/10 17:45:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/02/10 12:22:44 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2008/02/10 12:22:44 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2008/02/10 12:22:41 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2008/02/10 12:22:41 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2008/01/22 12:54:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2008/01/22 01:41:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/01/21 03:09:52 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/01/21 02:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/01/21 01:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/01/21 00:56:24 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/01/20 18:41:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/01/20 18:38:07 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/12/05 02:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/12/05 02:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/12/05 02:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007/12/05 02:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/07/27 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/07/27 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/07/27 08:00:00 | 000,380,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2007/07/27 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/07/27 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/07/27 08:00:00 | 000,052,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2007/07/27 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/07/27 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/07/27 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/07/27 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/07/27 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2007/07/27 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2005/11/05 19:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe [2005/05/17 16:37:10 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe [2002/07/19 12:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe [2002/01/01 01:57:52 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2002/01/01 01:51:45 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2002/01/01 01:51:45 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2002/01/01 01:51:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011/07/02 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/18 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/18 19:52:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2009/02/02 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2011/07/02 12:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/11/09 11:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2010/11/19 20:58:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6} [2010/10/18 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10 [2008/06/04 05:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\IDS_COMPANY [2009/12/30 11:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Juniper Networks [2008/03/18 15:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasher [2011/07/03 23:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasherPro [2009/11/09 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Nikon [2010/01/01 17:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Octoshape [2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems [2011/07/04 07:48:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== < End of report > Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7017 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/4/2011 8:03:05 AM mbam-log-2011-07-04 (08-03-05).txt Scan type: Quick scan Objects scanned: 160244 Time elapsed: 2 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- July 4, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Here are the two logs you requested: OTL logfile created on: 7/3/2011 6:07:45 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Greg\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.58% Memory free 3.83 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 13.97 Gb Total Space | 2.14 Gb Free Space | 15.29% Space Free | Partition Type: NTFS Drive D: | 46.57 Gb Total Space | 35.64 Gb Free Space | 76.54% Space Free | Partition Type: NTFS Drive E: | 14.00 Gb Total Space | 13.15 Gb Free Space | 93.94% Space Free | Partition Type: NTFS Computer Name: GREG-MAIN | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr PRC - [2010/02/23 17:19:34 | 000,016,384 | ---- | M] () -- D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe ========== Modules (SafeList) ========== MOD - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess) SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/04/21 20:26:56 | 000,778,240 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007/07/03 06:33:26 | 000,029,696 | R--- | M] (Atheros Communications Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002) DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmaxventures.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.dogwoodguitars.com/" FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/14 18:27:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/05/06 08:13:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/05/06 08:13:18 | 000,000,000 | ---D | M] [2010/09/08 09:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions [2010/10/14 11:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\extensions [2007/11/20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll O1 HOSTS File: ([2011/06/15 14:16:26 | 000,618,793 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost #[iPv6] O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 abcstats.com O1 - Hosts: 127.0.0.1 a.abv.bg O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 ca.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 16379 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKCU..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe () O4 - HKCU..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM () O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://esource.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - D:\Program Files\Qualcomm\Eudora Mail\EuShlExt.dll (Qualcomm Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/21 01:00:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2000/01/07 20:57:58 | 000,000,131 | ---- | M] () - E:\AUTOEXEC.001 -- [ NTFS ] O32 - AutoRun File - [2001/07/04 10:10:26 | 000,000,254 | ---- | M] () - E:\Autoexec.Bat -- [ NTFS ] O32 - AutoRun File - [2000/08/30 09:06:42 | 000,000,131 | ---- | M] () - E:\autoexec.nai -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/03 18:05:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr [2011/07/02 19:39:56 | 004,130,503 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe [2011/07/02 18:41:38 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe [2011/07/02 14:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes [2011/07/02 14:14:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/07/02 14:14:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/07/02 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\HiJackThis [2011/07/02 13:06:41 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/07/02 12:25:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/07/02 12:25:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/07/02 12:25:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/07/02 12:25:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/07/02 12:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/07/02 12:00:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/02 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools [2011/06/22 12:34:38 | 000,000,000 | ---D | C] -- C:\spoolerlogs [2011/06/04 13:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr [2011/07/03 17:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/07/03 12:18:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/07/03 01:58:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/07/02 19:52:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/02 19:49:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/02 19:40:07 | 004,130,503 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe [2011/07/02 18:55:33 | 2138,222,592 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2011/07/02 18:41:51 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe [2011/07/02 13:06:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/06/29 11:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe [2011/06/24 09:33:55 | 001,036,375 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110702-112108.backup [2011/06/20 15:07:55 | 000,000,000 | ---- | M] () -- C:\Card_2 [2011/06/17 03:02:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/06/16 11:16:17 | 000,016,691 | ---- | M] () -- C:\WINDOWS\Debug.ini [2011/06/16 11:16:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\Temp.ini [2011/06/16 11:16:05 | 000,000,904 | ---- | M] () -- C:\WINDOWS\umaxuapi.ini [2011/06/15 15:51:44 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2011/06/15 14:16:26 | 000,618,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/06/06 12:16:34 | 001,035,883 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-093355.backup [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/02 13:06:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/07/02 13:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/07/02 12:25:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/07/02 12:25:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/07/02 12:25:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/07/02 12:25:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/07/02 12:25:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/07/02 12:17:16 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/06/20 15:07:55 | 000,000,000 | ---- | C] () -- C:\Card_2 [2010/02/23 17:19:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe [2009/12/21 20:42:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat [2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services [2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Greg\Application Data\InkjetPrinter [2009/11/09 11:50:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2009/11/09 11:50:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Keyboard Layouts [2009/08/14 18:18:57 | 000,149,152 | ---- | C] () -- C:\WINDOWS\hphins31.dat [2009/08/14 18:18:56 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat [2008/12/05 21:34:18 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll [2008/10/03 19:07:10 | 003,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll [2008/09/28 13:33:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll [2008/08/28 07:20:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll [2008/08/28 07:17:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll [2008/08/28 07:17:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll [2008/08/04 09:04:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\clk2PDF.INI [2008/06/09 16:46:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/15 16:59:23 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll [2008/03/18 12:24:11 | 000,000,904 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini [2008/03/18 12:23:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini [2008/03/18 11:31:51 | 000,001,178 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/03/18 11:31:44 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008/03/18 11:24:44 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2008/03/18 11:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI [2008/03/18 11:07:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008/03/18 11:04:23 | 000,016,691 | ---- | C] () -- C:\WINDOWS\Debug.ini [2008/03/18 11:01:44 | 000,000,181 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2008/03/18 11:01:32 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll [2008/03/18 11:01:20 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys [2008/02/11 12:17:48 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/10 17:45:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/02/10 12:22:44 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2008/02/10 12:22:44 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2008/02/10 12:22:41 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2008/02/10 12:22:41 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2008/01/22 12:54:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2008/01/22 01:41:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/01/21 03:09:52 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/01/21 02:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/01/21 01:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/01/21 00:56:24 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/01/20 18:41:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/01/20 18:38:07 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/12/05 02:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/12/05 02:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/12/05 02:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007/12/05 02:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/07/27 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/07/27 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/07/27 08:00:00 | 000,380,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2007/07/27 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/07/27 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/07/27 08:00:00 | 000,052,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2007/07/27 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/07/27 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/07/27 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/07/27 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/07/27 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2007/07/27 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2005/11/05 19:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe [2005/05/17 16:37:10 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe [2002/07/19 12:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe [2002/01/01 01:57:52 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2002/01/01 01:51:45 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2002/01/01 01:51:45 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2002/01/01 01:51:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011/07/02 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/18 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/18 19:52:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2009/02/02 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2011/07/02 12:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/11/09 11:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2010/11/19 20:58:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6} [2010/10/18 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10 [2008/06/04 05:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\IDS_COMPANY [2009/12/30 11:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Juniper Networks [2008/03/18 15:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasher [2011/07/03 18:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasherPro [2009/11/09 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Nikon [2010/01/01 17:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Octoshape [2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems [2011/07/03 01:58:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2007/07/27 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe < MD5 for: SVCHOST.EXE > [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2007/07/27 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe < MD5 for: USERINIT.EXE > [2007/07/27 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2007/07/27 08:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=051A52001D625F316CE81A539BD25192 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > OTL Extras logfile created on: 7/3/2011 6:07:45 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Greg\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.58% Memory free 3.83 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 13.97 Gb Total Space | 2.14 Gb Free Space | 15.29% Space Free | Partition Type: NTFS Drive D: | 46.57 Gb Total Space | 35.64 Gb Free Space | 76.54% Space Free | Partition Type: NTFS Drive E: | 14.00 Gb Total Space | 13.15 Gb Free Space | 93.94% Space Free | Partition Type: NTFS Computer Name: GREG-MAIN | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480 -- () "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google) "D:\Program Files\AVG\AVG10\avgmfapx.exe" = D:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg "{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FC1D2D3-8F02-4eaf-A464-327CD010BA13}" = HP Photosmart D7500 Printer Driver Software 12.0 Rel .4 "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch "{2DA7F8AC-4AAD-0211-0CEE-567A3212D662}" = MyFonts Order M2936399 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.03 "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{555BA71C-ED49-4F8C-BD33-1662220B5E79}" = PS_SF_04_D7500_Software_Min "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.06 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6 "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter "{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.01 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CDD007AB-2D05-4C7F-B4AD-6321389D6860}" = D7500 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = Panorama Maker "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{E51E08E3-BBD2-40AD-8F9F-4BF9DEA54B44}" = Algebra 2 Solved! "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2 "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Blaze Media Pro" = Blaze Media Pro "HDMI" = Intel® Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 12.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0 "HPExtendedCapabilities" = HP Customer Participation Program 12.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "ieSpell" = ieSpell "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero OEM "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01 "PIXresizer_is1" = PIXresizer "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/20/2011 3:08:31 PM | Computer Name = GREG-MAIN | Source = Application Hang | ID = 1002 Description = Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/22/2011 2:55:02 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000 Description = Faulting application winword.exe, version 10.0.2627.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0023818b. Error - 6/22/2011 2:55:35 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000 Description = Faulting application winword.exe, version 10.0.2627.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0023818b. Error - 6/22/2011 2:56:05 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000 Description = Faulting application winword.exe, version 10.0.2627.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0023818b. Error - 6/22/2011 2:56:32 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000 Description = Faulting application winword.exe, version 10.0.2627.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0023818b. Error - 6/22/2011 2:58:28 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000 Description = Faulting application winword.exe, version 10.0.2627.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0023818b. Error - 7/2/2011 12:36:09 PM | Computer Name = GREG-MAIN | Source = WinDefendRtp | ID = 3003 Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: GREG-MAIN\Greg Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Error - 7/2/2011 12:36:09 PM | Computer Name = GREG-MAIN | Source = WinDefendRtp | ID = 3003 Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: GREG-MAIN\Greg Checkpoint ID: 1 Error Code: 0x8000ffff Error description: Catastrophic failure Error - 7/2/2011 7:07:25 PM | Computer Name = GREG-MAIN | Source = WinDefendRtp | ID = 3003 Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: GREG-MAIN\Greg Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Error - 7/2/2011 7:07:25 PM | Computer Name = GREG-MAIN | Source = WinDefendRtp | ID = 3003 Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: GREG-MAIN\Greg Checkpoint ID: 1 Error Code: 0x8000ffff Error description: Catastrophic failure [ System Events ] Error - 7/2/2011 2:18:47 PM | Computer Name = GREG-MAIN | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 7/2/2011 2:22:07 PM | Computer Name = GREG-MAIN | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 7/2/2011 2:42:49 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7000 Description = The LogMeIn Kernel Information Provider service failed to start due to the following error: %%3 Error - 7/2/2011 2:42:58 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7034 Description = The MD Simple Burner Service service terminated unexpectedly. It has done this 1 time(s). Error - 7/2/2011 6:47:23 PM | Computer Name = GREG-MAIN | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 7/2/2011 6:58:05 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7000 Description = The LogMeIn Kernel Information Provider service failed to start due to the following error: %%3 Error - 7/2/2011 6:58:41 PM | Computer Name = GREG-MAIN | Source = System Error | ID = 1003 Description = Error code 000000d1, parameter1 00001218, parameter2 00000005, parameter3 00000000, parameter4 b9f10d26. Error - 7/2/2011 7:01:11 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7034 Description = The MD Simple Burner Service service terminated unexpectedly. It has done this 1 time(s). Error - 7/2/2011 7:52:06 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7000 Description = The LogMeIn Kernel Information Provider service failed to start due to the following error: %%3 Error - 7/2/2011 9:28:34 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7034 Description = The MD Simple Burner Service service terminated unexpectedly. It has done this 1 time(s). < End of report > Thanks!
- July 3, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

I followed your instructions. The VirSCAN.org site won't accept a cut and paste entry to the scan box, neither will it allow me to type the file name. It only accepts a file name that I can locate using the browse function. When I attempted to browse to the file, I could not locate it in the c:\windows\system32\drivers folder. I also did a search for the file using the Windows find funtion, it did not find any file of that name.
- July 3, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

Thank you for helping me. Here is the Combofix log: ComboFix 11-07-02.02 - Greg 07/02/2011 19:43:03.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1373 [GMT -4:00] Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Greg\LOCALS~1\Temp\IadHide4.dll c:\documents and settings\Greg\Local Settings\Temp\IadHide4.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 ))))))))))))))))))))))))))))))) . . 2011-07-02 23:14 . 2011-06-20 12:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DE1D799A-192F-4641-8883-BD7C84FD430C}\mpengine.dll 2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes 2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-02 18:14 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-02 18:14 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-02 17:43 . 2011-07-02 17:43 388096 ----a-r- c:\documents and settings\Greg\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-02 17:43 . 2011-07-02 17:43 -------- d-----w- c:\program files\Trend Micro 2011-06-22 16:34 . 2011-06-22 16:34 -------- d-----w- C:\spoolerlogs 2011-06-16 20:32 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-22 16:48 . 2011-05-14 16:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 23:14 . 2009-10-02 16:22 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-02 15:31 . 2008-01-21 04:57 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2007-07-27 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2007-07-27 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2007-07-27 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-07-02_17.22.16 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-02 23:14 . 2011-07-02 23:14 1590 c:\windows\SoftwareDistribution\EventCache\{21663376-D68F-444B-AE37-FFA09FCC92AB}.bin + 2011-07-02 17:43 . 2011-07-02 17:43 1094656 c:\windows\Installer\148c72.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="d:\program files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2010-02-23 16384] "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nwiz"="nwiz.exe" [2007-12-05 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-22 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] Logitech Desktop Messenger.lnk - d:\program files\Desktop Messenger\8876480\Program\LDMConf.exe [2010-2-23 196608] Logitech SetPoint.lnk - d:\program files\SetPoint\SetPoint.exe [2008-11-3 805392] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "d:\program files\Qualcomm\Eudora Mail\EuShlExt.dll" [2005-11-14 86016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "d:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 8:58 AM 136176] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\x86\RaInfo.sys --> d:\program files\x86\RaInfo.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 8:58 AM 136176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 12:57] . 2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 12:57] . 2011-07-02 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gmaxventures.com/ uInternet Settings,ProxyOverride = localhost IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.dogwoodguitars.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-02 19:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(704) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3776) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\RTHDCPL.EXE c:\program files\Sony\MD Simple Burner\NetMDSB.exe d:\program files\Blaze Media Pro\NMSAccess32.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2011-07-02 19:54:26 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-02 23:54 ComboFix2.txt 2011-07-02 17:27 . Pre-Run: 2,158,497,792 bytes free Post-Run: 2,303,336,448 bytes free . - - End Of File - - 2DB939780136D3DBBD30337F6591708E
- July 2, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

While running the Avast scan I got the "blue screen of death." The message says DRIVER_IRQL_NOT_LESS_OR_EQUAL. I've rebooted the computer and await your instructions.
- July 2, 2011
- 31 replies
Need help with scour redirect virus removal

gmax replied to gmax's topic in Resolved Malware Removal Logs

While running the Avast scan I got the "blue screen of death." The message says DRIVER_IRQL_NOT_LESS_OR_EQUAL.
- July 2, 2011
- 31 replies
Need help with scour redirect virus removal

gmax posted a topic in Resolved Malware Removal Logs

My PC is infected with the scour redirect virus. I've downloaded several products including MBAM with no results. The MBAM scan log shows no threats found. Please advise.
- July 2, 2011
- 31 replies
Scour virus removal trouble

gmax posted a topic in Malwarebytes for Windows Support Forum

Hi, My PC is infected with the scour redirect virus. I've tried multiple products and scans, nothing seems to locate the file and remove it. I have downloaded and ran Combofix, Hijack This, and MBAM. The folks at Hijack This suggested that I run the scan and post the log here for expert advice. Here is the log from my Hijack This scan: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:43:58 PM, on 7/2/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe D:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Blaze Media Pro\NMSAccess32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\MailWasher Free\MailWasher.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmaxventures.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjE0OTg2Mzg0LVQxMy1CQSsxLUtWMys3LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMA"&"prod=90"&"ver=10.0.1388 O4 - HKCU\..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://esource.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe O23 - Service: NMSAccess - Unknown owner - D:\Program Files\Blaze Media Pro\NMSAccess32.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 9125 bytes Thanks for the help, this is very frustrating!
- July 2, 2011
- 1 reply

Events

Profiles

Forums

Everything posted by gmax

Important Information