HaroldC Posted March 10, 2013 ID:655331 Share Posted March 10, 2013 Hi.I suddenly have a problem with Google redirecting me to various sites when I click on search results. I thought of going to system restore and restoring to an earlier date but that seems to have been compromised as well.Here are my dds logs:DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2Run by Harold Cogle at 19:45:11 on 2013-03-09Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1345 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}.============== Running Processes ================.C:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\IB Updater\ExtensionUpdaterService.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\mfevtps.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files\Cyberlink\Shared files\RichVideo.exeC:\Program Files\Roxio\RoxioNow Player\RNowSvc.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exeC:\Program Files\Seagate\DiscWizard\TimounterMonitor.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXEC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\LG DVD Writer\CyberLink\Power2Go\CLMLSvc.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\Program Files\LG DVD Writer\CyberLink\PowerDVD8\PDVD8Serv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\real\realplayer\update\realsched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.worldofspectrum.org/permits/publishers.htmluProxyServer = hxxp=127.0.0.1:1062BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\media converter for philips\internet video downloader\ArcURLRecord.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dllBHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\ib updater\Extension32.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120629155327.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exemRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exemRun: [CTHelper] CTHELPER.EXEmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resumemRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /rmRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"mRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [updateLBPShortCut] "c:\program files\lg dvd writer\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"mRun: [CLMLServer] "c:\program files\lg dvd writer\cyberlink\power2go\CLMLSvc.exe"mRun: [updateP2GoShortCut] "c:\program files\lg dvd writer\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"mRun: [RemoteControl8] "c:\program files\lg dvd writer\cyberlink\powerdvd8\PDVD8Serv.exe"mRun: [PDVD8LanguageShortcut] "c:\program files\lg dvd writer\cyberlink\powerdvd8\language\Language.exe"mRun: [updatePPShortCut] "c:\program files\lg dvd writer\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"mRun: [uCam_Menu] "c:\program files\lg dvd writer\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"mRun: [updatePSTShortCut] "c:\program files\lg dvd writer\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"mRun: [AGEIA PhysX SysTray] "c:\program files\ageia technologies\TrayIcon.exe"mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootStartupFolder: c:\docume~1\harold~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exeuPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0uPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDriveTypeAutoRun = dword:323IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTrusted Zone: cinemanow.comTrusted Zone: cinemanow.comTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: roxio.comTrusted Zone: roxio.comTrusted Zone: roxionow.comTrusted Zone: roxionow.comTrusted Zone: soe.comTrusted Zone: sonic.comTrusted Zone: sonic.comTrusted Zone: sony.comDPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CABDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349934979831DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349934745970DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabFilter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllLSA: Authentication Packages = msv1_0 relog_apmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dllFF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dllFF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dllFF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dllFF - plugin: c:\documents and settings\harold cogle\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dllFF - plugin: c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dllFF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dllFF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dllFF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npptools.dllFF - ExtSQL: 2013-01-12 12:15; {000F1EA4-5E08-4564-A29B-29076F63A37A}; c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}FF - ExtSQL: !HIDDEN! 2009-11-19 00:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 565888]R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2009-8-23 6144]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-4-6 91640]R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2012-11-4 188760]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-10 398184]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-6 167784]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-6 167784]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-6 203840]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-4-6 169320]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-6 172416]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 400368]R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-14 21104]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-6 235264]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-4-6 363080]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-13 84904]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-14 682344]S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-4-6 60920]S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\harold~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\harold~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-8-16 1527900]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-6 65928]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-13 84904]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-6 92632]S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2009-8-16 544768].=============== Created Last 30 ================.2013-03-09 15:03:49 159744 --sha-r- c:\windows\system32\c_10007A.dll.==================== Find3M ====================.2013-02-19 19:15:04 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys2013-02-19 19:12:14 172416 ----a-w- c:\windows\system32\mfevtps.exe2013-02-19 19:11:42 91640 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2013-02-19 19:11:02 10088 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2013-02-19 19:10:52 92632 ----a-w- c:\windows\system32\drivers\mferkdet.sys2013-02-19 19:09:52 565888 ----a-w- c:\windows\system32\drivers\mfehidk.sys2013-02-19 19:09:10 84904 ----a-w- c:\windows\system32\drivers\mfendisk.sys2013-02-19 19:09:02 363080 ----a-w- c:\windows\system32\drivers\mfefirek.sys2013-02-19 19:08:40 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys2013-02-19 19:08:20 235264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2013-02-19 19:07:50 133416 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2013-02-16 15:11:42 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-02-16 15:11:42 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 19:45:25.77 ===============And here is the other one:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 8/1/2009 11:36:29 AMSystem Uptime: 3/8/2013 10:13:44 PM (21 hours ago).Motherboard: Dell Inc. | | 0YC523Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 932 GiB total, 320.081 GiB free.D: is CDROM (CDFS)E: is CDROM ()F: is FIXED (NTFS) - 932 GiB total, 546.734 GiB free.G: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1: 3/9/2013 7:32:51 PM - System Checkpoint.==== Installed Programs ======================.3D Ultra Pinball Thrillride3DPM 3D-Sound PackageA&O SubAceIt v1.3.1Acrobat.comActivityMasterAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XIAGEIA PhysX v2.5.1Amazon KindleAmazon MP3 Downloader 1.0.17Angry Birds Star WarsArcSoft PhotoImpression 5Atari Anniversary EditionAudacity 1.2.6Audible Download ManagerAudibleManagerBallanceBing BarBrunswick Circuit Pro BowlingBubble Puzzle '97BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )Camera Access LibraryCamera Support Core LibraryCamera Window DSCamera Window DVCCamera Window MCCanon Camera Access LibraryCanon Camera Support Core LibraryCanon Camera Window DC_DV 5 for ZoomBrowser EXCanon Camera Window DC_DV 6 for ZoomBrowser EXCanon Camera Window DSLR 5 for ZoomBrowser EXCanon Camera Window MC 6 for ZoomBrowser EXCanon MovieEdit Task for ZoomBrowser EXCanon PhotoRecordCanon RAW Image Task for ZoomBrowser EXCanon ZoomBrowser EX (E)Cartoonist 1.3Cascade CrossingCDBurnerXPClass_50_Content_UpdateClone WarsConBuilderConexant D850 56K V.9x DFVc ModemCorel ApplicationsCreative MediaSourceCritical Update for Windows Media Player 11 (KB959772)DefragglerDell Driver Download ManagerDell Resource CDDESCENT IIDX-Ball 1.07Empire XP 5EPSON CX 7800 GuideEPSON Printer SoftwareEPSON ScanEscape The MuseumESPNMotionFacebook Plug-InFile Shredder 2.0Firebird SQL Server - MAGIX EditionGemMaster MysticGIMP 2.6.6GoGear VIBE Device ManagerGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Hugin 0.6Hugin 0.7.0 (SVN 3465)IB Updater 2.0.0.538ImgBurnInstall CreatorInstallMgrIntel® PRO Network Connections DriversInterActual PlayerJava 7 Update 9Java Auto UpdaterJigs@w Puzzle 2Kicking Horse Pass 2.0LEGO CreatorLG CyberLink LabelPrintLG CyberLink Power2GoLG CyberLink PowerBackupLG CyberLink PowerDVDLG CyberLink PowerProducerLG CyberLink YouCamLG ODD Auto Firmware UpdateLG Power ToolsLightScribe System SoftwareLucasArts' Rogue SquadronLucasArts' X-Wing vs. TIE FighterMAGIX Goya burnR 1.3.1.3 (US)MAGIX Movies on DVD 7 7.0.3.0 (US)MAGIX Photo Manager 8 6.0.1.466 (US)MAGIX Screenshare 4.3.6.1987 (US)Malwarebytes Anti-Malware version 1.70.0.1100McAfee AntiVirus PlusMechWarrior 3 Pirate's MoonMechWarrior 3 Pirate's Moon CD Patch 1.0Media Converter for PhilipsMichigan Iron OreMicrosoft .NET Framework 1.0 Hotfix (KB2604042)Microsoft .NET Framework 1.0 Hotfix (KB2656378)Microsoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.0 Hotfix (KB979904)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Default ManagerMicrosoft Office File Validation Add-InMicrosoft Office Standard Edition 2003Microsoft SilverlightMicrosoft Train SimulatorMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMovieEdit TaskMozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMplayer.comMSNMSN ToolbarMSTS Patch 1.8.0521 ENMSTS Switchlist GeneratorMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Need For Speed IIINVIDIA DriversOttoPDFCreatorPowerTeacher GradebookPrimoRAW Image TaskRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealUpgrade 1.1RhapsodyRisk IIRoute_Riter v7.1.29RoxioNow PlayerRuntimeSandpatch: Railroading in the Alleghenies (version 1.0)SD40-2_Content_UpdateSeagate DiscWizardSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219-v2)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135-v2)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2731847-v2)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972260)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Sega Smash Pack IIShape ViewerShared C Run-time for x86SideWinder Precision 2SmileboxSonic EncodersSony Image Data SuiteSony Picture UtilitySound Blaster X-FiSpace Quest CollectionSpelling Dictionaries Support For Adobe Reader 9Star Trek -- Starfleet AcademyStar Trek Voyager Elite ForceStar Wars JK II Jedi OutcastStar Wars®: Knights of the Old Republic Starfleet CommandSTARWARS: The Battle of Endor version 2.1SwitchballTGATool2A version 4.00.34The Bard's Tale Original SeriesThe Bridge Line RouteThe Game Of LifeThe HulkThe NeverhoodThe Price Is Right 1.1.4Tradewinds 2 CD 1.0Train Store V3.2Ulead VideoStudio 7 SE DVDUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB972636)Update for Windows Internet Explorer 8 (KB976662)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2541763)Update for Windows XP (KB2616676-v2)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB943729)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update Rollup 2 for Windows XP Media Center Edition 2005VLC media player 1.0.3WebFldrs XPWindows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows Media Player Firefox PluginWindows Search 4.0Windows XP Media Center Edition 2005 KB2502898Windows XP Media Center Edition 2005 KB2619340Windows XP Media Center Edition 2005 KB2628259Windows XP Media Center Edition 2005 KB925766Windows XP Media Center Edition 2005 KB973768Windows XP Service Pack 3WinRAR archiverXnView 1.96.2.==== Event Viewer Messages From Past Week ========.3/8/2013 10:15:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.3/8/2013 10:15:33 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/3/2013 7:41:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.3/3/2013 7:41:20 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.3/3/2013 7:41:20 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== Link to post Share on other sites More sharing options...
HaroldC Posted March 10, 2013 Author ID:655337 Share Posted March 10, 2013 I also ran Malwarebytes quick scan and came up with nothing. I guess I'll do a thorough scan while I wait. Link to post Share on other sites More sharing options...
Maniac Posted March 10, 2013 ID:655400 Share Posted March 10, 2013 Hello HaroldC! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, post the following log files:Junkware Removal Tool logMalwarebytes' Anti-Malware loga new fresh DDS log Link to post Share on other sites More sharing options...
HaroldC Posted March 10, 2013 Author ID:655538 Share Posted March 10, 2013 Looks like Junkware found and took care of something. Here is the Junkware Removal Tool log:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.6.9 (03.06.2013:1)OS: Microsoft Windows XP x86Ran by Harold Cogle on Sun 03/10/2013 at 8:31:34.09~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] ib updaterSuccessfully deleted: [service] ib updater~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_current_user\software\ib updaterSuccessfully deleted: [Registry Key] hkey_local_machine\software\ib updaterSuccessfully deleted: [Registry Key] hkey_current_user\software\imSuccessfully deleted: [Registry Key] hkey_current_user\software\iminstallerSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dllSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobjectSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087}Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087}Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\Program Files\ib updater"~~~ FireFoxSuccessfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}Successfully deleted the following from C:\Documents and Settings\Harold Cogle\Application Data\mozilla\firefox\profiles\5qdv0tms.default\prefs.jsuser_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatiouser_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searcEmptied folder: C:\Documents and Settings\Harold Cogle\Application Data\mozilla\firefox\profiles\5qdv0tms.default\minidumps [4 files]~~~ ChromeSuccessfully deleted: [Folder] C:\Documents and Settings\Harold Cogle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfdSuccessfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 03/10/2013 at 8:41:55.69End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
HaroldC Posted March 10, 2013 Author ID:655539 Share Posted March 10, 2013 Malwarebytes did not find anything as before:Malwarebytes Anti-Malware 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.10.02Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Harold Cogle :: KEATONZOE1824 [administrator]3/10/2013 9:08:58 AMmbam-log-2013-03-10 (09-08-58).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 264326Time elapsed: 12 minute(s), 59 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
HaroldC Posted March 10, 2013 Author ID:655540 Share Posted March 10, 2013 Here is the new dds.txt file:DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2Run by Harold Cogle at 12:38:43 on 2013-03-10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1387 [GMT -4:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}.============== Running Processes ================.C:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\mfevtps.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files\Cyberlink\Shared files\RichVideo.exeC:\Program Files\Roxio\RoxioNow Player\RNowSvc.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exeC:\Program Files\Seagate\DiscWizard\TimounterMonitor.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXEC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\LG DVD Writer\CyberLink\Power2Go\CLMLSvc.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\Program Files\LG DVD Writer\CyberLink\PowerDVD8\PDVD8Serv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\real\realplayer\update\realsched.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\WINDOWS\system32\SearchFilterHost.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.worldofspectrum.org/permits/publishers.htmluProxyServer = hxxp=127.0.0.1:1062BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\media converter for philips\internet video downloader\ArcURLRecord.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120629155327.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exemRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exemRun: [CTHelper] CTHELPER.EXEmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resumemRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /rmRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"mRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [updateLBPShortCut] "c:\program files\lg dvd writer\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"mRun: [CLMLServer] "c:\program files\lg dvd writer\cyberlink\power2go\CLMLSvc.exe"mRun: [updateP2GoShortCut] "c:\program files\lg dvd writer\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"mRun: [RemoteControl8] "c:\program files\lg dvd writer\cyberlink\powerdvd8\PDVD8Serv.exe"mRun: [PDVD8LanguageShortcut] "c:\program files\lg dvd writer\cyberlink\powerdvd8\language\Language.exe"mRun: [updatePPShortCut] "c:\program files\lg dvd writer\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"mRun: [uCam_Menu] "c:\program files\lg dvd writer\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"mRun: [updatePSTShortCut] "c:\program files\lg dvd writer\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"mRun: [AGEIA PhysX SysTray] "c:\program files\ageia technologies\TrayIcon.exe"mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootStartupFolder: c:\docume~1\harold~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exeuPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0uPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDriveTypeAutoRun = dword:323IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTrusted Zone: cinemanow.comTrusted Zone: cinemanow.comTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: roxio.comTrusted Zone: roxio.comTrusted Zone: roxionow.comTrusted Zone: roxionow.comTrusted Zone: soe.comTrusted Zone: sonic.comTrusted Zone: sonic.comTrusted Zone: sony.comDPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CABDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349934979831DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349934745970DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabTCP: NameServer = 192.168.17.1TCP: Interfaces\{29281EFD-9D5F-420B-8E08-6DFA7A7B0CEE} : DHCPNameServer = 192.168.17.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllLSA: Authentication Packages = msv1_0 relog_apmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dllFF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dllFF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dllFF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dllFF - plugin: c:\documents and settings\harold cogle\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dllFF - plugin: c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dllFF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dllFF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dllFF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npptools.dllFF - ExtSQL: 2013-01-12 12:15; {000F1EA4-5E08-4564-A29B-29076F63A37A}; c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}FF - ExtSQL: !HIDDEN! 2009-11-19 00:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 565888]R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2009-8-23 6144]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-4-6 91640]R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-10 398184]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-6 167784]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-6 167784]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-6 203840]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-4-6 169320]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-6 172416]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 400368]R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-14 21104]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-6 235264]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-4-6 363080]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-13 84904]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-14 682344]S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-4-6 60920]S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\harold~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\harold~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-8-16 1527900]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-6 65928]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-13 84904]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-6 92632]S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2009-8-16 544768].=============== Created Last 30 ================.2013-03-10 12:31:29 -------- d-----w- c:\windows\ERUNT2013-03-10 12:31:22 -------- d-----w- C:\JRT2013-03-09 15:03:49 159744 --sha-r- c:\windows\system32\c_10007A.dll.==================== Find3M ====================.2013-02-19 19:15:04 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys2013-02-19 19:12:14 172416 ----a-w- c:\windows\system32\mfevtps.exe2013-02-19 19:11:42 91640 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2013-02-19 19:11:02 10088 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2013-02-19 19:10:52 92632 ----a-w- c:\windows\system32\drivers\mferkdet.sys2013-02-19 19:09:52 565888 ----a-w- c:\windows\system32\drivers\mfehidk.sys2013-02-19 19:09:10 84904 ----a-w- c:\windows\system32\drivers\mfendisk.sys2013-02-19 19:09:02 363080 ----a-w- c:\windows\system32\drivers\mfefirek.sys2013-02-19 19:08:40 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys2013-02-19 19:08:20 235264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2013-02-19 19:07:50 133416 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2013-02-16 15:11:42 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-02-16 15:11:42 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 12:39:50.03 =============== Link to post Share on other sites More sharing options...
HaroldC Posted March 10, 2013 Author ID:655541 Share Posted March 10, 2013 and lastly here is the new dds attach.txt file:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 8/1/2009 11:36:29 AMSystem Uptime: 3/8/2013 10:13:44 PM (38 hours ago).Motherboard: Dell Inc. | | 0YC523Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 932 GiB total, 319.391 GiB free.D: is CDROM (CDFS)E: is CDROM ()F: is FIXED (NTFS) - 932 GiB total, 546.734 GiB free.G: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1: 3/9/2013 7:32:51 PM - System Checkpoint.==== Installed Programs ======================.3D Ultra Pinball Thrillride3DPM 3D-Sound PackageA&O SubAceIt v1.3.1Acrobat.comActivityMasterAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XIAGEIA PhysX v2.5.1Amazon KindleAmazon MP3 Downloader 1.0.17Angry Birds Star WarsArcSoft PhotoImpression 5Atari Anniversary EditionAudacity 1.2.6Audible Download ManagerAudibleManagerBallanceBing BarBrunswick Circuit Pro BowlingBubble Puzzle '97BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )Camera Access LibraryCamera Support Core LibraryCamera Window DSCamera Window DVCCamera Window MCCanon Camera Access LibraryCanon Camera Support Core LibraryCanon Camera Window DC_DV 5 for ZoomBrowser EXCanon Camera Window DC_DV 6 for ZoomBrowser EXCanon Camera Window DSLR 5 for ZoomBrowser EXCanon Camera Window MC 6 for ZoomBrowser EXCanon MovieEdit Task for ZoomBrowser EXCanon PhotoRecordCanon RAW Image Task for ZoomBrowser EXCanon ZoomBrowser EX (E)Cartoonist 1.3Cascade CrossingCDBurnerXPClass_50_Content_UpdateClone WarsConBuilderConexant D850 56K V.9x DFVc ModemCorel ApplicationsCreative MediaSourceCritical Update for Windows Media Player 11 (KB959772)DefragglerDell Driver Download ManagerDell Resource CDDESCENT IIDX-Ball 1.07Empire XP 5EPSON CX 7800 GuideEPSON Printer SoftwareEPSON ScanEscape The MuseumESPNMotionFacebook Plug-InFile Shredder 2.0Firebird SQL Server - MAGIX EditionGemMaster MysticGIMP 2.6.6GoGear VIBE Device ManagerGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Hugin 0.6Hugin 0.7.0 (SVN 3465)IB Updater 2.0.0.538ImgBurnInstall CreatorInstallMgrIntel® PRO Network Connections DriversInterActual PlayerJava 7 Update 9Java Auto UpdaterJigs@w Puzzle 2Kicking Horse Pass 2.0LEGO CreatorLG CyberLink LabelPrintLG CyberLink Power2GoLG CyberLink PowerBackupLG CyberLink PowerDVDLG CyberLink PowerProducerLG CyberLink YouCamLG ODD Auto Firmware UpdateLG Power ToolsLightScribe System SoftwareLucasArts' Rogue SquadronLucasArts' X-Wing vs. TIE FighterMAGIX Goya burnR 1.3.1.3 (US)MAGIX Movies on DVD 7 7.0.3.0 (US)MAGIX Photo Manager 8 6.0.1.466 (US)MAGIX Screenshare 4.3.6.1987 (US)Malwarebytes Anti-Malware version 1.70.0.1100McAfee AntiVirus PlusMechWarrior 3 Pirate's MoonMechWarrior 3 Pirate's Moon CD Patch 1.0Media Converter for PhilipsMichigan Iron OreMicrosoft .NET Framework 1.0 Hotfix (KB2604042)Microsoft .NET Framework 1.0 Hotfix (KB2656378)Microsoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.0 Hotfix (KB979904)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Default ManagerMicrosoft Office File Validation Add-InMicrosoft Office Standard Edition 2003Microsoft SilverlightMicrosoft Train SimulatorMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMovieEdit TaskMozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMplayer.comMSNMSN ToolbarMSTS Patch 1.8.0521 ENMSTS Switchlist GeneratorMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Need For Speed IIINVIDIA DriversOttoPDFCreatorPowerTeacher GradebookPrimoRAW Image TaskRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealUpgrade 1.1RhapsodyRisk IIRoute_Riter v7.1.29RoxioNow PlayerRuntimeSandpatch: Railroading in the Alleghenies (version 1.0)SD40-2_Content_UpdateSeagate DiscWizardSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219-v2)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135-v2)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2731847-v2)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972260)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Sega Smash Pack IIShape ViewerShared C Run-time for x86SideWinder Precision 2SmileboxSonic EncodersSony Image Data SuiteSony Picture UtilitySound Blaster X-FiSpace Quest CollectionSpelling Dictionaries Support For Adobe Reader 9Star Trek -- Starfleet AcademyStar Trek Voyager Elite ForceStar Wars JK II Jedi OutcastStar Wars®: Knights of the Old Republic Starfleet CommandSTARWARS: The Battle of Endor version 2.1SwitchballTGATool2A version 4.00.34The Bard's Tale Original SeriesThe Bridge Line RouteThe Game Of LifeThe HulkThe NeverhoodThe Price Is Right 1.1.4Tradewinds 2 CD 1.0Train Store V3.2Ulead VideoStudio 7 SE DVDUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB972636)Update for Windows Internet Explorer 8 (KB976662)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2541763)Update for Windows XP (KB2616676-v2)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB943729)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update Rollup 2 for Windows XP Media Center Edition 2005VLC media player 1.0.3WebFldrs XPWindows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows Media Player Firefox PluginWindows Search 4.0Windows XP Media Center Edition 2005 KB2502898Windows XP Media Center Edition 2005 KB2619340Windows XP Media Center Edition 2005 KB2628259Windows XP Media Center Edition 2005 KB925766Windows XP Media Center Edition 2005 KB973768Windows XP Service Pack 3WinRAR archiverXnView 1.96.2.==== Event Viewer Messages From Past Week ========.3/8/2013 10:15:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.3/8/2013 10:15:33 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/4/2013 9:35:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.3/4/2013 9:35:40 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.3/4/2013 9:35:40 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/10/2013 8:31:58 AM, error: Service Control Manager [7034] - The IB Updater service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
HaroldC Posted March 10, 2013 Author ID:655543 Share Posted March 10, 2013 Just tried out some google searches and at least right now I am not being redirected any longer. Link to post Share on other sites More sharing options...
Maniac Posted March 10, 2013 ID:655630 Share Posted March 10, 2013 That's good, but your log files shows a malware. Your system is still infected.Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look herePlease visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
HaroldC Posted March 11, 2013 Author ID:655709 Share Posted March 11, 2013 Ok...here is the ComboFix log:ComboFix 13-03-10.02 - Harold Cogle 03/10/2013 20:27:55.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1413 [GMT -4:00]Running from: c:\documents and settings\Harold Cogle\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Harold Cogle\Application Data\6727BCc:\documents and settings\Harold Cogle\WINDOWSc:\windows\system32\nv4_disp.dll.tmp..((((((((((((((((((((((((( Files Created from 2013-02-11 to 2013-03-11 )))))))))))))))))))))))))))))))..2013-03-10 12:31 . 2013-03-10 12:31 -------- d-----w- c:\windows\ERUNT2013-03-10 12:31 . 2013-03-10 12:31 -------- d-----w- C:\JRT2013-03-09 15:03 . 2013-03-09 15:03 159744 --sha-r- c:\windows\system32\c_10007A.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-19 19:15 . 2012-04-06 17:13 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys2013-02-19 19:12 . 2012-04-06 17:02 172416 ----a-w- c:\windows\system32\mfevtps.exe2013-02-19 19:11 . 2012-04-06 17:13 91640 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2013-02-19 19:11 . 2012-04-06 17:13 10088 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2013-02-19 19:10 . 2012-04-06 17:13 92632 ----a-w- c:\windows\system32\drivers\mferkdet.sys2013-02-19 19:09 . 2011-10-15 16:16 565888 ----a-w- c:\windows\system32\drivers\mfehidk.sys2013-02-19 19:09 . 2012-12-14 00:11 84904 ----a-w- c:\windows\system32\drivers\mfendisk.sys2013-02-19 19:09 . 2012-04-06 17:13 363080 ----a-w- c:\windows\system32\drivers\mfefirek.sys2013-02-19 19:08 . 2012-04-06 17:13 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys2013-02-19 19:08 . 2012-04-06 17:13 235264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2013-02-19 19:07 . 2011-10-15 16:16 133416 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2013-02-16 15:11 . 2012-04-06 16:35 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-02-16 15:11 . 2011-06-03 01:40 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-14 21:49 . 2012-04-14 11:26 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-08 18:04 . 2013-03-08 18:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"UpdateLBPShortCut"="c:\program files\LG DVD Writer\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"CLMLServer"="c:\program files\LG DVD Writer\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]"UpdateP2GoShortCut"="c:\program files\LG DVD Writer\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"RemoteControl8"="c:\program files\LG DVD Writer\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]"PDVD8LanguageShortcut"="c:\program files\LG DVD Writer\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]"UpdatePPShortCut"="c:\program files\LG DVD Writer\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UCam_Menu"="c:\program files\LG DVD Writer\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]"UpdatePSTShortCut"="c:\program files\LG DVD Writer\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1278064]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-02 295072].c:\documents and settings\Harold Cogle\Start Menu\Programs\Startup\PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-8-8 333088].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnkbackup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]2001-05-22 22:17 49152 ----a-w- c:\games\Atari Anniversary Edition\Volume 2\Banner.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]2006-12-12 14:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]2012-07-31 22:58 27760 ----a-w- c:\program files\LG DVD Writer\CyberLink\lg_fwupdate\lgfw.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]2009-08-20 17:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]2012-12-14 21:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]2008-06-24 23:56 136472 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]2000-06-02 23:07 24650 ----a-w- c:\progra~1\GAMECO~1\Common\SWTrayV4.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\LG DVD Writer\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"="c:\\Games\\Need For Speed III\\nfs3.exe"="c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"="c:\\Games\\Brunswick Bowling\\Bowling.exe"=.R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [8/23/2009 1:04 AM 6144]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/6/2012 1:13 PM 91640]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/10/2012 8:09 AM 398184]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/6/2012 1:12 PM 167784]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/6/2012 1:14 PM 169320]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/6/2012 1:02 PM 172416]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 9:37 PM 400368]R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/14/2012 7:26 AM 21104]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/6/2012 1:13 PM 363080]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/13/2012 8:11 PM 84904]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/14/2012 7:26 AM 682344]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/6/2012 1:13 PM 60920]S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\HAROLD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\HAROLD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8/16/2009 2:12 AM 1527900]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/13/2012 8:11 PM 84904]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/6/2012 1:13 PM 92632]S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [8/16/2009 2:14 AM 544768].--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:11].2013-03-10 c:\windows\Tasks\Dalmx.job- c:\windows\system32\c_10007A.dll [2013-03-09 15:03].2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:14].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:14].2013-03-06 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30 01:33].2013-03-09 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31].2013-03-09 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31].2013-03-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1004.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1004.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-11 c:\windows\Tasks\User_Feed_Synchronization-{3BC5B024-6002-4EB4-A269-BF5E26F69063}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.worldofspectrum.org/permits/publishers.htmluInternet Settings,ProxyServer = http=127.0.0.1:1062IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000Trusted Zone: cinemanow.comTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: roxio.comTrusted Zone: roxionow.comTrusted Zone: soe.comTrusted Zone: sonic.comTrusted Zone: sony.comFF - ProfilePath - c:\documents and settings\Harold Cogle\Application Data\Mozilla\Firefox\Profiles\5qdv0tms.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/FF - ExtSQL: 2013-01-12 12:15; {000F1EA4-5E08-4564-A29B-29076F63A37A}; c:\documents and settings\Harold Cogle\Application Data\Mozilla\Firefox\Profiles\5qdv0tms.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}FF - ExtSQL: !HIDDEN! 2009-11-19 00:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 - c:\program files\IB Updater\unins000.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-03-10 20:45Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2052111302-162531612-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:3f,26,1a,3f,fd,26,82,31,f2,79,0c,60,a8,7d,3a,af,3e,5f,5a,53,56,28,a6, a3,8e,fb,f0,7b,ab,c2,4c,63,9d,57,d0,f8,a4,14,2b,a8,72,09,96,75,e1,c9,e0,35,\"??"=hex:22,ef,c9,6c,1e,ab,c5,22,3d,c7,49,51,c1,4d,c3,00.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(1856)c:\windows\system32\relog_ap.dll.Completion time: 2013-03-10 20:48:15ComboFix-quarantined-files.txt 2013-03-11 00:48ComboFix2.txt 2012-10-13 03:06.Pre-Run: 343,006,330,880 bytes freePost-Run: 345,512,845,312 bytes free.- - End Of File - - FAE926701FFB69568601DD2FB3E5EBA4 Link to post Share on other sites More sharing options...
Maniac Posted March 11, 2013 ID:655771 Share Posted March 11, 2013 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:File::c:\windows\system32\c_10007A.dllJavaClearCache::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
HaroldC Posted March 11, 2013 Author ID:655777 Share Posted March 11, 2013 Ok....here is the log it created:ComboFix 13-03-10.02 - Harold Cogle 03/11/2013 6:26.4.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1375 [GMT -4:00]Running from: c:\documents and settings\Harold Cogle\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Harold Cogle\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}.FILE ::"c:\windows\system32\c_10007A.dll"..((((((((((((((((((((((((( Files Created from 2013-02-11 to 2013-03-11 )))))))))))))))))))))))))))))))..2013-03-10 12:31 . 2013-03-10 12:31 -------- d-----w- c:\windows\ERUNT2013-03-10 12:31 . 2013-03-10 12:31 -------- d-----w- C:\JRT2013-03-09 15:03 . 2013-03-09 15:03 159744 --sha-r- c:\windows\system32\c_10007A.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-19 19:15 . 2012-04-06 17:13 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys2013-02-19 19:12 . 2012-04-06 17:02 172416 ----a-w- c:\windows\system32\mfevtps.exe2013-02-19 19:11 . 2012-04-06 17:13 91640 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2013-02-19 19:11 . 2012-04-06 17:13 10088 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2013-02-19 19:10 . 2012-04-06 17:13 92632 ----a-w- c:\windows\system32\drivers\mferkdet.sys2013-02-19 19:09 . 2011-10-15 16:16 565888 ----a-w- c:\windows\system32\drivers\mfehidk.sys2013-02-19 19:09 . 2012-12-14 00:11 84904 ----a-w- c:\windows\system32\drivers\mfendisk.sys2013-02-19 19:09 . 2012-04-06 17:13 363080 ----a-w- c:\windows\system32\drivers\mfefirek.sys2013-02-19 19:08 . 2012-04-06 17:13 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys2013-02-19 19:08 . 2012-04-06 17:13 235264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2013-02-19 19:07 . 2011-10-15 16:16 133416 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2013-02-16 15:11 . 2012-04-06 16:35 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-02-16 15:11 . 2011-06-03 01:40 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-14 21:49 . 2012-04-14 11:26 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-08 18:04 . 2013-03-08 18:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"UpdateLBPShortCut"="c:\program files\LG DVD Writer\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"CLMLServer"="c:\program files\LG DVD Writer\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]"UpdateP2GoShortCut"="c:\program files\LG DVD Writer\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"RemoteControl8"="c:\program files\LG DVD Writer\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]"PDVD8LanguageShortcut"="c:\program files\LG DVD Writer\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]"UpdatePPShortCut"="c:\program files\LG DVD Writer\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UCam_Menu"="c:\program files\LG DVD Writer\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]"UpdatePSTShortCut"="c:\program files\LG DVD Writer\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1278064]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-02 295072].c:\documents and settings\Harold Cogle\Start Menu\Programs\Startup\PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-8-8 333088].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnkbackup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]2001-05-22 22:17 49152 ----a-w- c:\games\Atari Anniversary Edition\Volume 2\Banner.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]2006-12-12 14:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]2012-07-31 22:58 27760 ----a-w- c:\program files\LG DVD Writer\CyberLink\lg_fwupdate\lgfw.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]2009-08-20 17:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]2012-12-14 21:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]2008-06-24 23:56 136472 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]2000-06-02 23:07 24650 ----a-w- c:\progra~1\GAMECO~1\Common\SWTrayV4.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\LG DVD Writer\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"="c:\\Games\\Need For Speed III\\nfs3.exe"="c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"="c:\\Games\\Brunswick Bowling\\Bowling.exe"=.R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [8/23/2009 1:04 AM 6144]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/6/2012 1:13 PM 91640]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/10/2012 8:09 AM 398184]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/6/2012 1:12 PM 167784]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/6/2012 1:14 PM 169320]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/6/2012 1:02 PM 172416]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 9:37 PM 400368]R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/14/2012 7:26 AM 21104]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/6/2012 1:13 PM 363080]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/13/2012 8:11 PM 84904]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/14/2012 7:26 AM 682344]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/6/2012 1:13 PM 60920]S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\HAROLD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\HAROLD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8/16/2009 2:12 AM 1527900]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/13/2012 8:11 PM 84904]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/6/2012 1:13 PM 92632]S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [8/16/2009 2:14 AM 544768].--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:11].2013-03-10 c:\windows\Tasks\Dalmx.job- c:\windows\system32\c_10007A.dll [2013-03-09 15:03].2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:14].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:14].2013-03-06 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30 01:33].2013-03-09 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31].2013-03-09 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31].2013-03-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1004.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1004.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-11 c:\windows\Tasks\User_Feed_Synchronization-{3BC5B024-6002-4EB4-A269-BF5E26F69063}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.worldofspectrum.org/permits/publishers.htmluInternet Settings,ProxyServer = http=127.0.0.1:1062IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000Trusted Zone: cinemanow.comTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: roxio.comTrusted Zone: roxionow.comTrusted Zone: soe.comTrusted Zone: sonic.comTrusted Zone: sony.comFF - ProfilePath - c:\documents and settings\Harold Cogle\Application Data\Mozilla\Firefox\Profiles\5qdv0tms.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/FF - ExtSQL: 2013-01-12 12:15; {000F1EA4-5E08-4564-A29B-29076F63A37A}; c:\documents and settings\Harold Cogle\Application Data\Mozilla\Firefox\Profiles\5qdv0tms.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}FF - ExtSQL: !HIDDEN! 2009-11-19 00:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-03-11 06:42Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2052111302-162531612-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:3f,26,1a,3f,fd,26,82,31,f2,79,0c,60,a8,7d,3a,af,3e,5f,5a,53,56,28,a6, a3,8e,fb,f0,7b,ab,c2,4c,63,9d,57,d0,f8,a4,14,2b,a8,72,09,96,75,e1,c9,e0,35,\"??"=hex:22,ef,c9,6c,1e,ab,c5,22,3d,c7,49,51,c1,4d,c3,00.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(1856)c:\windows\system32\relog_ap.dll.- - - - - - - > 'explorer.exe'(5048)c:\windows\system32\WININET.dllc:\progra~1\WINDOW~3\wmpband.dllc:\windows\system32\ieframe.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2013-03-11 06:44:34ComboFix-quarantined-files.txt 2013-03-11 10:44ComboFix2.txt 2013-03-11 00:48ComboFix3.txt 2012-10-13 03:06.Pre-Run: 345,340,747,776 bytes freePost-Run: 345,341,140,992 bytes free.- - End Of File - - 6126E4F5A5D0BF1C6EDBD8E57DB90E44 Link to post Share on other sites More sharing options...
Maniac Posted March 11, 2013 ID:655879 Share Posted March 11, 2013 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:File::c:\windows\Tasks\Dalmx.jobc:\windows\system32\c_10007A.dllSave this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
HaroldC Posted March 11, 2013 Author ID:655979 Share Posted March 11, 2013 Ok....here is the new log:ComboFix 13-03-10.02 - Harold Cogle 03/11/2013 17:41:48.5.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1343 [GMT -4:00]Running from: c:\documents and settings\Harold Cogle\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Harold Cogle\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}.FILE ::"c:\windows\system32\c_10007A.dll""c:\windows\Tasks\Dalmx.job"..((((((((((((((((((((((((( Files Created from 2013-02-11 to 2013-03-11 )))))))))))))))))))))))))))))))..2013-03-10 12:31 . 2013-03-10 12:31 -------- d-----w- c:\windows\ERUNT2013-03-10 12:31 . 2013-03-10 12:31 -------- d-----w- C:\JRT2013-03-09 15:03 . 2013-03-09 15:03 159744 --sha-r- c:\windows\system32\c_10007A.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-19 19:15 . 2012-04-06 17:13 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys2013-02-19 19:12 . 2012-04-06 17:02 172416 ----a-w- c:\windows\system32\mfevtps.exe2013-02-19 19:11 . 2012-04-06 17:13 91640 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2013-02-19 19:11 . 2012-04-06 17:13 10088 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2013-02-19 19:10 . 2012-04-06 17:13 92632 ----a-w- c:\windows\system32\drivers\mferkdet.sys2013-02-19 19:09 . 2011-10-15 16:16 565888 ----a-w- c:\windows\system32\drivers\mfehidk.sys2013-02-19 19:09 . 2012-12-14 00:11 84904 ----a-w- c:\windows\system32\drivers\mfendisk.sys2013-02-19 19:09 . 2012-04-06 17:13 363080 ----a-w- c:\windows\system32\drivers\mfefirek.sys2013-02-19 19:08 . 2012-04-06 17:13 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys2013-02-19 19:08 . 2012-04-06 17:13 235264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2013-02-19 19:07 . 2011-10-15 16:16 133416 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2013-02-16 15:11 . 2012-04-06 16:35 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-02-16 15:11 . 2011-06-03 01:40 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-14 21:49 . 2012-04-14 11:26 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-08 18:04 . 2013-03-08 18:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"UpdateLBPShortCut"="c:\program files\LG DVD Writer\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"CLMLServer"="c:\program files\LG DVD Writer\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]"UpdateP2GoShortCut"="c:\program files\LG DVD Writer\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"RemoteControl8"="c:\program files\LG DVD Writer\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]"PDVD8LanguageShortcut"="c:\program files\LG DVD Writer\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]"UpdatePPShortCut"="c:\program files\LG DVD Writer\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UCam_Menu"="c:\program files\LG DVD Writer\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]"UpdatePSTShortCut"="c:\program files\LG DVD Writer\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1278064]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-02 295072].c:\documents and settings\Harold Cogle\Start Menu\Programs\Startup\PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-8-8 333088].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnkbackup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]2001-05-22 22:17 49152 ----a-w- c:\games\Atari Anniversary Edition\Volume 2\Banner.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]2006-12-12 14:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]2012-07-31 22:58 27760 ----a-w- c:\program files\LG DVD Writer\CyberLink\lg_fwupdate\lgfw.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]2009-08-20 17:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]2012-12-14 21:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]2008-06-24 23:56 136472 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]2000-06-02 23:07 24650 ----a-w- c:\progra~1\GAMECO~1\Common\SWTrayV4.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\LG DVD Writer\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"="c:\\Games\\Need For Speed III\\nfs3.exe"="c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"="c:\\Games\\Brunswick Bowling\\Bowling.exe"=.R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [8/23/2009 1:04 AM 6144]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/6/2012 1:13 PM 91640]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/10/2012 8:09 AM 398184]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/6/2012 1:12 PM 167784]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/6/2012 1:14 PM 169320]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/6/2012 1:02 PM 172416]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 9:37 PM 400368]R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/14/2012 7:26 AM 21104]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/6/2012 1:13 PM 363080]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/13/2012 8:11 PM 84904]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/14/2012 7:26 AM 682344]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/6/2012 1:13 PM 60920]S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\HAROLD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\HAROLD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8/16/2009 2:12 AM 1527900]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/13/2012 8:11 PM 84904]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/6/2012 1:13 PM 92632]S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [8/16/2009 2:14 AM 544768].--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:11].2013-03-10 c:\windows\Tasks\Dalmx.job- c:\windows\system32\c_10007A.dll [2013-03-09 15:03].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:14].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:14].2013-03-06 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30 01:33].2013-03-09 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31].2013-03-09 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31].2013-03-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1004.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1004.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30].2013-03-11 c:\windows\Tasks\User_Feed_Synchronization-{3BC5B024-6002-4EB4-A269-BF5E26F69063}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.worldofspectrum.org/permits/publishers.htmluInternet Settings,ProxyServer = http=127.0.0.1:1062IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000Trusted Zone: cinemanow.comTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: roxio.comTrusted Zone: roxionow.comTrusted Zone: soe.comTrusted Zone: sonic.comTrusted Zone: sony.comFF - ProfilePath - c:\documents and settings\Harold Cogle\Application Data\Mozilla\Firefox\Profiles\5qdv0tms.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/FF - ExtSQL: 2013-01-12 12:15; {000F1EA4-5E08-4564-A29B-29076F63A37A}; c:\documents and settings\Harold Cogle\Application Data\Mozilla\Firefox\Profiles\5qdv0tms.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}FF - ExtSQL: !HIDDEN! 2009-11-19 00:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-03-11 17:55Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2052111302-162531612-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:3f,26,1a,3f,fd,26,82,31,f2,79,0c,60,a8,7d,3a,af,3e,5f,5a,53,56,28,a6, a3,8e,fb,f0,7b,ab,c2,4c,63,9d,57,d0,f8,a4,14,2b,a8,72,09,96,75,e1,c9,e0,35,\"??"=hex:22,ef,c9,6c,1e,ab,c5,22,3d,c7,49,51,c1,4d,c3,00.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(1856)c:\windows\system32\relog_ap.dll.- - - - - - - > 'explorer.exe'(2356)c:\windows\system32\WININET.dllc:\progra~1\WINDOW~3\wmpband.dllc:\windows\system32\ieframe.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\mslbui.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2013-03-11 17:57:25ComboFix-quarantined-files.txt 2013-03-11 21:57ComboFix2.txt 2013-03-11 10:44ComboFix3.txt 2013-03-11 00:48ComboFix4.txt 2012-10-13 03:06.Pre-Run: 345,351,405,568 bytes freePost-Run: 345,334,489,088 bytes free.- - End Of File - - 1458E0D26F538248B13EF8A1165E96FF Link to post Share on other sites More sharing options...
Maniac Posted March 11, 2013 ID:656002 Share Posted March 11, 2013 Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply Link to post Share on other sites More sharing options...
HaroldC Posted March 12, 2013 Author ID:656078 Share Posted March 12, 2013 This program is not working out for me. I did have my virus scanner disabled when I ran this. This program locks up my computer. Twice I have tried and it gets to a certain point and locks up. The first time I waited more than half an hour and had to push the button on the tower to turn it off. Even the clock had stopped. I can only move the mouse cursor around. The second time I waited for more than an hour and gave up. It does have an entry in red that says ...Desktop\gmer\dds.com **INFECTED** (after this I can't see the address because the window is not big enough).After that is the line where it locks up...both times. It is in ...Local Settings\Application Data\ (after this I can't see the address because the window is not big enough).What shall I do now? Should I try it again and wait a longer period of time? Link to post Share on other sites More sharing options...
HaroldC Posted March 12, 2013 Author ID:656087 Share Posted March 12, 2013 And what is worse is my redirection malware is back. Link to post Share on other sites More sharing options...
Maniac Posted March 12, 2013 ID:656290 Share Posted March 12, 2013 Please try again in Safe mode with Networking.http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx Link to post Share on other sites More sharing options...
HaroldC Posted March 13, 2013 Author ID:656412 Share Posted March 13, 2013 Please try again in Safe mode with Networking.http://www.microsoft...t_failsafe.mspxI tried this and it locked up as before at the exact same spot. This time I waited 2 hours and the computer is unresponsive. Link to post Share on other sites More sharing options...
Maniac Posted March 13, 2013 ID:656549 Share Posted March 13, 2013 Please download Malwarebytes Anti-Rootkit from here.Unzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced. Link to post Share on other sites More sharing options...
HaroldC Posted March 14, 2013 Author ID:656839 Share Posted March 14, 2013 Did that...and the results came back negative:Malwarebytes Anti-Rootkit BETA 1.01.0.1021www.malwarebytes.orgDatabase version: v2013.03.14.01Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Harold Cogle :: KEATONZOE1824 [administrator]3/13/2013 9:31:00 PMmbar-log-2013-03-13 (21-31-00).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 27125Time elapsed: 36 minute(s), 48 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)Here is the system log:---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1021© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 8.0.6001.18702File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 2.992000 GHzMemory total: 2145480704, free: 1189240832------------ Kernel report ------------ 03/13/2013 20:53:30------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.sysohci1394.sys\WINDOWS\system32\DRIVERS\1394BUS.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.syscercsr6.sys\WINDOWS\System32\Drivers\SCSIPORT.SYSdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysmfehidk.sysPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.systimntr.systdrpman.syssnapman.sysMup.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\e1e5132.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\nic1394.sys\SystemRoot\system32\drivers\ctaud2k.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\ctoss2k.sys\SystemRoot\system32\drivers\mfeavfk.sys\SystemRoot\system32\drivers\mfefirek.sys\SystemRoot\system32\drivers\ctprxy2k.sys\SystemRoot\system32\DRIVERS\HSFHWBS2.sys\SystemRoot\system32\DRIVERS\HSF_DP.sys\SystemRoot\system32\DRIVERS\HSF_CNXT.sys\SystemRoot\System32\Drivers\Modem.SYS\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\mfendisk.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\ha20x2k.sys\SystemRoot\system32\drivers\emupia2k.sys\SystemRoot\system32\drivers\ctsfm2k.sys\SystemRoot\system32\drivers\ctac32k.sys\SystemRoot\system32\DRIVERS\flpydisk.sys\SystemRoot\System32\Drivers\crlscsi.SYS\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\drivers\mfetdi2k.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\System32\drivers\ws2ifsl.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\arp1394.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\usbscan.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_WMILIB.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\SystemRoot\System32\ATMFD.DLL\??\C:\WINDOWS\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\tifsfilt.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\System32\Drivers\Aspi32.SYS\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\system32\DRIVERS\mdmxsdk.sys\SystemRoot\system32\DRIVERS\GcKernel.sys\SystemRoot\system32\DRIVERS\HIDSwvd.sys\SystemRoot\System32\Drivers\Fastfat.SYS\SystemRoot\system32\drivers\mfeapfk.sys\SystemRoot\system32\DRIVERS\mouhid.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk2\DR4Upper Device Object: 0xffffffff89c93ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007f\Lower Device Object: 0xffffffff8a6ebea0Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTORInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8ab1dab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-22\Lower Device Object: 0xffffffff8ab8a030Lower Device Driver Name: \Driver\atapi\Driver name found: atapiInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8ab27030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-17\Lower Device Object: 0xffffffff8ab86d98Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDownloaded database version: v2013.03.14.01Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8ab27030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8ab67e88, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8ab4d930, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8ab27030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8ab86d98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-17\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\Upper DeviceData: 0xffffffffe23de2b8, 0xffffffff8ab27030, 0xffffffff877adab8Lower DeviceData: 0xffffffffe1d2d480, 0xffffffff8ab86d98, 0xffffffff8a0eecc8<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\WINDOWS\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 71517151Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 1953503937 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 1000204886016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff8ab1dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8abd9020, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8ab24b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8ab1dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8ab8a030, DeviceName: \Device\Ide\IdeDeviceP2T1L0-22\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\Upper DeviceData: 0xffffffffe5091cd0, 0xffffffff8ab1dab8, 0xffffffff87d5aab8Lower DeviceData: 0xffffffffe23613c0, 0xffffffff8ab8a030, 0xffffffff87128b20Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 421102D8Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 1953520002 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 1000204886016 bytesSector size: 512 bytesPhysical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff89c93ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8aacd2e8, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff89c8f020, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89c93ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a6ebea0, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\------------ End ----------Done!Performing system, memory and registry scan...Done!Scan finished======================================= Link to post Share on other sites More sharing options...
Maniac Posted March 14, 2013 ID:656942 Share Posted March 14, 2013 Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
HaroldC Posted March 15, 2013 Author ID:657282 Share Posted March 15, 2013 Ok....here is the log:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=8# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=880ee265ca22a94f86a8fa54cc68a56f# engine=13391# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2013-03-15 06:46:31# local_time=2013-03-15 02:46:31 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=5122 16777213 100 100 561205 112225549 0 0# scanned=618005# found=2# cleaned=1# scan_time=32065sh=CA2C815F8E42D84359254D932EB7EC603097E74D ft=1 fh=1bb73c8b9b01c178 vn="Win32/InstalleRex.E.Gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Harold Cogle\My Documents\Downloads\SetupSQIV.5.rar.exe"sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="probably a variant of Win32/Ponmocup.AA trojan" ac=I fn="${Memory}" Link to post Share on other sites More sharing options...
HaroldC Posted March 15, 2013 Author ID:657387 Share Posted March 15, 2013 That didn't fix my problem. Link to post Share on other sites More sharing options...
HaroldC Posted March 16, 2013 Author ID:657774 Share Posted March 16, 2013 I really need help. This has gone from being annoying to really serious. I get the blue screen of death every now and then (about 1ce in 3 days) and this last time my profile was corrupt (it said Windows cannot load the locally stored profile and said something about it being corrupt and insufficient security rights). When it finally loaded it acted like it was for the first time. Most of my desktop icons were missing. I tried to do a system restore and it acted like it was trying to but then it went wrong and said it could not restore. I was starting to think I would never get it back but I tried one more thing. I started the computer under my wife's profile and then tried to restore from there. I was successful in doing that and restored it back to March 12th. I'm not sure what to do from here. Everything we have tried here has not worked and I'm sure that the same thing mentioned above will happen again. Is there anything out there that can kick this bug? Link to post Share on other sites More sharing options...
Recommended Posts