Jump to content

Recommended Posts

Hi,

I have tried everything possible to remove this re-direct virus and nothing is working. Malwarebytes finds the same 8 files every day (some it removes and some it quarentines) and then upon reboot they all come back again. The last procedure I tried darn near killed my computer so I'm VERY leary about installing a lot of new removal programs at this point. I am posting my log file that malwarebytes gives me each time I do a scan. I would greatly appreciate a step-by-step guide to removing this. Here is my malware bytes log file:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6483

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

5/1/2011 9:51:47 AM

mbam-log-2011-05-01 (09-51-28).txt

Scan type: Full scan (C:\|)

Objects scanned: 207611

Time elapsed: 24 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 4

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\bcegvrwy (Trojan.FakeAlert.Gen) -> Value: bcegvrwy -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\localservice\application data\02000000a656533a1231c.manifest (Malware.Trace) -> No action taken.

c:\documents and settings\localservice\application data\02000000a656533a1231o.manifest (Malware.Trace) -> No action taken.

c:\documents and settings\localservice\application data\02000000a656533a1231p.manifest (Malware.Trace) -> No action taken.

c:\documents and settings\localservice\application data\02000000a656533a1231s.manifest (Malware.Trace) -> No action taken.

c:\documents and settings\janice keegan\application data\microsoft\stor.cfg (Malware.Trace) -> No action taken.

c:\WINDOWS\system32\02000000a656533a1231c.manifest (Malware.Trace) -> No action taken.

c:\WINDOWS\system32\02000000a656533a1231o.manifest (Malware.Trace) -> No action taken.

c:\WINDOWS\system32\02000000a656533a1231p.manifest (Malware.Trace) -> No action taken.

c:\WINDOWS\system32\02000000a656533a1231s.manifest (Malware.Trace) -> No action taken.

Link to post
Share on other sites

Hi stuckinthemiddle,

Welcome to the Malwarebytes Forum :)

My name is Matt and I will be assisting you.

Please run a Quick scan with Malwarebytes' Anti-Malware again, and this time, be sure to click Remove after it finds the infected objects. Post the log here once it is finished.

Also,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Hi Mat and thank you for such a quick reply. Not to sound frustrated, but I HAVE clicked the Remove, every single time I've run Malwarebytes, and also I've clicked the Remove on the quarentined items it's found. In fact, the log I posted was just from last night and I removed the items, then removed the quarentined items, then did a reboot, and it comes right back. I also ran TDSSKiller and it found nothing. Then I ran Trojan Remover and IT found nothing. Ran McAfee, ran MS Security Essentials, and the list goes on and on, and nothing is ever found. I really hope this doesn't mean I have something that is not removable except via format, because I really don't want to have to do that...again. Am posting the TDSSKiller log for you:

2011/05/11 22:29:41.0562 2544 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/11 22:29:42.0734 2544 ================================================================================

2011/05/11 22:29:42.0734 2544 SystemInfo:

2011/05/11 22:29:42.0734 2544

2011/05/11 22:29:42.0734 2544 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/11 22:29:42.0734 2544 Product type: Workstation

2011/05/11 22:29:42.0734 2544 ComputerName: HOME

2011/05/11 22:29:42.0750 2544 UserName: Janice Keegan

2011/05/11 22:29:42.0750 2544 Windows directory: C:\WINDOWS

2011/05/11 22:29:42.0750 2544 System windows directory: C:\WINDOWS

2011/05/11 22:29:42.0750 2544 Processor architecture: Intel x86

2011/05/11 22:29:42.0750 2544 Number of processors: 1

2011/05/11 22:29:42.0750 2544 Page size: 0x1000

2011/05/11 22:29:42.0750 2544 Boot type: Normal boot

2011/05/11 22:29:42.0750 2544 ================================================================================

2011/05/11 22:29:44.0343 2544 Initialize success

2011/05/11 22:29:48.0031 0944 ================================================================================

2011/05/11 22:29:48.0031 0944 Scan started

2011/05/11 22:29:48.0031 0944 Mode: Manual;

2011/05/11 22:29:48.0031 0944 ================================================================================

2011/05/11 22:29:50.0421 0944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/11 22:29:50.0718 0944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/11 22:29:51.0031 0944 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/05/11 22:29:51.0156 0944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/11 22:29:51.0265 0944 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/05/11 22:29:51.0406 0944 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/05/11 22:29:51.0921 0944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/11 22:29:52.0046 0944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/11 22:29:52.0187 0944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/11 22:29:52.0281 0944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/11 22:29:52.0453 0944 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys

2011/05/11 22:29:52.0625 0944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/11 22:29:52.0750 0944 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\WINDOWS\System32\drivers\bvrp_pci.sys

2011/05/11 22:29:52.0859 0944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/11 22:29:53.0015 0944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/11 22:29:53.0109 0944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/11 22:29:53.0156 0944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/11 22:29:53.0234 0944 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys

2011/05/11 22:29:53.0593 0944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/11 22:29:53.0703 0944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/11 22:29:53.0828 0944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/11 22:29:53.0921 0944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/11 22:29:54.0359 0944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/11 22:29:54.0578 0944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/11 22:29:54.0687 0944 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/05/11 22:29:54.0796 0944 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/05/11 22:29:54.0890 0944 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/11 22:29:55.0046 0944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/11 22:29:55.0140 0944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/11 22:29:55.0187 0944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/11 22:29:55.0218 0944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/05/11 22:29:55.0265 0944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/11 22:29:55.0375 0944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/11 22:29:55.0421 0944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/11 22:29:55.0500 0944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/11 22:29:55.0671 0944 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/11 22:29:55.0828 0944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/11 22:29:55.0859 0944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/11 22:29:56.0000 0944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/11 22:29:56.0093 0944 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/11 22:29:56.0171 0944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/11 22:29:56.0265 0944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/11 22:29:56.0328 0944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/11 22:29:56.0375 0944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/11 22:29:56.0421 0944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/11 22:29:56.0500 0944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/11 22:29:56.0546 0944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/11 22:29:56.0593 0944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/11 22:29:56.0671 0944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/11 22:29:56.0890 0944 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys

2011/05/11 22:29:57.0031 0944 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys

2011/05/11 22:29:57.0187 0944 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys

2011/05/11 22:29:57.0281 0944 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys

2011/05/11 22:29:57.0375 0944 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/05/11 22:29:57.0578 0944 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/05/11 22:29:57.0656 0944 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/05/11 22:29:57.0953 0944 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys

2011/05/11 22:29:58.0296 0944 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys

2011/05/11 22:29:58.0687 0944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/11 22:29:58.0781 0944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/11 22:29:58.0843 0944 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/05/11 22:29:58.0921 0944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/11 22:29:59.0000 0944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/11 22:29:59.0750 0944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/11 22:29:59.0828 0944 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/11 22:29:59.0953 0944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/11 22:30:00.0062 0944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/11 22:30:00.0156 0944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/11 22:30:00.0250 0944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/11 22:30:00.0343 0944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/11 22:30:00.0406 0944 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/11 22:30:00.0546 0944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/11 22:30:00.0640 0944 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/11 22:30:00.0734 0944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/11 22:30:00.0828 0944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/11 22:30:00.0937 0944 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/11 22:30:01.0062 0944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/11 22:30:01.0171 0944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/11 22:30:01.0312 0944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/11 22:30:01.0437 0944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/11 22:30:01.0546 0944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/11 22:30:01.0640 0944 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/11 22:30:01.0765 0944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/11 22:30:01.0843 0944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/11 22:30:01.0921 0944 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

2011/05/11 22:30:02.0031 0944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/11 22:30:02.0109 0944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/11 22:30:02.0203 0944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/11 22:30:02.0296 0944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/11 22:30:02.0437 0944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/11 22:30:02.0562 0944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/11 22:30:02.0875 0944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/11 22:30:03.0000 0944 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/11 22:30:03.0093 0944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/11 22:30:03.0203 0944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/11 22:30:03.0265 0944 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/05/11 22:30:03.0515 0944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/11 22:30:03.0656 0944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/11 22:30:03.0750 0944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/11 22:30:03.0828 0944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/11 22:30:03.0890 0944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/11 22:30:04.0000 0944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/11 22:30:04.0125 0944 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/11 22:30:04.0234 0944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/11 22:30:04.0375 0944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/11 22:30:04.0484 0944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/11 22:30:04.0578 0944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/11 22:30:04.0703 0944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/11 22:30:04.0859 0944 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys

2011/05/11 22:30:05.0031 0944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/11 22:30:05.0140 0944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/11 22:30:05.0250 0944 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/11 22:30:05.0359 0944 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/05/11 22:30:05.0437 0944 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/05/11 22:30:05.0531 0944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/11 22:30:05.0625 0944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/11 22:30:05.0859 0944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/11 22:30:06.0015 0944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/11 22:30:06.0125 0944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/11 22:30:06.0218 0944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/11 22:30:06.0312 0944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/11 22:30:06.0421 0944 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/05/11 22:30:06.0484 0944 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/05/11 22:30:06.0531 0944 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/05/11 22:30:06.0578 0944 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys

2011/05/11 22:30:06.0671 0944 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/05/11 22:30:06.0734 0944 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/05/11 22:30:06.0765 0944 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/05/11 22:30:06.0796 0944 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/05/11 22:30:06.0828 0944 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/05/11 22:30:06.0953 0944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/11 22:30:07.0125 0944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/11 22:30:07.0250 0944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/11 22:30:07.0312 0944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/11 22:30:07.0406 0944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/11 22:30:07.0515 0944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/11 22:30:07.0625 0944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/11 22:30:07.0812 0944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/11 22:30:07.0937 0944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/11 22:30:08.0125 0944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/11 22:30:08.0296 0944 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys

2011/05/11 22:30:08.0437 0944 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys

2011/05/11 22:30:08.0562 0944 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys

2011/05/11 22:30:08.0671 0944 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys

2011/05/11 22:30:08.0796 0944 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys

2011/05/11 22:30:08.0890 0944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/11 22:30:08.0984 0944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/11 22:30:09.0156 0944 ================================================================================

2011/05/11 22:30:09.0156 0944 Scan finished

2011/05/11 22:30:09.0156 0944 ================================================================================

Link to post
Share on other sites

Hi stuckinthemiddle,

You're welcome :)

Please post the OTL log that I asked for.

Also, please do not run scans using other programs unless I instruct you to; I don't want one of those programs messing up your system.

Link to post
Share on other sites

Hi Matt,

Thank you again for your quick reply!

As requested, I have run Malwarebytes again and have performed the following actions:

First I updated the software and database on the Update tab. Then I performed a Quick Scan at 7:54:05pm. After the scan completed, I clicked the Show Results button, then clicked the Delete Selected button, then clicked the Quarantine tab and clicked the Delete All button. I rebooted my system. I re-opened Malwarebytes and peformed a second update, scan and removal at 8:47:31pm. The same 8 files were found on both scans, which shows that the malware comes back after every reboot.

Also, I have run OTL and posted the two logs you requested. Please find those below the two scan logs. Thank you again for all of your help with this.

===========

FIRST SCAN

===========

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6563

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/12/2011 7:54:05 PM

mbam-log-2011-05-12 (19-54-05).txt

Scan type: Quick scan

Objects scanned: 151450

Time elapsed: 13 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\localservice\application data\02000000a656533a1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

============

SECOND SCAN

============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6564

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/12/2011 8:47:31 PM

mbam-log-2011-05-12 (20-47-31).txt

Scan type: Quick scan

Objects scanned: 151453

Time elapsed: 14 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\localservice\application data\02000000a656533a1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

===========

OTL.Txt Log

===========

OTL logfile created on: 5/12/2011 9:02:54 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Janice Keegan\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 271.00 Mb Available Physical Memory | 53.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38.24 Gb Total Space | 21.83 Gb Free Space | 57.09% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Janice Keegan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Janice Keegan\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\system32\sqlunirl32.exe (CrypKey Inc.)

PRC - C:\WINDOWS\system32\qosname32.exe (CrypKey Inc.)

PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)

PRC - C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe (Blockbuster)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Janice Keegan\Desktop\OTL.exe (OldTimer Tools)

MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\security.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (McNaiAnn32) -- C:\WINDOWS\system32\qosname32.exe (CrypKey Inc.)

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (Movielink Core Service) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe (Blockbuster)

========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys (Wondershare)

DRV - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys (Wondershare)

DRV - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys (Wondershare)

DRV - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys (Wondershare)

DRV - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys (Wondershare)

DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)

DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()

DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/05/02 15:38:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{5A537347-3F66-4458-B260-61F8DCE397CE}: C:\Documents and Settings\Janice Keegan\Local Settings\Application Data\{5A537347-3F66-4458-B260-61F8DCE397CE} [2010/09/14 21:27:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/02 19:12:40 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101102171730.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [LoadMSvcmm] C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [storageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKCU..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)

O4 - HKCU..\Run: [sonic RecordNow!] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241284236515 (WUWebControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\npptools32.dll) - C:\WINDOWS\system32\npptools32.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Janice Keegan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janice Keegan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/02 11:04:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\Shell - "" = AutoRun

O33 - MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\Shell\AutoRun\command - "" = E:\iStudio.exe

O33 - MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\Shell - "" = AutoRun

O33 - MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 21:00:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janice Keegan\Desktop\OTL.exe

[2011/05/12 20:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2011/05/11 22:28:50 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Janice Keegan\Desktop\TDSSKiller.exe

[2011/05/07 12:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2011/05/03 19:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/05/03 19:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janice Keegan\My Documents\Simply Super Software

[2011/05/03 19:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover

[2011/05/03 19:20:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2011/05/03 19:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2011/05/03 19:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janice Keegan\Application Data\Simply Super Software

[2011/05/03 19:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2011/05/03 19:17:08 | 010,905,616 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Janice Keegan\Desktop\trjsetup682.exe

[2011/05/01 09:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janice Keegan\Application Data\Malwarebytes

[2011/05/01 09:24:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/01 09:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/01 09:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/05/01 09:24:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/05/01 09:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/01 09:23:10 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janice Keegan\Desktop\mbam-setup-1.50.1.1100.exe

[2011/04/29 17:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janice Keegan\My Documents\Camcorder Instruction Manual

[2011/04/28 18:32:57 | 000,699,392 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\sqlunirl32.exe

[2011/04/28 18:32:47 | 000,699,392 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\qosname32.exe

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 21:05:35 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2011/05/12 21:00:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janice Keegan\Desktop\OTL.exe

[2011/05/12 20:59:18 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Desktop\Re-Direct Virus Won't Go Away - Malwarebytes Forum.url

[2011/05/12 20:52:26 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/12 20:48:01 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ivlkybqg.sys

[2011/05/12 20:39:05 | 000,034,914 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Facebook.url

[2011/05/12 20:26:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011/05/12 20:25:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/12 20:25:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/12 03:20:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{64FEF168-0C70-43BE-8434-1D8A0A10D006}.job

[2011/05/11 20:51:50 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Whitley Strieber's Unknown Country.url

[2011/05/11 06:00:06 | 000,000,079 | ---- | M] () -- C:\WINDOWS\System32\289a4a53

[2011/05/08 10:05:55 | 000,019,029 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\YouTube.url

[2011/05/07 13:38:32 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Desktop\Trojan Remover - Program Details.url

[2011/05/04 21:58:25 | 000,083,577 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Desktop\award.jpg

[2011/05/03 20:29:28 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Belkin Settings.url

[2011/05/03 20:28:44 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Bigfoot Phenomena - Exploration of Stick Structures.url

[2011/05/03 20:10:43 | 000,077,016 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Desktop\user.conf

[2011/05/03 19:20:22 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Trojan Remover.lnk

[2011/05/03 19:17:08 | 010,905,616 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Janice Keegan\Desktop\trjsetup682.exe

[2011/05/01 18:35:31 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Desktop\DNS Error in IE 7 - Tech Support Forum.url

[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Janice Keegan\Desktop\TDSSKiller.exe

[2011/05/01 09:24:32 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/05/01 09:23:15 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janice Keegan\Desktop\mbam-setup-1.50.1.1100.exe

[2011/04/30 22:51:34 | 000,000,475 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.url

[2011/04/30 13:45:23 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Eppic Client Portal.url

[2011/04/28 18:32:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\45373987

[2011/04/28 18:32:55 | 000,171,008 | ---- | M] () -- C:\WINDOWS\System32\npptools32.dll

[2011/04/28 18:32:46 | 000,699,392 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\sqlunirl32.exe

[2011/04/28 18:32:46 | 000,699,392 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\qosname32.exe

[2011/04/20 20:49:24 | 000,008,063 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Desktop\Watch Grey's Anatomy online (TV Show) - Watch TV Online, Free TV.url

[2011/04/15 22:28:55 | 000,001,221 | ---- | M] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Converter - the fastest free online audio and video converter.url

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 20:48:01 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ivlkybqg.sys

[2011/05/12 20:35:17 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2011/05/12 20:00:41 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\Janice Keegan\Desktop\Re-Direct Virus Won't Go Away - Malwarebytes Forum.url

[2011/05/04 21:59:28 | 000,083,577 | ---- | C] () -- C:\Documents and Settings\Janice Keegan\Desktop\award.jpg

[2011/05/03 20:10:43 | 000,077,016 | ---- | C] () -- C:\Documents and Settings\Janice Keegan\Desktop\user.conf

[2011/05/03 19:20:22 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Trojan Remover.lnk

[2011/05/03 19:20:18 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011/05/03 19:20:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011/05/03 19:20:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011/05/03 19:20:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011/05/03 19:19:30 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Janice Keegan\Desktop\Trojan Remover - Program Details.url

[2011/05/01 18:27:57 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Janice Keegan\Desktop\DNS Error in IE 7 - Tech Support Forum.url

[2011/05/01 09:24:32 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Janice Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/04/28 23:14:48 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\289a4a53

[2011/04/28 18:32:54 | 000,171,008 | ---- | C] () -- C:\WINDOWS\System32\npptools32.dll

[2011/04/28 18:32:47 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\45373987

[2010/11/13 16:04:05 | 000,698,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/09/12 15:31:13 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/09/11 23:59:20 | 000,002,838 | ---- | C] () -- C:\WINDOWS\avihizuq.dll

[2010/09/11 23:52:48 | 000,002,838 | ---- | C] () -- C:\WINDOWS\erejelehe.dll

[2010/09/11 22:47:34 | 000,002,838 | ---- | C] () -- C:\WINDOWS\evihizuq.dll

[2010/09/11 22:44:56 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ajufatahixo.dll

[2010/09/11 22:31:58 | 000,002,838 | ---- | C] () -- C:\WINDOWS\anabaliko.dll

[2010/09/11 22:04:18 | 000,002,838 | ---- | C] () -- C:\WINDOWS\avefoxoq.dll

[2010/09/11 21:55:30 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ogikitenimiqayoq.dll

[2010/09/11 21:48:13 | 000,002,838 | ---- | C] () -- C:\WINDOWS\uyacivic.dll

[2010/09/11 21:42:38 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ovasevihegozavo.dll

[2010/09/11 21:33:39 | 000,002,838 | ---- | C] () -- C:\WINDOWS\upocomepo.dll

[2010/09/11 19:30:45 | 000,002,838 | ---- | C] () -- C:\WINDOWS\azimapiqiyonox.dll

[2010/09/11 19:11:35 | 000,002,838 | ---- | C] () -- C:\WINDOWS\isirilupav.dll

[2010/09/11 19:05:30 | 000,002,838 | ---- | C] () -- C:\WINDOWS\unabayavejogumaj.dll

[2010/09/11 19:00:11 | 000,002,838 | ---- | C] () -- C:\WINDOWS\agayanac.dll

[2010/09/11 16:41:17 | 000,016,614 | ---- | C] () -- C:\WINDOWS\Nnasifinohazoz.dat

[2010/09/11 16:41:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nqunogotob.bin

[2009/11/28 22:07:51 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mapedit.ini

[2009/07/29 17:29:28 | 000,000,144 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/06/10 22:03:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\GECKOS.INI

[2009/05/18 22:46:29 | 000,000,042 | ---- | C] () -- C:\WINDOWS\WINTOYS.INI

[2009/05/03 19:01:19 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\Janice Keegan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/05/02 11:40:25 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

[2009/05/02 11:26:50 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys

[2009/05/02 11:10:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/05/02 11:02:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/05/02 06:56:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/05/02 06:55:54 | 000,294,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/07/16 16:41:25 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/07/16 16:41:21 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1997/08/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1997/08/19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/11/13 15:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movielink

[2010/02/16 18:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2009/05/09 19:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS

[2011/05/03 19:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2011/05/07 13:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/05/09 19:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janice Keegan\Application Data\Leadertech

[2011/05/03 19:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janice Keegan\Application Data\Simply Super Software

[2011/05/12 21:05:35 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

[2011/05/12 03:20:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{64FEF168-0C70-43BE-8434-1D8A0A10D006}.job

[2010/11/13 18:41:41 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

==============

Extras.Txt Log

==============

OTL Extras logfile created on: 5/12/2011 9:02:54 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Janice Keegan\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 271.00 Mb Available Physical Memory | 53.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38.24 Gb Total Space | 21.83 Gb Free Space | 57.09% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Janice Keegan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\qosname32.exe" = C:\WINDOWS\system32\qosname32.exe:*:Enabled:Windows Update Service -- (CrypKey Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)

"C:\WINDOWS\system32\qosname32.exe" = C:\WINDOWS\system32\qosname32.exe:*:Enabled:Windows Update Service -- (CrypKey Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 17

"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"BCM V.92 56K Modem" = BCM V.92 56K Modem

"Google Updater" = Google Updater

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Intelli-studio" = SAMSUNG Intelli-studio

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"Movielink Manager" = BLOCKBUSTER Movielink

"MSC" = McAfee AntiVirus Plus

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"Paint Shop Pro 6" = Paint Shop Pro 6.02 CD

"PROSet" = Intel® PRO Network Connections Drivers

"RealPlayer 6.0" = RealPlayer

"Trojan Remover_is1" = Trojan Remover 6.8.2

"VideoPad" = VideoPad Video Editor

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinZip" = WinZip

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Word8.0" = Microsoft Word 97

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/5/2011 5:28:22 PM | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting

module unknown, version 0.0.0.0, fault address 0xffffffff.

Error - 5/5/2011 6:19:16 PM | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting

module ieui.dll, version 7.0.5730.13, fault address 0x000061b5.

Error - 5/6/2011 6:06:29 PM | Computer Name = HOME | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 5/7/2011 2:06:11 PM | Computer Name = HOME | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 5/7/2011 2:06:28 PM | Computer Name = HOME | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 5/7/2011 2:06:38 PM | Computer Name = HOME | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 5/7/2011 2:06:47 PM | Computer Name = HOME | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 5/8/2011 1:58:53 PM | Computer Name = HOME | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 5/9/2011 8:46:49 PM | Computer Name = HOME | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 5/10/2011 9:56:15 PM | Computer Name = HOME | Source = MSSecurityEssentials | ID = 5000

Description =

[ System Events ]

Error - 5/12/2011 8:24:07 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 3002

Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x8007013d Error description: The system cannot find message text

for message number 0x%1 in the message file for %2. Reason: %%842

Error - 5/12/2011 8:24:07 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 3002

Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x8007013d Error description: The system cannot find message text

for message number 0x%1 in the message file for %2. Reason: %%842

Error - 5/12/2011 8:24:08 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 3002

Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x8007013d Error description: The system cannot find message text

for message number 0x%1 in the message file for %2. Reason: %%837

Error - 5/12/2011 8:24:08 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 3002

Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x8007013d Error description: The system cannot find message text

for message number 0x%1 in the message file for %2. Reason: %%837

Error - 5/12/2011 8:29:46 PM | Computer Name = HOME | Source = DCOM | ID = 10010

Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register

with DCOM within the required timeout.

Error - 5/12/2011 8:30:33 PM | Computer Name = HOME | Source = DCOM | ID = 10010

Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register

with DCOM within the required timeout.

Error - 5/12/2011 8:35:23 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 3002

Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x8007013d Error description: The system cannot find message text

for message number 0x%1 in the message file for %2. Reason: %%842

Error - 5/12/2011 8:35:23 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 3002

Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x8007013d Error description: The system cannot find message text

for message number 0x%1 in the message file for %2. Reason: %%842

Error - 5/12/2011 8:35:23 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 3002

Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x8007013d Error description: The system cannot find message text

for message number 0x%1 in the message file for %2. Reason: %%837

Error - 5/12/2011 8:35:23 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 3002

Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x8007013d Error description: The system cannot find message text

for message number 0x%1 in the message file for %2. Reason: %%837

< End of report >

Link to post
Share on other sites

Hi stuckinthemiddle,

You're welcome :)

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\npptools32.dll) - C:\WINDOWS\system32\npptools32.dll ()
    O33 - MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\Shell\AutoRun\command - "" = E:\iStudio.exe
    O33 - MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    [2011/05/12 20:48:01 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ivlkybqg.sys
    [2011/05/11 06:00:06 | 000,000,079 | ---- | M] () -- C:\WINDOWS\System32\289a4a53
    [2011/04/28 18:32:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\45373987
    [2011/04/28 18:32:55 | 000,171,008 | ---- | M] () -- C:\WINDOWS\System32\npptools32.dll
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Link to post
Share on other sites

Hi again Matt,

Wow, not sure why, but it took me about 10 times to sign into the forum!! Anyhow, I followed your instructions and am posting the log for you. I do not want to go to Google to test anything until you've reviewed everything and give me the "ok".

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\npptools32.dll deleted successfully.

C:\WINDOWS\system32\npptools32.dll moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e0900c-1364-11df-bd62-000cf18954a4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e0900c-1364-11df-bd62-000cf18954a4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e0900c-1364-11df-bd62-000cf18954a4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e0900c-1364-11df-bd62-000cf18954a4}\ not found.

File E:\iStudio.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4f2b2ad-5852-11de-bbaa-000cf18954a4}\ not found.

File E:\LaunchU3.exe -a not found.

C:\WINDOWS\system32\drivers\ivlkybqg.sys moved successfully.

C:\WINDOWS\system32\289a4a53 moved successfully.

C:\WINDOWS\system32\45373987 moved successfully.

File C:\WINDOWS\System32\npptools32.dll not found.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

User: Janice Keegan

->Temp folder emptied: 31429830 bytes

->Temporary Internet Files folder emptied: 45713507 bytes

->Java cache emptied: 71017391 bytes

->Flash cache emptied: 156301 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 7073 bytes

User: NetworkService

->Temp folder emptied: 834330 bytes

->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1145933 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12653444 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 204078 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 156.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: Janice Keegan

->Flash cache emptied: 0 bytes

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05122011_230900

Files\Folders moved on Reboot...

C:\WINDOWS\temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi Matt,

I haven't heard back from you since my last post so I decided to try and see if the re-direct was still happening, and unfortunately, it is. One thing I noticed is that each time Malywarebytes cleans the objects and I reboot, it comes back and uses a different name in the re-direct string. First it started with "hippa"...etc...then several different ones after that, and this time it's "choosesearch". I immediately click my browser closed before the pages load just in case. I REALLY hope there is a solution to fixing this. Hope to hear back from you soon.

Link to post
Share on other sites

Hi stuckinthemiddle,

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click Scan

On completion of the scan

Click the Fix for TDL4 or FIXMBR for Whistler Button Select as appropriate

Save the log as before and post in your next reply.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi Matt,

Listen, I'm having major issues with signing into ANYTHING. It takes me upwards of 50 times to log into this forum. I type in my username and password and it still says I need to sign in. This is happening on practically every website I am registered with, so right now I don't know if I'm even going to be able to get back here to post anything from these programs you want me to download. The first one, aswMRB.exe tells me if I fix the MBR that it'll re-write my boot record and might screw up my partitions and right now that would be the LAST thing I need to go wrong as I can barely get things to function right as it is. The combo fix sounds like one very scary program that I don't know if I even want to mess with. Is there ANY other way to fix what is going on without having to use all of these programs??? And also, somehow I got a trojan now that comes up with the other 8 files that malwarebytes finds in it's scan. NO idea how I got that as I've not been even able to barely load a webpage without Internet Explorer telling me it can't load the page. I'm about two seconds from formatting my entire system and starting over, which I REALLY don't want to have to do because it takes forever to re-download, re-install and re-configure everything. But right now I don't know if I can even get signed back in once close this page to post logs for you from these programs. I am posting the last malwarebytes log for you which is all I can do for you at this point without fear of losing the rest of my OS. Please take a look at those and tell me if there is ANYTHING else I can do besides these last two programs you posted. If I do not post back it's because I cannot get signed in. If you have an email address where I can correspond further, that would be most helpful if I can't get signed back into the forum. I have no where else to turn to fix this so I hope you can help me.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6579

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/14/2011 4:00:10 PM

mbam-log-2011-05-14 (16-00-10).txt

Scan type: Quick scan

Objects scanned: 149082

Time elapsed: 7 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\localservice\application data\02000000a656533a1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000a656533a1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000a656533a1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi Matt, Sorry for a late reply. Almost impossible to sign into the forums now. Managed to save most of my files for recovery in case I lose everything. Am going to try the aswMBR.exe and ComboFix tomorrow as it's already 11:30pm and I don't have time enough to do so tonight. Please keep a watch for the log files from both as requested within the next day or two. Will post them as soon as I possibly can.

Link to post
Share on other sites

==========

aswMBR.txt

==========

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-17 18:33:02

-----------------------------

18:33:02.984 OS Version: Windows 5.1.2600 Service Pack 3

18:33:02.984 Number of processors: 1 586 0x209

18:33:02.984 ComputerName: HOME UserName:

18:33:08.234 Initialize success

18:33:22.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

18:33:22.156 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3

18:33:24.171 Disk 0 MBR read successfully

18:33:24.171 Disk 0 MBR scan

18:33:24.171 Disk 0 Windows XP default MBR code

18:33:26.281 Disk 0 scanning sectors +80276805

18:33:26.296 Disk 0 scanning C:\WINDOWS\system32\drivers

18:33:33.500 Service scanning

18:33:35.203 Disk 0 trace - called modules:

18:33:35.218 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

18:33:35.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f83ab8]

18:33:35.218 3 CLASSPNP.SYS[f87b6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fdbd98]

18:33:35.218 Scan finished successfully

18:34:12.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Janice Keegan\Desktop\MBR.dat"

18:34:12.015 The log file has been saved successfully to "C:\Documents and Settings\Janice Keegan\Desktop\aswMBR.txt"

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-17 18:33:02

-----------------------------

18:33:02.984 OS Version: Windows 5.1.2600 Service Pack 3

18:33:02.984 Number of processors: 1 586 0x209

18:33:02.984 ComputerName: HOME UserName:

18:33:08.234 Initialize success

18:33:22.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

18:33:22.156 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3

18:33:24.171 Disk 0 MBR read successfully

18:33:24.171 Disk 0 MBR scan

18:33:24.171 Disk 0 Windows XP default MBR code

18:33:26.281 Disk 0 scanning sectors +80276805

18:33:26.296 Disk 0 scanning C:\WINDOWS\system32\drivers

18:33:33.500 Service scanning

18:33:35.203 Disk 0 trace - called modules:

18:33:35.218 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

18:33:35.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f83ab8]

18:33:35.218 3 CLASSPNP.SYS[f87b6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fdbd98]

18:33:35.218 Scan finished successfully

18:34:12.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Janice Keegan\Desktop\MBR.dat"

18:34:12.015 The log file has been saved successfully to "C:\Documents and Settings\Janice Keegan\Desktop\aswMBR.txt"

18:34:58.265 Disk 0 Windows 501 MBR fixed successfully

18:35:22.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Janice Keegan\Desktop\MBR.dat"

18:35:22.609 The log file has been saved successfully to "C:\Documents and Settings\Janice Keegan\Desktop\aswMBR.txt"

===============

ComboFixlog.txt

===============

ComboFix 11-05-17.01 - Janice Keegan 05/17/2011 18:44:59.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.283 [GMT -4:00]

Running from: c:\documents and settings\Janice Keegan\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Janice Keegan\GoToAssistDownloadHelper.exe

c:\documents and settings\Janice Keegan\Local Settings\Application Data\{5A537347-3F66-4458-B260-61F8DCE397CE}

c:\documents and settings\Janice Keegan\Local Settings\Application Data\{5A537347-3F66-4458-B260-61F8DCE397CE}\chrome.manifest

c:\documents and settings\Janice Keegan\Local Settings\Application Data\{5A537347-3F66-4458-B260-61F8DCE397CE}\chrome\content\_cfg.js

c:\documents and settings\Janice Keegan\Local Settings\Application Data\{5A537347-3F66-4458-B260-61F8DCE397CE}\chrome\content\overlay.xul

c:\documents and settings\Janice Keegan\Local Settings\Application Data\{5A537347-3F66-4458-B260-61F8DCE397CE}\install.rdf

c:\documents and settings\LocalService\Application Data\02000000a656533a1231C.manifest

c:\documents and settings\LocalService\Application Data\02000000a656533a1231O.manifest

c:\documents and settings\LocalService\Application Data\02000000a656533a1231P.manifest

c:\documents and settings\LocalService\Application Data\02000000a656533a1231S.manifest

C:\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))

.

.

2011-05-13 03:09 . 2011-04-28 22:32 699392 ----a-w- c:\windows\system32\avicap32.exe

2011-05-13 03:09 . 2011-04-28 22:32 699392 ----a-w- c:\windows\system32\sisbkup32.exe

2011-05-13 03:09 . 2011-05-13 03:09 171008 ----a-w- c:\windows\system32\nlhtml32.dll

2011-05-13 03:09 . 2011-05-13 03:09 -------- d-----w- C:\_OTL

2011-05-07 16:49 . 2011-05-07 16:49 -------- d-----w- c:\program files\VideoLAN

2011-05-03 23:21 . 2011-05-14 20:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-05-03 23:20 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2011-05-03 23:20 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-05-03 23:20 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2011-05-03 23:20 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2011-05-03 23:20 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2011-05-03 23:20 . 2011-05-03 23:20 -------- d-----w- c:\program files\Trojan Remover

2011-05-03 23:20 . 2011-05-03 23:20 -------- d-----w- c:\documents and settings\Janice Keegan\Application Data\Simply Super Software

2011-05-03 23:20 . 2011-05-03 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2011-05-01 13:24 . 2011-05-01 13:24 -------- d-----w- c:\documents and settings\Janice Keegan\Application Data\Malwarebytes

2011-05-01 13:24 . 2011-05-01 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-01 13:24 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-01 13:24 . 2011-05-01 13:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-01 13:24 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-28 22:32 . 2011-04-28 22:32 699392 ----a-w- c:\windows\system32\sqlunirl32.exe

2011-04-28 22:32 . 2011-04-28 22:32 699392 ----a-w- c:\windows\system32\qosname32.exe

2011-04-25 21:49 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEEA7A22-CC32-4D72-9FD5-CED4FAC4FCCA}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-14 18:01 . 2010-09-12 06:58 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 18:01 . 2010-09-12 06:58 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 18:01 . 2010-09-12 06:58 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 18:01 . 2010-09-12 06:58 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 18:01 . 2010-09-12 06:58 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 18:01 . 2010-09-12 06:58 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 18:01 . 2010-09-12 06:58 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 18:01 . 2010-09-12 06:58 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 18:01 . 2010-06-01 00:32 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 18:01 . 2010-06-01 00:32 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-11 07:04 . 2010-09-12 18:35 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-02 198160]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"LoadMSvcmm"="c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" [2010-01-28 454856]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]

Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\nlhtml32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\qosname32.exe"=

"c:\\WINDOWS\\system32\\avicap32.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/12/2010 2:58 AM 84200]

R2 lanmanserver32;Server ;c:\windows\system32\avicap32.exe [5/12/2011 11:09 PM 699392]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/12/2010 2:58 AM 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/12/2010 2:58 AM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/12/2010 2:58 AM 271480]

R2 McNaiAnn32;McAfee VirusScan Announcer ;c:\windows\system32\qosname32.exe [4/28/2011 6:32 PM 699392]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [9/12/2010 2:58 AM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [9/12/2010 2:58 AM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/12/2010 2:58 AM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/12/2010 2:58 AM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/12/2010 2:58 AM 88736]

S0 blgmc;blgmc;c:\windows\system32\drivers\ivlkybqg.sys --> c:\windows\system32\drivers\ivlkybqg.sys [?]

S1 MpKsl6fdc8f09;MpKsl6fdc8f09;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425166B1-E279-4258-80C1-F19BE29ADED2}\MpKsl6fdc8f09.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425166B1-E279-4258-80C1-F19BE29ADED2}\MpKsl6fdc8f09.sys [?]

S1 MpKsl8e91339b;MpKsl8e91339b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A2D500-9AF0-49D5-AB0F-40E8E579FDCF}\MpKsl8e91339b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A2D500-9AF0-49D5-AB0F-40E8E579FDCF}\MpKsl8e91339b.sys [?]

S1 MpKslc69377a7;MpKslc69377a7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D5868D-8DBF-465C-815B-B2CF3B9B4A31}\MpKslc69377a7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D5868D-8DBF-465C-815B-B2CF3B9B4A31}\MpKslc69377a7.sys [?]

S1 MpKsle5a72124;MpKsle5a72124;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E9C57CE-7B6B-4935-9E40-534DE95CA893}\MpKsle5a72124.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E9C57CE-7B6B-4935-9E40-534DE95CA893}\MpKsle5a72124.sys [?]

S2 gupdate1c9cb5bb70a94da;Google Update Service (gupdate1c9cb5bb70a94da);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2009 3:25 PM 133104]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/12/2010 2:58 AM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/12/2010 2:58 AM 84488]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [11/13/2010 6:53 PM 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [11/13/2010 6:53 PM 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [11/13/2010 6:53 PM 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [11/13/2010 6:54 PM 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [11/13/2010 6:54 PM 25704]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - aswMBR

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-17 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 19:24]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 19:25]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 19:25]

.

2011-05-17 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

.

2011-05-17 c:\windows\Tasks\User_Feed_Synchronization-{64FEF168-0C70-43BE-8434-1D8A0A10D006}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]

.

2010-11-13 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-02-16 00:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Sonic RecordNow! - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-17 18:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-05-17 18:56:21

ComboFix-quarantined-files.txt 2011-05-17 22:56

.

Pre-Run: 23,258,001,408 bytes free

Post-Run: 23,296,212,992 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 90C2601F4A9DAFB75B8C2B4BA9052D99

Link to post
Share on other sites

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

============

MBRCheck.txt

============

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000d

Kernel Drivers (total 128):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806EE000 \WINDOWS\system32\hal.dll

0xF8C76000 \WINDOWS\system32\KDCOM.DLL

0xF8B86000 \WINDOWS\system32\BOOTVID.dll

0xF8727000 ACPI.sys

0xF8C78000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF8716000 pci.sys

0xF8776000 isapnp.sys

0xF8D3E000 pciide.sys

0xF89F6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF8786000 MountMgr.sys

0xF86F7000 ftdisk.sys

0xF89FE000 PartMgr.sys

0xF8796000 VolSnap.sys

0xF86DF000 atapi.sys

0xF87A6000 disk.sys

0xF87B6000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF86BF000 fltmgr.sys

0xF86AD000 sr.sys

0xF8650000 mfehidk.sys

0xF8A06000 PxHelp20.sys

0xF863B000 drvmcdb.sys

0xF8624000 KSecDD.sys

0xF8597000 Ntfs.sys

0xF856A000 NDIS.sys

0xF8550000 Mup.sys

0xF87C6000 agp440.sys

0xF88A6000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF7BEB000 \SystemRoot\System32\DRIVERS\nv4_mini.sys

0xF7BD7000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF8AB6000 \SystemRoot\System32\DRIVERS\usbuhci.sys

0xF7BB3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF8ABE000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xF7AA6000 \SystemRoot\System32\DRIVERS\BCMSM.sys

0xF7A83000 \SystemRoot\System32\DRIVERS\ks.sys

0xF8AC6000 \SystemRoot\System32\Drivers\Modem.SYS

0xF7A5B000 \SystemRoot\System32\DRIVERS\e100b325.sys

0xF8ACE000 \SystemRoot\System32\DRIVERS\fdc.sys

0xF88B6000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xF8AD6000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xF8ADE000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF88C6000 \SystemRoot\System32\DRIVERS\serial.sys

0xF8C4A000 \SystemRoot\System32\DRIVERS\serenum.sys

0xF7A47000 \SystemRoot\System32\DRIVERS\parport.sys

0xF88D6000 \SystemRoot\System32\DRIVERS\imapi.sys

0xF8C90000 \SystemRoot\system32\drivers\sscdbhk5.sys

0xF88E6000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF88F6000 \SystemRoot\System32\DRIVERS\redbook.sys

0xF79B9000 \SystemRoot\system32\drivers\smwdm.sys

0xF7995000 \SystemRoot\system32\drivers\portcls.sys

0xF8906000 \SystemRoot\system32\drivers\drmk.sys

0xF8C92000 \SystemRoot\system32\drivers\aeaudio.sys

0xF8E99000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF7981000 \SystemRoot\system32\DRIVERS\mfendisk.sys

0xF8916000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xF8C56000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xF796A000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF8926000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF8936000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF8AE6000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF7959000 \SystemRoot\System32\DRIVERS\psched.sys

0xF8946000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF7935000 \SystemRoot\system32\drivers\mfeavfk.sys

0xF78EA000 \SystemRoot\system32\drivers\mfefirek.sys

0xF8AEE000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF8AF6000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF8956000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF8C96000 \SystemRoot\System32\DRIVERS\swenum.sys

0xF7864000 \SystemRoot\System32\DRIVERS\update.sys

0xF8507000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF8966000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF8976000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF8C9E000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF8AFE000 \SystemRoot\System32\DRIVERS\flpydisk.sys

0xF8CA0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF8E2A000 \SystemRoot\System32\Drivers\Null.SYS

0xF8CA2000 \SystemRoot\System32\Drivers\Beep.SYS

0xF8B0E000 \SystemRoot\system32\drivers\ssrtln.sys

0xF8B16000 \SystemRoot\System32\drivers\vga.sys

0xF8CA4000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF8CA6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF8B1E000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF8B26000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7D2F000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xEE5EF000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xEE596000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xEE583000 \SystemRoot\system32\drivers\mfetdi2k.sys

0xEE55D000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xEE535000 \SystemRoot\System32\DRIVERS\netbt.sys

0xEE513000 \SystemRoot\System32\drivers\afd.sys

0xF8996000 \SystemRoot\System32\DRIVERS\netbios.sys

0xEE4E8000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xF8C1E000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS

0xEE478000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xF89C6000 \SystemRoot\System32\Drivers\Fips.SYS

0xF89D6000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xF87F6000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xEE438000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF8CAE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF8C3E000 \SystemRoot\System32\drivers\Dxapi.sys

0xF8B36000 \SystemRoot\System32\watchdog.sys

0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys

0xF8D85000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF9D5000 \SystemRoot\System32\nv4_disp.dll

0xEE6AA000 \SystemRoot\system32\drivers\drvnddm.sys

0xF8DD0000 \SystemRoot\system32\dla\tfsndres.sys

0xEDF14000 \SystemRoot\system32\dla\tfsnifs.sys

0xF8C36000 \SystemRoot\system32\dla\tfsnopio.sys

0xF8CB2000 \SystemRoot\system32\dla\tfsnpool.sys

0xF8B4E000 \SystemRoot\system32\dla\tfsnboio.sys

0xEE69A000 \SystemRoot\system32\dla\tfsncofs.sys

0xF8DD1000 \SystemRoot\system32\dla\tfsndrct.sys

0xEDEFC000 \SystemRoot\system32\dla\tfsnudf.sys

0xEDEE3000 \SystemRoot\system32\dla\tfsnudfa.sys

0xEDEDF000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xEDB86000 \SystemRoot\system32\drivers\wdmaud.sys

0xEDDDB000 \SystemRoot\system32\drivers\sysaudio.sys

0xED04B000 \SystemRoot\System32\DRIVERS\mrxdav.sys

0xF8C88000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xECEE1000 \SystemRoot\System32\DRIVERS\srv.sys

0xEC7E9000 \SystemRoot\System32\Drivers\HTTP.sys

0xEC759000 \SystemRoot\system32\drivers\cfwids.sys

0xEC4B0000 \SystemRoot\system32\drivers\mfeapfk.sys

0xEC526000 \SystemRoot\system32\drivers\mfebopk.sys

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xEC3BA000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):

0 System Idle Process

4 System

448 C:\WINDOWS\system32\smss.exe

500 csrss.exe

524 C:\WINDOWS\system32\winlogon.exe

568 C:\WINDOWS\system32\services.exe

580 C:\WINDOWS\system32\lsass.exe

744 C:\WINDOWS\system32\svchost.exe

808 svchost.exe

876 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

912 C:\WINDOWS\system32\svchost.exe

964 svchost.exe

1024 svchost.exe

1340 C:\WINDOWS\explorer.exe

1372 C:\WINDOWS\system32\spoolsv.exe

1480 C:\WINDOWS\BCMSMMSG.exe

1500 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

1544 C:\Program Files\Microsoft Security Essentials\msseces.exe

1568 C:\WINDOWS\system32\dla\tfswctrl.exe

1600 C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe

1644 C:\WINDOWS\system32\rundll32.exe

1680 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

1760 C:\Program Files\Microsoft Office\Office\OSA.EXE

188 svchost.exe

408 C:\Program Files\Java\jre6\bin\jqs.exe

1012 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

1008 C:\WINDOWS\system32\sisbkup32.exe

1128 C:\WINDOWS\system32\qosname32.exe

1272 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe

1056 C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe

1624 C:\WINDOWS\system32\nvsvc32.exe

1732 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

2168 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

2836 C:\WINDOWS\system32\ctfmon.exe

3020 C:\WINDOWS\system32\rundll32.exe

3140 C:\WINDOWS\system32\wscntfy.exe

3384 alg.exe

2664 C:\Program Files\McAfee.com\Agent\mcagent.exe

2360 C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

1936 C:\WINDOWS\system32\avicap32.exe

3684 MpCmdRun.exe

3696 C:\Documents and Settings\Janice Keegan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6E040L0, Rev: NAR61590

Size Device Name MBR Status

--------------------------------------------

38 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.