Jump to content

Need help with scour redirect virus removal


Recommended Posts

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

hi

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Thank you for helping me. Here is the Combofix log:

ComboFix 11-07-02.02 - Greg 07/02/2011 19:43:03.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1373 [GMT -4:00]

Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Greg\LOCALS~1\Temp\IadHide4.dll

c:\documents and settings\Greg\Local Settings\Temp\IadHide4.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))

.

.

2011-07-02 23:14 . 2011-06-20 12:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DE1D799A-192F-4641-8883-BD7C84FD430C}\mpengine.dll

2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes

2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-02 18:14 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-02 18:14 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-02 17:43 . 2011-07-02 17:43 388096 ----a-r- c:\documents and settings\Greg\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-02 17:43 . 2011-07-02 17:43 -------- d-----w- c:\program files\Trend Micro

2011-06-22 16:34 . 2011-06-22 16:34 -------- d-----w- C:\spoolerlogs

2011-06-16 20:32 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-22 16:48 . 2011-05-14 16:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14 . 2009-10-02 16:22 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-02 15:31 . 2008-01-21 04:57 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2007-07-27 12:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2007-07-27 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2007-07-27 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-02_17.22.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-02 23:14 . 2011-07-02 23:14 1590 c:\windows\SoftwareDistribution\EventCache\{21663376-D68F-444B-AE37-FFA09FCC92AB}.bin

+ 2011-07-02 17:43 . 2011-07-02 17:43 1094656 c:\windows\Installer\148c72.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="d:\program files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2010-02-23 16384]

"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-22 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

Logitech Desktop Messenger.lnk - d:\program files\Desktop Messenger\8876480\Program\LDMConf.exe [2010-2-23 196608]

Logitech SetPoint.lnk - d:\program files\SetPoint\SetPoint.exe [2008-11-3 805392]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "d:\program files\Qualcomm\Eudora Mail\EuShlExt.dll" [2005-11-14 86016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"d:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 8:58 AM 136176]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\x86\RaInfo.sys --> d:\program files\x86\RaInfo.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 8:58 AM 136176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 12:57]

.

2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 12:57]

.

2011-07-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.gmaxventures.com/

uInternet Settings,ProxyOverride = localhost

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.dogwoodguitars.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-02 19:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(704)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(3776)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\RTHDCPL.EXE

c:\program files\Sony\MD Simple Burner\NetMDSB.exe

d:\program files\Blaze Media Pro\NMSAccess32.exe

c:\windows\system32\wscntfy.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-07-02 19:54:26 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-02 23:54

ComboFix2.txt 2011-07-02 17:27

.

Pre-Run: 2,158,497,792 bytes free

Post-Run: 2,303,336,448 bytes free

.

- - End Of File - - 2DB939780136D3DBBD30337F6591708E

Link to post
Share on other sites

hi

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\drivers\xcpip.sys

    [*]Click on the Upload button

    [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.

    [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

    [*]Paste the contents of the Clipboard in your next reply.

Link to post
Share on other sites

I followed your instructions. The VirSCAN.org site won't accept a cut and paste entry to the scan box, neither will it allow me to type the file name. It only accepts a file name that I can locate using the browse function. When I attempted to browse to the file, I could not locate it in the c:\windows\system32\drivers folder. I also did a search for the file using the Windows find funtion, it did not find any file of that name.

Link to post
Share on other sites

hi

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Link to post
Share on other sites

Here are the two logs you requested:

OTL logfile created on: 7/3/2011 6:07:45 PM - Run 1

OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Greg\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.58% Memory free

3.83 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 13.97 Gb Total Space | 2.14 Gb Free Space | 15.29% Space Free | Partition Type: NTFS

Drive D: | 46.57 Gb Total Space | 35.64 Gb Free Space | 76.54% Space Free | Partition Type: NTFS

Drive E: | 14.00 Gb Total Space | 13.15 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: GREG-MAIN | User Name: Greg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

PRC - [2010/02/23 17:19:34 | 000,016,384 | ---- | M] () -- D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe

PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2004/04/21 20:26:56 | 000,778,240 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)

DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)

DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2007/07/03 06:33:26 | 000,029,696 | R--- | M] (Atheros Communications Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)

DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmaxventures.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.dogwoodguitars.com/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/14 18:27:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/05/06 08:13:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/05/06 08:13:18 | 000,000,000 | ---D | M]

[2010/09/08 09:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions

[2010/10/14 11:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\extensions

[2007/11/20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/06/15 14:16:26 | 000,618,793 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost #[iPv6]

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 abcstats.com

O1 - Hosts: 127.0.0.1 a.abv.bg

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 ca.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 16379 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKCU..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

O4 - HKCU..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()

O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://esource.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - D:\Program Files\Qualcomm\Eudora Mail\EuShlExt.dll (Qualcomm Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/21 01:00:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2000/01/07 20:57:58 | 000,000,131 | ---- | M] () - E:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2001/07/04 10:10:26 | 000,000,254 | ---- | M] () - E:\Autoexec.Bat -- [ NTFS ]

O32 - AutoRun File - [2000/08/30 09:06:42 | 000,000,131 | ---- | M] () - E:\autoexec.nai -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 18:05:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

[2011/07/02 19:39:56 | 004,130,503 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe

[2011/07/02 18:41:38 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe

[2011/07/02 14:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes

[2011/07/02 14:14:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/02 14:14:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/02 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\HiJackThis

[2011/07/02 13:06:41 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/07/02 12:25:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/02 12:25:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/02 12:25:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/02 12:25:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/02 12:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/07/02 12:00:19 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/02 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools

[2011/06/22 12:34:38 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2011/06/04 13:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

[2011/07/03 17:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/03 12:18:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/03 01:58:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/02 19:52:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/02 19:49:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/02 19:40:07 | 004,130,503 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe

[2011/07/02 18:55:33 | 2138,222,592 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2011/07/02 18:41:51 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe

[2011/07/02 13:06:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/06/29 11:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011/06/24 09:33:55 | 001,036,375 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110702-112108.backup

[2011/06/20 15:07:55 | 000,000,000 | ---- | M] () -- C:\Card_2

[2011/06/17 03:02:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/16 11:16:17 | 000,016,691 | ---- | M] () -- C:\WINDOWS\Debug.ini

[2011/06/16 11:16:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\Temp.ini

[2011/06/16 11:16:05 | 000,000,904 | ---- | M] () -- C:\WINDOWS\umaxuapi.ini

[2011/06/15 15:51:44 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2011/06/15 14:16:26 | 000,618,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/06/06 12:16:34 | 001,035,883 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-093355.backup

[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/02 13:06:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/07/02 13:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/07/02 12:25:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/02 12:25:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/02 12:25:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/02 12:25:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/02 12:25:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/02 12:17:16 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/06/20 15:07:55 | 000,000,000 | ---- | C] () -- C:\Card_2

[2010/02/23 17:19:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

[2009/12/21 20:42:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat

[2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services

[2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Greg\Application Data\InkjetPrinter

[2009/11/09 11:50:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2009/11/09 11:50:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Keyboard Layouts

[2009/08/14 18:18:57 | 000,149,152 | ---- | C] () -- C:\WINDOWS\hphins31.dat

[2009/08/14 18:18:56 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat

[2008/12/05 21:34:18 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll

[2008/10/03 19:07:10 | 003,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll

[2008/09/28 13:33:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll

[2008/08/28 07:20:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll

[2008/08/28 07:17:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll

[2008/08/28 07:17:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll

[2008/08/04 09:04:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\clk2PDF.INI

[2008/06/09 16:46:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/04/15 16:59:23 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2008/03/18 12:24:11 | 000,000,904 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini

[2008/03/18 12:23:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini

[2008/03/18 11:31:51 | 000,001,178 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2008/03/18 11:31:44 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2008/03/18 11:24:44 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI

[2008/03/18 11:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI

[2008/03/18 11:07:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2008/03/18 11:04:23 | 000,016,691 | ---- | C] () -- C:\WINDOWS\Debug.ini

[2008/03/18 11:01:44 | 000,000,181 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2008/03/18 11:01:32 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll

[2008/03/18 11:01:20 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys

[2008/02/11 12:17:48 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/10 17:45:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/02/10 12:22:44 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2008/02/10 12:22:44 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2008/02/10 12:22:41 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2008/02/10 12:22:41 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2008/01/22 12:54:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL

[2008/01/22 01:41:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/01/21 03:09:52 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/01/21 02:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/01/21 01:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/01/21 00:56:24 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/01/20 18:41:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/01/20 18:38:07 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/12/05 02:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/12/05 02:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/12/05 02:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2007/12/05 02:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/07/27 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2007/07/27 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2007/07/27 08:00:00 | 000,380,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2007/07/27 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2007/07/27 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2007/07/27 08:00:00 | 000,052,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2007/07/27 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2007/07/27 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2007/07/27 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2007/07/27 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2007/07/27 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2007/07/27 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2005/11/05 19:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe

[2005/05/17 16:37:10 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe

[2002/07/19 12:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe

[2002/01/01 01:57:52 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2002/01/01 01:51:45 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2002/01/01 01:51:45 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2002/01/01 01:51:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/07/02 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/18 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/10/18 19:52:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/02/02 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2011/07/02 12:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/11/09 11:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2010/11/19 20:58:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}

[2010/10/18 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10

[2008/06/04 05:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\IDS_COMPANY

[2009/12/30 11:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Juniper Networks

[2008/03/18 15:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasher

[2011/07/03 18:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasherPro

[2009/11/09 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Nikon

[2010/01/01 17:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Octoshape

[2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems

[2011/07/03 01:58:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2007/07/27 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe

[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

[2007/07/27 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >

[2007/07/27 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2007/07/27 08:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=051A52001D625F316CE81A539BD25192 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/06 08:13:15 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/06 08:13:12 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 7/3/2011 6:07:45 PM - Run 1

OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Greg\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.58% Memory free

3.83 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 13.97 Gb Total Space | 2.14 Gb Free Space | 15.29% Space Free | Partition Type: NTFS

Drive D: | 46.57 Gb Total Space | 35.64 Gb Free Space | 76.54% Space Free | Partition Type: NTFS

Drive E: | 14.00 Gb Total Space | 13.15 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: GREG-MAIN | User Name: Greg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480 -- ()

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)

"D:\Program Files\AVG\AVG10\avgmfapx.exe" = D:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FC1D2D3-8F02-4eaf-A464-327CD010BA13}" = HP Photosmart D7500 Printer Driver Software 12.0 Rel .4

"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update

"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch

"{2DA7F8AC-4AAD-0211-0CEE-567A3212D662}" = MyFonts Order M2936399

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.03

"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{555BA71C-ED49-4F8C-BD33-1662220B5E79}" = PS_SF_04_D7500_Software_Min

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.06

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6

"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter

"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.01

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"{CDD007AB-2D05-4C7F-B4AD-6321389D6860}" = D7500

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = Panorama Maker

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel

"{E51E08E3-BBD2-40AD-8F9F-4BF9DEA54B44}" = Algebra 2 Solved!

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Blaze Media Pro" = Blaze Media Pro

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 12.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0

"HPExtendedCapabilities" = HP Customer Participation Program 12.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"ieSpell" = ieSpell

"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01

"PIXresizer_is1" = PIXresizer

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/20/2011 3:08:31 PM | Computer Name = GREG-MAIN | Source = Application Hang | ID = 1002

Description = Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 6/22/2011 2:55:02 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000

Description = Faulting application winword.exe, version 10.0.2627.0, faulting module

mso.dll, version 10.0.2625.0, fault address 0x0023818b.

Error - 6/22/2011 2:55:35 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000

Description = Faulting application winword.exe, version 10.0.2627.0, faulting module

mso.dll, version 10.0.2625.0, fault address 0x0023818b.

Error - 6/22/2011 2:56:05 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000

Description = Faulting application winword.exe, version 10.0.2627.0, faulting module

mso.dll, version 10.0.2625.0, fault address 0x0023818b.

Error - 6/22/2011 2:56:32 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000

Description = Faulting application winword.exe, version 10.0.2627.0, faulting module

mso.dll, version 10.0.2625.0, fault address 0x0023818b.

Error - 6/22/2011 2:58:28 PM | Computer Name = GREG-MAIN | Source = Microsoft Office 10 | ID = 1000

Description = Faulting application winword.exe, version 10.0.2627.0, faulting module

mso.dll, version 10.0.2625.0, fault address 0x0023818b.

Error - 7/2/2011 12:36:09 PM | Computer Name = GREG-MAIN | Source = WinDefendRtp | ID = 3003

Description = %%827 Real-Time Protection checkpoint has encountered an error and

failed to start. User: GREG-MAIN\Greg Checkpoint ID: 1 Error Code: 0x80070005 Error

description: Access is denied.

Error - 7/2/2011 12:36:09 PM | Computer Name = GREG-MAIN | Source = WinDefendRtp | ID = 3003

Description = %%827 Real-Time Protection checkpoint has encountered an error and

failed to start. User: GREG-MAIN\Greg Checkpoint ID: 1 Error Code: 0x8000ffff Error

description: Catastrophic failure

Error - 7/2/2011 7:07:25 PM | Computer Name = GREG-MAIN | Source = WinDefendRtp | ID = 3003

Description = %%827 Real-Time Protection checkpoint has encountered an error and

failed to start. User: GREG-MAIN\Greg Checkpoint ID: 1 Error Code: 0x80070005 Error

description: Access is denied.

Error - 7/2/2011 7:07:25 PM | Computer Name = GREG-MAIN | Source = WinDefendRtp | ID = 3003

Description = %%827 Real-Time Protection checkpoint has encountered an error and

failed to start. User: GREG-MAIN\Greg Checkpoint ID: 1 Error Code: 0x8000ffff Error

description: Catastrophic failure

[ System Events ]

Error - 7/2/2011 2:18:47 PM | Computer Name = GREG-MAIN | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/2/2011 2:22:07 PM | Computer Name = GREG-MAIN | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/2/2011 2:42:49 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7000

Description = The LogMeIn Kernel Information Provider service failed to start due

to the following error: %%3

Error - 7/2/2011 2:42:58 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7034

Description = The MD Simple Burner Service service terminated unexpectedly. It

has done this 1 time(s).

Error - 7/2/2011 6:47:23 PM | Computer Name = GREG-MAIN | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/2/2011 6:58:05 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7000

Description = The LogMeIn Kernel Information Provider service failed to start due

to the following error: %%3

Error - 7/2/2011 6:58:41 PM | Computer Name = GREG-MAIN | Source = System Error | ID = 1003

Description = Error code 000000d1, parameter1 00001218, parameter2 00000005, parameter3

00000000, parameter4 b9f10d26.

Error - 7/2/2011 7:01:11 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7034

Description = The MD Simple Burner Service service terminated unexpectedly. It

has done this 1 time(s).

Error - 7/2/2011 7:52:06 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7000

Description = The LogMeIn Kernel Information Provider service failed to start due

to the following error: %%3

Error - 7/2/2011 9:28:34 PM | Computer Name = GREG-MAIN | Source = Service Control Manager | ID = 7034

Description = The MD Simple Burner Service service terminated unexpectedly. It

has done this 1 time(s).

< End of report >

Thanks!

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP"=-
    "65533:TCP"=-
    "52344:TCP"=-

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:

  • OTL log
  • MBAM log

Link to post
Share on other sites

I ran both scans, the logs are posted below. NOTE: When the MBAM scan was completed I clicked OK, but could not find any tab or button to "Show Results." Because of that, I could not perform the final steps you gave me to check and remove files. I did get a log when MBAM finished the scan and I have posted that. Thanks.

OTL logfile created on: 7/4/2011 7:58:06 AM - Run 2

OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Greg\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.30% Memory free

3.83 Gb Paging File | 3.39 Gb Available in Paging File | 88.51% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 13.97 Gb Total Space | 2.21 Gb Free Space | 15.80% Space Free | Partition Type: NTFS

Drive D: | 46.57 Gb Total Space | 35.64 Gb Free Space | 76.54% Space Free | Partition Type: NTFS

Drive E: | 14.00 Gb Total Space | 13.15 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: GREG-MAIN | User Name: Greg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

PRC - [2010/02/23 17:19:34 | 000,016,384 | ---- | M] () -- D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2004/04/21 20:26:56 | 000,778,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

========== Modules (SafeList) ==========

MOD - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/02/23 17:19:34 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Greg\Local Settings\temp\IadHide4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2004/04/21 20:26:56 | 000,778,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)

========== Driver Services (SafeList) ==========

DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2007/07/03 06:33:26 | 000,029,696 | R--- | M] (Atheros Communications Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)

DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmaxventures.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.dogwoodguitars.com/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/14 18:27:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/05/06 08:13:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/05/06 08:13:18 | 000,000,000 | ---D | M]

[2010/09/08 09:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions

[2010/10/14 11:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\extensions

[2007/11/20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/07/04 07:43:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKCU..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

O4 - HKCU..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()

O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://esource.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - D:\Program Files\Qualcomm\Eudora Mail\EuShlExt.dll (Qualcomm Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/21 01:00:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2000/01/07 20:57:58 | 000,000,131 | ---- | M] () - E:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2001/07/04 10:10:26 | 000,000,254 | ---- | M] () - E:\Autoexec.Bat -- [ NTFS ]

O32 - AutoRun File - [2000/08/30 09:06:42 | 000,000,131 | ---- | M] () - E:\autoexec.nai -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 07:52:07 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Greg\Desktop\mbam-setup.exe

[2011/07/04 07:44:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/04 07:41:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/03 18:05:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

[2011/07/02 19:39:56 | 004,130,503 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe

[2011/07/02 18:41:38 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe

[2011/07/02 14:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes

[2011/07/02 14:14:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/02 14:14:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/02 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\HiJackThis

[2011/07/02 13:06:41 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/07/02 12:25:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/02 12:25:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/02 12:25:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/02 12:25:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/02 12:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/07/02 12:00:19 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/02 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools

[2011/06/22 12:34:38 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2011/06/04 13:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2011/07/04 07:55:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 07:52:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Greg\Desktop\mbam-setup.exe

[2011/07/04 07:48:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/04 07:47:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/04 07:45:34 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/04 07:45:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/04 07:43:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/07/04 07:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

[2011/07/02 19:40:07 | 004,130,503 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe

[2011/07/02 18:55:33 | 2138,222,592 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2011/07/02 18:41:51 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe

[2011/07/02 13:06:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/06/29 11:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011/06/24 09:33:55 | 001,036,375 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110702-112108.backup

[2011/06/20 15:07:55 | 000,000,000 | ---- | M] () -- C:\Card_2

[2011/06/17 03:02:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/16 11:16:17 | 000,016,691 | ---- | M] () -- C:\WINDOWS\Debug.ini

[2011/06/16 11:16:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\Temp.ini

[2011/06/16 11:16:05 | 000,000,904 | ---- | M] () -- C:\WINDOWS\umaxuapi.ini

[2011/06/15 15:51:44 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2011/06/06 12:16:34 | 001,035,883 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-093355.backup

========== Files Created - No Company Name ==========

[2011/07/04 07:55:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/02 13:06:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/07/02 13:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/07/02 12:25:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/02 12:25:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/02 12:25:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/02 12:25:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/02 12:25:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/02 12:17:16 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/06/20 15:07:55 | 000,000,000 | ---- | C] () -- C:\Card_2

[2010/02/23 17:19:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

[2009/12/21 20:42:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat

[2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services

[2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Greg\Application Data\InkjetPrinter

[2009/11/09 11:50:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2009/11/09 11:50:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Keyboard Layouts

[2009/08/14 18:18:57 | 000,149,152 | ---- | C] () -- C:\WINDOWS\hphins31.dat

[2009/08/14 18:18:56 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat

[2008/12/05 21:34:18 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll

[2008/10/03 19:07:10 | 003,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll

[2008/09/28 13:33:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll

[2008/08/28 07:20:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll

[2008/08/28 07:17:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll

[2008/08/28 07:17:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll

[2008/08/04 09:04:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\clk2PDF.INI

[2008/06/09 16:46:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/04/15 16:59:23 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2008/03/18 12:24:11 | 000,000,904 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini

[2008/03/18 12:23:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini

[2008/03/18 11:31:51 | 000,001,178 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2008/03/18 11:31:44 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2008/03/18 11:24:44 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI

[2008/03/18 11:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI

[2008/03/18 11:07:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2008/03/18 11:04:23 | 000,016,691 | ---- | C] () -- C:\WINDOWS\Debug.ini

[2008/03/18 11:01:44 | 000,000,181 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2008/03/18 11:01:32 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll

[2008/03/18 11:01:20 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys

[2008/02/11 12:17:48 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/10 17:45:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/02/10 12:22:44 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2008/02/10 12:22:44 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2008/02/10 12:22:41 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2008/02/10 12:22:41 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2008/01/22 12:54:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL

[2008/01/22 01:41:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/01/21 03:09:52 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/01/21 02:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/01/21 01:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/01/21 00:56:24 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/01/20 18:41:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/01/20 18:38:07 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/12/05 02:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/12/05 02:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/12/05 02:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2007/12/05 02:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/07/27 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2007/07/27 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2007/07/27 08:00:00 | 000,380,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2007/07/27 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2007/07/27 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2007/07/27 08:00:00 | 000,052,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2007/07/27 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2007/07/27 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2007/07/27 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2007/07/27 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2007/07/27 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2007/07/27 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2005/11/05 19:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe

[2005/05/17 16:37:10 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe

[2002/07/19 12:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe

[2002/01/01 01:57:52 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2002/01/01 01:51:45 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2002/01/01 01:51:45 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2002/01/01 01:51:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/07/02 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/18 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/10/18 19:52:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/02/02 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2011/07/02 12:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/11/09 11:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2010/11/19 20:58:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}

[2010/10/18 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10

[2008/06/04 05:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\IDS_COMPANY

[2009/12/30 11:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Juniper Networks

[2008/03/18 15:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasher

[2011/07/03 23:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasherPro

[2009/11/09 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Nikon

[2010/01/01 17:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Octoshape

[2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems

[2011/07/04 07:48:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7017

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/4/2011 8:03:05 AM

mbam-log-2011-07-04 (08-03-05).txt

Scan type: Quick scan

Objects scanned: 160244

Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

No, the last part in my instructions above regarding Malwarebytes in case it found infected items, which in your case it didn't that's why you didn't see "Show Results" ;)

Let me know if you are still getting redirected.

Link to post
Share on other sites

hi

You can get your hosts back from Here

Rootkit UnHooker (RkU)

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Link to post
Share on other sites

Hi,

Here is the Rootkit report. I did not get the parasite warning.

RkU Version: 3.8.389.593, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xA9500000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4542464 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xBF1AE000 C:\WINDOWS\System32\igxpdx32.DLL 2306048 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2154496 bytes

0x804D7000 RAW 2154496 bytes

0x804D7000 WMIxWDM 2154496 bytes

0xBF800000 Win32k 1859584 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xBF04D000 C:\WINDOWS\System32\igxpdv32.DLL 1445888 bytes (Intel Corporation, Component GHAL Driver)

0xB9C85000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1183744 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA8EBE000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0xA8F39000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB9A70000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA906C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA885D000 C:\WINDOWS\system32\drivers\xcpip.sys 364544 bytes

0xA7F43000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xA7A7C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB9ACE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xA7FEB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA74D6000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xA8FD1000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 167936 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xB9C49000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA9044000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xA901E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xA94DC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB9C25000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB9BEE000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA7B85000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))

0xA8FFC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E5000 ACPI_HAL 134400 bytes

0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xA8EA6000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB9BD7000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA8A1E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB9C11000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xB9C71000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA90C5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xA8A33000 C:\WINDOWS\system32\drivers\xpsec.sys 77824 bytes

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB9B26000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xB9BC7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA308000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA2E8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xBA1F8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBA318000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xA8B46000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xBA208000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA288000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))

0xBA2D8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xBA2C8000 C:\WINDOWS\system32\DRIVERS\l251x86.sys 53248 bytes (Atheros Communications Inc., Atheros Fast Ethernet Controller ndis miniport driver)

0xBA168000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xBA278000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xBA188000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA108000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xBA248000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xBA2F8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA178000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xA8BA6000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)

0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA1A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xA8AAE000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)

0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xBA268000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA2B8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xBA198000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xBA238000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xBA258000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA488000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)

0xBA440000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xBA450000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xBA3E0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xBA460000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xBA480000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)

0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xBA468000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xBA478000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xBA470000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))

0xBA3E8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xA883D000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)

0xBA3D0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xBA430000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xBA418000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xBA438000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA400000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA3F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xBA4B0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xB9A4F000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)

0xBA578000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.)

0xBA5A4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA8D5E000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA57C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xA932A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xB9A57000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xB9A53000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xBA588000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xBA574000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xBA5D0000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)

0xBA5EE000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes

0xBA5E8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA5AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xBA604000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xBA5E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5AC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA5EA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA5C2000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xBA5EC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA5D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA5DC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA6F4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA76C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA6F3000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)

0xBA7DC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

0x89F7FAFE Unknown page with executable code, 1282 bytes

0x89F8DAC4 Unknown page with executable code, 1340 bytes

0x89F8054E Unknown page with executable code, 2738 bytes

0x89F81502 Unknown page with executable code, 2814 bytes

0x89F8033B Unknown page with executable code, 3269 bytes

0x89F6BE9A Unknown page with executable code, 358 bytes

0x89F4B194 Unknown page with executable code, 3692 bytes

0x89F6C05F Unknown page with executable code, 4001 bytes

0x89F82DAE Unknown page with executable code, 594 bytes

Link to post
Share on other sites

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\windows\system32\drivers\xpsec.sys

c:\windows\system32\drivers\xpsec.sys

Driver::

xcpip

xpsec

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi,

I followed your directions and dragged the .txt file into the ComboFix icon. When ComboFix started it told me that a newer version was available. I clicked yes. ComboFix updated and then restarted itself. Here is the requested log:

ComboFix 11-07-03.04 - Greg 07/04/2011 9:41.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1381 [GMT -4:00]

Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Greg\Desktop\CFScript.txt

.

FILE ::

"c:\windows\system32\drivers\xpsec.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Greg\LOCALS~1\Temp\IadHide4.dll

c:\documents and settings\Greg\Local Settings\Temp\IadHide4.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

-------\Service_xpsec

.

.

((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))

.

.

2011-07-04 11:41 . 2011-07-04 11:41 -------- d-----w- C:\_OTL

2011-07-02 23:14 . 2011-06-20 12:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DE1D799A-192F-4641-8883-BD7C84FD430C}\mpengine.dll

2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes

2011-07-02 18:14 . 2011-07-02 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-02 18:14 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-02 18:14 . 2011-07-04 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-02 18:14 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-02 17:43 . 2011-07-02 17:43 388096 ----a-r- c:\documents and settings\Greg\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-02 17:43 . 2011-07-02 17:43 -------- d-----w- c:\program files\Trend Micro

2011-06-22 16:34 . 2011-06-22 16:34 -------- d-----w- C:\spoolerlogs

2011-06-16 20:32 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-22 16:48 . 2011-05-14 16:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14 . 2009-10-02 16:22 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-02 15:31 . 2008-01-21 04:57 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2007-07-27 12:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2007-07-27 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2007-07-27 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-02_17.22.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-02 17:43 . 2011-07-02 17:43 1094656 c:\windows\Installer\148c72.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="d:\program files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2010-02-23 16384]

"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-22 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

Logitech Desktop Messenger.lnk - d:\program files\Desktop Messenger\8876480\Program\LDMConf.exe [2010-2-23 196608]

Logitech SetPoint.lnk - d:\program files\SetPoint\SetPoint.exe [2008-11-3 805392]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "d:\program files\Qualcomm\Eudora Mail\EuShlExt.dll" [2005-11-14 86016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"d:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 8:58 AM 136176]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\x86\RaInfo.sys --> d:\program files\x86\RaInfo.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 8:58 AM 136176]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - xcpip

*Deregistered* - xpsec

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 12:57]

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 12:57]

.

2011-07-04 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.gmaxventures.com/

uInternet Settings,ProxyOverride = localhost

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.dogwoodguitars.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-04 09:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(704)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\LMIinit.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(2548)

c:\windows\system32\WININET.dll

c:\docume~1\Greg\LOCALS~1\Temp\IadHide4.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\RTHDCPL.EXE

c:\program files\Sony\MD Simple Burner\NetMDSB.exe

d:\program files\Blaze Media Pro\NMSAccess32.exe

c:\windows\system32\wscntfy.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-07-04 09:51:09 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-04 13:51

ComboFix2.txt 2011-07-02 23:54

ComboFix3.txt 2011-07-02 17:27

.

Pre-Run: 2,314,391,552 bytes free

Post-Run: 2,230,751,232 bytes free

.

- - End Of File - - E74F166700E50EAE36D8F1B71AD4D76E

Thank you.

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP"=-
    "65533:TCP"=-
    "52344:TCP"=-

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Let me know if you still being redirected after this step.

Link to post
Share on other sites

Here is the log. I am still getting redirected.

OTL logfile created on: 7/4/2011 10:41:28 AM - Run 3

OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Greg\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.39% Memory free

3.83 Gb Paging File | 3.39 Gb Available in Paging File | 88.45% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 13.97 Gb Total Space | 2.09 Gb Free Space | 14.97% Space Free | Partition Type: NTFS

Drive D: | 46.57 Gb Total Space | 35.64 Gb Free Space | 76.54% Space Free | Partition Type: NTFS

Drive E: | 14.00 Gb Total Space | 13.15 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: GREG-MAIN | User Name: Greg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

PRC - [2010/02/23 17:19:34 | 000,016,384 | ---- | M] () -- D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe

PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/02/23 17:19:34 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Greg\Local Settings\temp\IadHide4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2004/04/21 20:26:56 | 000,778,240 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)

========== Driver Services (SafeList) ==========

DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2007/07/03 06:33:26 | 000,029,696 | R--- | M] (Atheros Communications Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)

DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmaxventures.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.dogwoodguitars.com/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/14 18:27:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/05/06 08:13:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/05/06 08:13:18 | 000,000,000 | ---D | M]

[2010/09/08 09:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions

[2010/10/14 11:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\dgnco35z.default\extensions

[2007/11/20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/06/15 14:16:26 | 000,618,793 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost #[iPv6]

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 abcstats.com

O1 - Hosts: 127.0.0.1 a.abv.bg

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 ca.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 16379 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKCU..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

O4 - HKCU..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()

O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://esource.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - D:\Program Files\Qualcomm\Eudora Mail\EuShlExt.dll (Qualcomm Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/21 01:00:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2000/01/07 20:57:58 | 000,000,131 | ---- | M] () - E:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2001/07/04 10:10:26 | 000,000,254 | ---- | M] () - E:\Autoexec.Bat -- [ NTFS ]

O32 - AutoRun File - [2000/08/30 09:06:42 | 000,000,131 | ---- | M] () - E:\autoexec.nai -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 10:34:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/04 07:52:07 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Greg\Desktop\mbam-setup.exe

[2011/07/04 07:41:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/03 18:05:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

[2011/07/02 19:39:56 | 004,130,890 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe

[2011/07/02 14:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes

[2011/07/02 14:14:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/02 14:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/02 14:14:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/02 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/07/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\HiJackThis

[2011/07/02 13:06:41 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/07/02 12:25:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/02 12:25:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/02 12:25:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/02 12:25:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/02 12:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/07/02 12:00:19 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/02 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools

[2011/06/22 12:34:38 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2011/06/04 13:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2011/07/04 10:38:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/04 10:37:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/04 10:35:29 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/04 10:35:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/04 10:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/04 09:39:53 | 004,130,890 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\ComboFix.exe

[2011/07/04 09:07:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\RKUnhookerLE.EXE

[2011/07/04 07:55:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 07:52:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Greg\Desktop\mbam-setup.exe

[2011/07/03 18:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Desktop\OTL.scr

[2011/07/02 18:55:33 | 2138,222,592 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2011/07/02 13:06:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/06/29 11:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011/06/24 09:33:55 | 001,036,375 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110702-112108.backup

[2011/06/20 15:07:55 | 000,000,000 | ---- | M] () -- C:\Card_2

[2011/06/17 03:02:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/16 11:16:17 | 000,016,691 | ---- | M] () -- C:\WINDOWS\Debug.ini

[2011/06/16 11:16:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\Temp.ini

[2011/06/16 11:16:05 | 000,000,904 | ---- | M] () -- C:\WINDOWS\umaxuapi.ini

[2011/06/15 15:51:44 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2011/06/15 14:16:26 | 000,618,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/06/06 12:16:34 | 001,035,883 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-093355.backup

========== Files Created - No Company Name ==========

[2011/07/04 09:07:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\RKUnhookerLE.EXE

[2011/07/04 07:55:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/02 13:06:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/07/02 13:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/07/02 12:25:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/02 12:25:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/02 12:25:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/02 12:25:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/02 12:25:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/02 12:17:16 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/06/20 15:07:55 | 000,000,000 | ---- | C] () -- C:\Card_2

[2010/02/23 17:19:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

[2009/12/21 20:42:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat

[2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services

[2009/11/09 11:50:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Greg\Application Data\InkjetPrinter

[2009/11/09 11:50:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2009/11/09 11:50:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Keyboard Layouts

[2009/08/14 18:18:57 | 000,149,152 | ---- | C] () -- C:\WINDOWS\hphins31.dat

[2009/08/14 18:18:56 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat

[2008/12/05 21:34:18 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll

[2008/10/03 19:07:10 | 003,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll

[2008/09/28 13:33:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll

[2008/08/28 07:20:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll

[2008/08/28 07:17:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll

[2008/08/28 07:17:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll

[2008/08/04 09:04:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\clk2PDF.INI

[2008/06/09 16:46:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/04/15 16:59:23 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2008/03/18 12:24:11 | 000,000,904 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini

[2008/03/18 12:23:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini

[2008/03/18 11:31:51 | 000,001,178 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2008/03/18 11:31:44 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2008/03/18 11:24:44 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI

[2008/03/18 11:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI

[2008/03/18 11:07:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2008/03/18 11:04:23 | 000,016,691 | ---- | C] () -- C:\WINDOWS\Debug.ini

[2008/03/18 11:01:44 | 000,000,181 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2008/03/18 11:01:32 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll

[2008/03/18 11:01:20 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys

[2008/02/11 12:17:48 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/10 17:45:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/02/10 12:22:44 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2008/02/10 12:22:44 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2008/02/10 12:22:41 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2008/02/10 12:22:41 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2008/01/22 12:54:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL

[2008/01/22 01:41:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/01/21 03:09:52 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/01/21 02:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/01/21 01:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/01/21 00:56:24 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/01/20 18:41:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/01/20 18:38:07 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/12/05 02:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/12/05 02:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/12/05 02:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2007/12/05 02:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/07/27 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2007/07/27 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2007/07/27 08:00:00 | 000,380,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2007/07/27 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2007/07/27 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2007/07/27 08:00:00 | 000,052,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2007/07/27 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2007/07/27 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2007/07/27 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2007/07/27 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2007/07/27 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2007/07/27 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2005/11/05 19:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe

[2005/05/17 16:37:10 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe

[2002/07/19 12:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe

[2002/01/01 01:57:52 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2002/01/01 01:51:45 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2002/01/01 01:51:45 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2002/01/01 01:51:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/07/02 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/18 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/10/18 19:52:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/02/02 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2011/07/02 12:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/11/09 11:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2009/11/09 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2010/11/19 20:58:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}

[2010/10/18 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10

[2008/06/04 05:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\IDS_COMPANY

[2009/12/30 11:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Juniper Networks

[2008/03/18 15:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasher

[2011/07/04 08:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\MailWasherPro

[2009/11/09 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Nikon

[2010/01/01 17:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Octoshape

[2008/01/22 18:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems

[2011/07/04 10:38:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

hi

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.