Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

yet another search engine redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: yet another search engine redirection

Unread postby vict0r » May 4th, 2011, 7:35 am

Hi.

I don't believe we will need the cd after consulting other helpers.

Virustotal returning to the homepage is not normal, did you try a second time? Also please scan this file with Virustotal or Jotti: C:\WINDOWS\shortcut.exe

Please retry the McAfee removal:


McAfee Removal Tool

Delete your current copy of mcpr.exe if you can find it and download it again:

  • Download the removal tool: MCPR.exe ... © Copyright 2003-2008 McAfee, Inc. All Rights Reserved.
  • Click Save and save the file to the desktop.
  • Double-click MCPR(.EXE) on the desktop to run the removal tool.
  • Follow any prompts and instructions to remove McAfee from the computer.


Uninstall Yahoo! Search Protection.

It might be interfering with the fix.

  • Click on Start > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Wait for the list of programs in the Add/Remove control panel to appear, then uninstall:

    Yahoo! Search Protection


Reset Internet Explorer

  • Please download Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.
  • Note: Any add-ons will require to be reapplied after the above reset.


Combofix

This is the last attempt... ;)

This script is for this user and computer ONLY! ComboFix SHOULD NOT be used unless requested by a forum helper.


Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
http://malwareremoval.com/forum/viewtopic.php?p=577803#p577803

extra::

dds::
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

file::
C:\Documents and Settings\Dillon\Desktop\master.exe
C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
C:\Documents and Settings\Dillon\Desktop\MBRBackup.exe
C:\Documents and Settings\Dillon\Desktop\MBRCheck.exe
C:\Documents and Settings\Dillon\Desktop\vmr.com
C:\Documents and Settings\Dillon\Desktop\FixPolicies.exe
C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
C:\Documents and Settings\Dillon\Desktop\rkill.exe
C:\Documents and Settings\Dillon\Desktop\dds.scr
C:\Documents and Settings\Dillon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

dirlook::
C:\Documents and Settings\All Users\Application Data\acccore
C:\Documents and Settings\All Users\Application Data\mMcHmPf06300

registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

suspect::
C:\WINDOWS\shortcut.exe



Save the file as "CFScript.txt", and as Type: All Files (*.*) on your desktop.

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following line (including all quotes) into the run box & click OK (ComboFix must be located on the desktop named Combofix.exe):
C:\Documents and Settings\Dillon\desktop\Combofix.exe /nombr "C:\Documents and Settings\Dillon\Desktop\CFScript.txt"

If Combofix prompts you to upgrade, please allow it. Please do not use the computer at all while Combofix is running.

When finished, it shall produce a log for you at C:\ComboFix.txt.


To post:
  • Virustotal link(s)
  • Combofix log
  • Post Extras.txt on your desktop
  • How is the performance of the computer now, do you experience any symptoms of infection?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm
Advertisement
Register to Remove

Re: yet another search engine redirection

Unread postby Scop » May 5th, 2011, 3:22 am

I did attempt to submit the MBR_<date>.bin a second time to Virustotal, but only enountered another return to its home page. Today it seems to be working, though: http://www.virustotal.com/file-scan/reanalysis.html?id=9864ed674ee4c9a7e5797fd2375197184fe5ebc60dbdecee204e7f99989a8bfa-1304577616.

Here also is the results for the shortcut.exe: http://www.virustotal.com/file-scan/reanalysis.html?id=228453728c38277ec2beb458860bbc9ee6d31076d6e54b8de759c4baca75b5dd-1304578072.

Re-running the McAfee removal, uninstalling Y! Search Protection, and resetting IE all went well.

But then ComboFix wouldn't Run the given command. When I attempted it, it would have me believe, "Windows cannot find 'C:\Documents'. Make sure you typed the name correctly, and then try again. To search for a file, click Start and then click Search." When I check ComboFix.exe and CFScript.txt's properties with Right-click > Properties, their file paths match perfectly the command you provided me to Paste into Run, but I only receive the 'Cannot find' message. Should I reattempt the drag-and-drop method, or use a different approach?

As to symptoms, my searches are still functioning properly, as is hibernation. I don't know if it has anything to do with infection but earlier I was having a problem with my Media Player. I would open it and attempt to play a song, only to hear no sound from the program (testing my speakers worked fine, and I can get sound from Youtube, &c.) I could browse through the library and see the timecode and timeline advance, as well as visualizations behave as if they had something leading them, but no sound of the music would play. But after closing and reopening the Media Player a couple of times I find that it's working properly again.
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » May 5th, 2011, 3:35 am

Problems with the sound is a known issue with this infection.

Scop wrote:But then ComboFix wouldn't Run the given command. When I attempted it, it would have me believe, "Windows cannot find 'C:\Documents'. Make sure you typed the name correctly, and then try again.


Correct command to start Combofix is:
"C:\Documents and Settings\Dillon\desktop\Combofix.exe" /nombr "C:\Documents and Settings\Dillon\Desktop\CFScript.txt"
or
Combofix /nombr "C:\Documents and Settings\Dillon\Desktop\CFScript.txt"

Make sure MSE is disabled and try again.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » May 5th, 2011, 6:51 pm

It liked that command better. Initially when I tried it, ComboFix reported that the CFScript.txt was in use by another program and appeared to go through a regular scan. Rather than interrupt it I allowed it to finish and saved its report; I can post it upon request. So I recreated the CFScript.txt (the old one had disappeared from my Desktop, and looking now after a successful Run, I see that the recreated one has done the same) and tried again. The log follows:



ComboFix 11-05-05.01 - Dillon 05/05/2011 15:25:00.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.235 [GMT -7:00]
Running from: c:\documents and settings\Dillon\desktop\Combofix.exe
Command switches used :: /nombr c:\documents and settings\Dillon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 16:53 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E7C669-F4D4-49DD-BFC0-53E68FED4405}\mpengine.dll
2011-05-03 04:15 . 2011-05-03 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2011-05-02 03:28 . 2011-05-05 06:18 -------- d--h--r- c:\documents and settings\Dillon\Application Data\yahoo!
2011-04-28 16:59 . 2011-04-28 16:59 -------- d-----w- C:\vict0r
2011-04-28 16:55 . 2011-04-28 16:55 -------- d-----w- c:\program files\ERUNT
2011-04-28 16:07 . 2011-04-28 16:07 -------- d-----w- c:\documents and settings\Dillon\Application Data\Malwarebytes
2011-04-28 16:07 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 16:07 . 2011-04-28 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-28 16:07 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 16:06 . 2011-04-28 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 15:31 . 2011-04-26 15:31 -------- d-----w- c:\documents and settings\Dillon\Application Data\com.amazon.music.uploader
2011-04-26 15:27 . 2011-04-26 15:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-04-26 14:59 . 2011-04-26 14:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-04-24 16:01 . 2011-05-02 03:51 -------- d-----w- c:\program files\trend micro
2011-04-24 16:01 . 2011-04-24 16:02 -------- d-----w- C:\rsit
2011-04-21 23:32 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-06 01:48 . 2011-04-06 01:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-06 01:48 . 2011-04-06 01:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 23:20 . 2004-08-04 08:00 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-17 01:17 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 08:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2003-01-31 311296]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
"DeviceDiscovery"="c:\program files\HP\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 569405]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"="0"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S1 MpKsl18e74faf;MpKsl18e74faf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9DBF00-4EC0-4AD2-BB90-EE9BBF296FF5}\MpKsl18e74faf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9DBF00-4EC0-4AD2-BB90-EE9BBF296FF5}\MpKsl18e74faf.sys [?]
S1 MpKsl3012dce8;MpKsl3012dce8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9DBF00-4EC0-4AD2-BB90-EE9BBF296FF5}\MpKsl3012dce8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9DBF00-4EC0-4AD2-BB90-EE9BBF296FF5}\MpKsl3012dce8.sys [?]
S1 MpKsl47654546;MpKsl47654546;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D190D73-1BCB-4679-8637-0F4A7F3402EF}\MpKsl47654546.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D190D73-1BCB-4679-8637-0F4A7F3402EF}\MpKsl47654546.sys [?]
S1 MpKsl5cae0751;MpKsl5cae0751;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA28EEDE-0D14-4B93-AAEE-E5F4435B9BDD}\MpKsl5cae0751.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA28EEDE-0D14-4B93-AAEE-E5F4435B9BDD}\MpKsl5cae0751.sys [?]
S1 MpKsl5e870acb;MpKsl5e870acb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5363D11A-073A-477C-AF8C-5911FB120E4D}\MpKsl5e870acb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5363D11A-073A-477C-AF8C-5911FB120E4D}\MpKsl5e870acb.sys [?]
S1 MpKsl8256047d;MpKsl8256047d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{42B3415E-53FF-49B0-A788-E1651AE75A36}\MpKsl8256047d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{42B3415E-53FF-49B0-A788-E1651AE75A36}\MpKsl8256047d.sys [?]
S1 MpKslc9bfbf54;MpKslc9bfbf54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77910347-9C6B-442F-BF71-BEF570AB351B}\MpKslc9bfbf54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77910347-9C6B-442F-BF71-BEF570AB351B}\MpKslc9bfbf54.sys [?]
S1 MpKsldd31af8b;MpKsldd31af8b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C14E954D-98C7-44A9-82BC-41AA19C485DA}\MpKsldd31af8b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C14E954D-98C7-44A9-82BC-41AA19C485DA}\MpKsldd31af8b.sys [?]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [1/30/2003 7:55 PM 18864]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 1:00 AM 14336]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/7/2011 11:50 AM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/7/2011 11:51 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/7/2011 11:51 AM 121576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://www.comcast.net?cid=ie8_0904
uInternet Settings,ProxyOverride = <local>
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshoo ... aptest.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 15:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?4?5??????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,04,34,ff,6f,a4,26,49,b2,9d,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,04,34,ff,6f,a4,26,49,b2,9d,fb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1560)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-05 15:39:59
ComboFix-quarantined-files.txt 2011-05-05 22:39
ComboFix2.txt 2011-05-05 17:23
ComboFix3.txt 2011-05-02 03:43
.
Pre-Run: 6,593,646,592 bytes free
Post-Run: 6,583,291,904 bytes free
.
- - End Of File - - 80E805A5D72D9779C530BA35FCEB3C66
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » May 6th, 2011, 3:50 pm

Scop wrote:I can post it upon request
There's no need to post the report...


Backup the Registry again

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Start ERUNT backup by clicking Start >> Programs/All Programs >> ERUNT >> ERUNT.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Note: Do not follow the Subinacl/OTL (Script) instructions below if the registry backup was unsuccessful, post back instead.


SubInACL

Please download SubInACL ... © Microsoft Corporation.
First:
  1. Double click on subinacl.msi to begin the installation.
  2. Click Next>... select "I accept" and click Next>
  3. Click browse
  4. From the drop down menu select C:\
  5. Double click on WINDOWS and then system32
  6. Click OK... click Install now
  7. Click Finish
Second:
Create SubInACL batch file
We'll create a file for removing the registry keys.
It will be easier and less error prone, if we create a batch file to do this... please follow these steps:
  1. Copy all text in the quote box (below)...to Notepad.
    @echo off
    FOR %%R IN (
    "HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences"
    "HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}"
    "HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}"
    ) Do (
    "C:\Windows\System32\subinacl.exe" /subkeyreg %%R /setowner=%username% /grant=%username%=F
    )
    del %0
  2. Save the Notepad file on your desktop as subinacl.bat... save type as "All Files"
    It should look like this -> Image subinacl.bat
  3. Double click on subinacl.bat to execute it.
    A black DOS window will flash, then disappear...this is normal.
  4. The registry entries will have been fixed and the "subinacl.bat" file will be deleted.


Run OTL Script

This OTL script will reboot the computer. Save all work before continuing.

  • Double-click OTL.exe (on your desktop) to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (Reg Error: Key error.)
    
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:0
    "FirewallOverride"=dword:0
    
    :files
    C:\Documents and Settings\Dillon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    dir /s "C:\Documents and Settings\All Users\Application Data\acccore" /c
    dir /s "C:\Documents and Settings\All Users\Application Data\mMcHmPf06300" /c
    ipconfig /flushdns /c
    
    :commands
    [reboot]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


OTL - System Scan

  1. Double click on the OTL icon on your desktop to run it.
  2. When the window appears, underneath Output at the top, make sure Minimal Output is selected.
  3. Under Extra Registry section, select Use SafeList.
  4. Click the Scan All Users checkbox.
  5. Check/tick the boxes beside LOP Check and Purity Check.
  6. Click the Run Scan button. The scan won't take long. Please do not use the computer during the scan.
  7. When the scan completes, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  8. Please post the contents of these 2 Notepad files in your next reply.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » May 6th, 2011, 4:57 pm

All steps went smoothly. Log from running the OTL script:



========== OTL ==========
Starting removal of ActiveX control {74C861A1-D548-4916-BC8A-FDE92EDFF62C}
C:\WINDOWS\Downloaded Program Files\Setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntiVirusOverride"|dword:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:0 /E : value set successfully!
========== FILES ==========
C:\Documents and Settings\Dillon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
< dir /s "C:\Documents and Settings\All Users\Application Data\acccore" /c >
Volume in drive C has no label.
Volume Serial Number is 2A50-0CC9
Directory of C:\Documents and Settings\All Users\Application Data\acccore
07/13/2008 07:05 PM <DIR> .
07/13/2008 07:05 PM <DIR> ..
07/13/2008 07:12 PM <DIR> plugins
0 File(s) 0 bytes
Directory of C:\Documents and Settings\All Users\Application Data\acccore\plugins
07/13/2008 07:12 PM <DIR> .
07/13/2008 07:12 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
5 Dir(s) 6,861,881,344 bytes free
C:\Documents and Settings\Dillon\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dillon\Desktop\cmd.txt deleted successfully.
< dir /s "C:\Documents and Settings\All Users\Application Data\mMcHmPf06300" /c >
Volume in drive C has no label.
Volume Serial Number is 2A50-0CC9
Directory of C:\Documents and Settings\All Users\Application Data\mMcHmPf06300
02/27/2011 09:03 PM <DIR> .
02/27/2011 09:03 PM <DIR> ..
02/27/2011 08:50 PM 98 mMcHmPf06300
1 File(s) 98 bytes
Total Files Listed:
1 File(s) 98 bytes
2 Dir(s) 6,861,881,344 bytes free
C:\Documents and Settings\Dillon\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dillon\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Dillon\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dillon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05062011_133915




OTL.txt report:



OTL logfile created on: 5/6/2011 1:48:53 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dillon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 218.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.05 Gb Total Space | 6.48 Gb Free Space | 17.49% Space Free | Partition Type: NTFS

Computer Name: DILLONA | User Name: Dillon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dillon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
PRC - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dillon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll (SupportSoft, Inc.)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (nosGetPlusHelper) getPlus(R) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (IFP800) -- C:\WINDOWS\system32\drivers\ifp800.sys (iRiver, Inc.)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (2WIREPCP) -- C:\WINDOWS\system32\drivers\2WirePCP.sys (2Wire, Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=ie8_0904
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2011/05/01 20:26:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendowifi.com/troubleshoo ... aptest.cab (USBAPTester Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab (VerifyGMN Class)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7434653125 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 13:39:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 13:32:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/02 22:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Desktop\FixPolicies
[2011/05/02 21:16:49 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Dillon\Desktop\WinsockxpFix.exe
[2011/05/02 21:16:41 | 000,186,368 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\Dillon\Desktop\LSPFix.exe
[2011/05/02 21:16:32 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Documents and Settings\Dillon\Desktop\SafeMSI.exe
[2011/05/02 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/05/01 20:28:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dillon\Application Data\yahoo!
[2011/05/01 20:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/01 20:06:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 20:06:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 20:06:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 20:06:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 20:05:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 09:59:11 | 000,000,000 | ---D | C] -- C:\vict0r
[2011/04/28 09:58:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/28 09:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/28 09:50:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\Malwarebytes
[2011/04/28 09:07:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/28 09:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 09:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/28 09:07:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/28 09:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/28 09:05:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 18:06:45 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Desktop\tdsskiller
[2011/04/26 12:14:15 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 08:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2011/04/26 08:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\My Documents\Amazon MP3 Uploader
[2011/04/26 08:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/24 16:24:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/24 16:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/24 09:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/04/24 09:01:36 | 000,000,000 | ---D | C] -- C:\rsit
[2007/04/11 17:09:46 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 13:50:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job
[2011/05/06 13:43:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/06 13:42:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/06 13:42:37 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 13:34:32 | 000,379,392 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\subinacl.msi
[2011/05/05 15:20:29 | 004,342,555 | R--- | M] () -- C:\Documents and Settings\Dillon\Desktop\Combofix.exe
[2011/05/04 23:19:04 | 000,659,968 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MicrosoftFixit50195.msi
[2011/05/04 23:00:42 | 001,373,616 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MCPR.exe
[2011/05/03 22:00:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBR_2011-05-03.bin
[2011/05/03 22:00:00 | 001,452,824 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBRBackup.exe
[2011/05/03 09:35:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBRCheck.exe
[2011/05/03 09:23:24 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\vmr.com
[2011/05/02 22:04:05 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\FixPolicies.exe
[2011/05/02 21:16:50 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Dillon\Desktop\WinsockxpFix.exe
[2011/05/02 21:16:42 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\Dillon\Desktop\LSPFix.exe
[2011/05/02 21:16:37 | 000,036,864 | ---- | M] (Rock Systems & Development) -- C:\Documents and Settings\Dillon\Desktop\SafeMSI.exe
[2011/05/01 21:13:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/05/01 20:26:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/01 13:49:25 | 000,244,224 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\CF_UNINST.EXE
[2011/04/29 12:04:24 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/29 12:04:24 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 10:14:45 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:50:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 09:05:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 18:06:46 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:05:19 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 17:38:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/26 12:14:23 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 12:14:01 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/24 16:24:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/24 08:45:10 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:29 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/15 10:27:46 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 14:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 22:04:59 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 13:34:31 | 000,379,392 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\subinacl.msi
[2011/05/04 23:19:04 | 000,659,968 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MicrosoftFixit50195.msi
[2011/05/04 23:00:42 | 001,373,616 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MCPR.exe
[2011/05/03 22:00:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBR_2011-05-03.bin
[2011/05/03 21:59:57 | 001,452,824 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBRBackup.exe
[2011/05/03 09:35:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBRCheck.exe
[2011/05/03 08:49:26 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\vmr.com
[2011/05/02 22:04:06 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\FixPolicies.exe
[2011/05/01 20:06:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 20:06:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 20:06:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 20:06:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 20:06:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/01 19:55:33 | 004,342,555 | R--- | C] () -- C:\Documents and Settings\Dillon\Desktop\Combofix.exe
[2011/05/01 13:49:22 | 000,244,224 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\CF_UNINST.EXE
[2011/04/28 10:14:45 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:55:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:07:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 16:05:12 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 22:51:11 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/26 12:24:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/04/26 12:14:00 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/26 08:30:12 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/04/24 16:24:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/24 16:24:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/24 08:45:08 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:24 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/13 22:04:59 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/01/08 10:05:14 | 000,181,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2007/09/30 08:28:49 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/21 21:46:11 | 000,007,313 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2007/04/21 21:45:35 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/02/16 14:23:13 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/16 14:22:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/02/16 14:22:44 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/06/14 20:03:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/13 21:21:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/04/29 08:38:16 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/26 09:33:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/26 09:26:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/20 18:38:32 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Dillon\Application Data\usb.dat.bin
[2006/02/07 19:44:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/02/01 22:14:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/01/31 10:29:58 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\fusioncache.dat
[2006/01/31 10:19:55 | 000,050,523 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2006/01/31 10:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpdmdl01.dat
[2006/01/30 00:16:05 | 000,000,203 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/01/29 10:35:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/28 18:32:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\FASTWiz.html
[2005/11/11 16:46:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\usbaptest.dll
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/04/11 04:43:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/11 04:41:01 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/29 20:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 06:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:30 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:10:30 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:02:54 | 000,319,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 05:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/05 22:03:18 | 000,004,978 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/03/05 18:28:38 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/30 19:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 19:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/07/13 19:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/12/14 07:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/05/02 21:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/02/27 21:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mMcHmPf06300
[2005/04/11 05:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/01/28 11:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/16 14:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/06/01 09:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/27 20:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/21 11:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/10 17:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Alien Skin
[2009/11/10 11:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Amazon
[2011/04/26 08:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2006/01/30 01:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\InterVideo
[2006/01/29 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Leadertech
[2006/01/30 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Musicmatch
[2011/01/07 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Samsung
[2009/10/19 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/05/06 13:50:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job

========== Purity Check ==========



< End of report >




Extras.txt report:



OTL Extras logfile created on: 5/6/2011 1:48:53 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dillon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 218.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.05 Gb Total Space | 6.48 Gb Free Space | 17.49% Space Free | Partition Type: NTFS

Computer Name: DILLONA | User Name: Dillon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{29BB5153-133B-4C82-AF51-BF303F2BFD63}" = King's Quest Collection(TM)
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}" = FEAR SP Demo
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5986F167-4C6C-4D03-9706-E1189B2A1462}" = iriver Music Manager
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{618F637A-5D4D-48F4-9679-D02F45BD4315}" = LS_HSI
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7D71FCA2-DB4A-497D-AF6F-B0D88DA92F88}" = FEAR SP Demo
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8FD62EBB-3175-4907-A326-989B14E5C757}" = hp deskjet 3500
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 H1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AGSAdventureDev312SP1_is1" = Adventure Game Studio 3.1.2 SP1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon MP3 Uploader
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Conexant PCI Audio" = Conexant AC-Link Audio
"ERUNT_is1" = ERUNT 1.1j
"HP Photo & Imaging" = HP Image Zone 4.8.5
"hp photosmart 1115 series_Driver" = hp photosmart 1115 series
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MLUpdater" = iRiver Updater
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/28/2011 11:30:54 AM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 0.0.0.0, faulting module
explorer.exe, version 0.0.0.0, fault address 0x0008cb40.

Error - 4/28/2011 11:30:54 AM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.

Error - 4/28/2011 11:31:00 AM | Computer Name = DILLONA | Source = Application Error | ID = 1001
Description = Fault bucket -1955886685.

Error - 4/28/2011 11:31:06 AM | Computer Name = DILLONA | Source = Application Error | ID = 1001
Description = Fault bucket -1956649226.

Error - 4/28/2011 12:22:29 PM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.5512, fault address 0x00001ddc.

Error - 4/28/2011 12:22:41 PM | Computer Name = DILLONA | Source = Application Error | ID = 1001
Description = Fault bucket -2060265999.

Error - 4/28/2011 12:36:36 PM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.5512, fault address 0x00001ddc.

Error - 4/28/2011 12:49:44 PM | Computer Name = DILLONA | Source = Application Error | ID = 1001
Description = Fault bucket -2060265999.

Error - 5/2/2011 12:33:00 AM | Computer Name = DILLONA | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/2/2011 12:33:18 AM | Computer Name = DILLONA | Source = Application Hang | ID = 1001
Description = Fault bucket 736166847.

[ System Events ]
Error - 5/1/2011 11:05:58 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/1/2011 11:05:58 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 5/1/2011 11:05:58 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/1/2011 11:05:58 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly. It has done this 1
time(s).

Error - 5/1/2011 11:05:58 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/1/2011 11:05:59 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 5/2/2011 1:21:25 PM | Computer Name = DILLONA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001636149457 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/5/2011 1:10:43 AM | Computer Name = DILLONA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/5/2011 1:10:43 AM | Computer Name = DILLONA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/5/2011 2:05:22 AM | Computer Name = DILLONA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 00150042D234 has been denied by the DHCP server 192.168.33.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » May 6th, 2011, 10:51 pm

Scop wrote:All steps went smoothly.
We need to run yet another OTL script. :(


Backup the Registry again

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Start ERUNT backup by clicking Start >> Programs/All Programs >> ERUNT >> ERUNT.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Note: Do not follow the OTL (Script) instructions below if the registry backup was unsuccessful, post back instead.


Run OTL Script

This OTL script will reboot the computer. Save all work before continuing.

  • Double-click OTL.exe (on your desktop) to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    
    :reg
    [HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run]
    "Cpqset"=-
    
    :commands
    [reboot]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Security Check

Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.


Re-scan with Malwarebytes' Anti-Malware:

  • Please start Malwarebytes' Anti Malware (MBAM) (already installed).
  • Click the Update tab and then click the Check for Updates button to perform the update.
  • When the update is finished, click the Scanner tab, select Perform Quick Scan and then click the Scan button.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


OTL

  1. Double-click on OTL.exe to run it.
  2. Click the Quick Scan button. (Do not change any settings.)
  3. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
  4. Please post the contents of OTL.txt in your next reply.


Please upload these file to Virustotal / Jotti, choose reanalyse if it has been analysed before:
C:\Documents and Settings\All Users\Application Data\mMcHmPf06300\mMcHmPf06300
C:\Program Files\HPQ\Default Settings\Cpqset.exe



To post:
  • Two OTL logs (script and scan)
  • Securitycheck log
  • MBAM log
  • Virusscan links
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » May 7th, 2011, 2:28 am

vict0r wrote:We need to run yet another OTL script. :(


At least OTL has been functioning more reliably than ComboFix was for a while. Everything seems to have gone well with this step. Starting with the OTL script:



========== PROCESSES ==========
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== REGISTRY ==========
Registry value HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run\\Cpqset deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05062011_224609

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




And the OTL scan:



OTL logfile created on: 5/6/2011 11:13:41 PM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dillon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.05 Gb Total Space | 6.44 Gb Free Space | 17.39% Space Free | Partition Type: NTFS

Computer Name: DILLONA | User Name: Dillon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dillon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
PRC - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dillon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll (SupportSoft, Inc.)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (nosGetPlusHelper) getPlus(R) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (IFP800) -- C:\WINDOWS\system32\drivers\ifp800.sys (iRiver, Inc.)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (2WIREPCP) -- C:\WINDOWS\system32\drivers\2WirePCP.sys (2Wire, Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=ie8_0904
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2011/05/01 20:26:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendowifi.com/troubleshoo ... aptest.cab (USBAPTester Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab (VerifyGMN Class)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7434653125 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 14:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dwarf Fortress
[2011/05/06 14:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\My Documents\New Folder
[2011/05/06 13:39:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 13:32:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/02 22:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Desktop\FixPolicies
[2011/05/02 21:16:49 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Dillon\Desktop\WinsockxpFix.exe
[2011/05/02 21:16:41 | 000,186,368 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\Dillon\Desktop\LSPFix.exe
[2011/05/02 21:16:32 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Documents and Settings\Dillon\Desktop\SafeMSI.exe
[2011/05/02 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/05/01 20:28:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dillon\Application Data\yahoo!
[2011/05/01 20:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/01 20:06:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 20:06:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 20:06:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 20:06:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 20:05:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 09:59:11 | 000,000,000 | ---D | C] -- C:\vict0r
[2011/04/28 09:58:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/28 09:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/28 09:50:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\Malwarebytes
[2011/04/28 09:07:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/28 09:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 09:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/28 09:07:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/28 09:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/28 09:05:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 18:06:45 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Desktop\tdsskiller
[2011/04/26 12:14:15 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 08:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2011/04/26 08:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\My Documents\Amazon MP3 Uploader
[2011/04/26 08:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/24 16:24:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/24 16:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/24 09:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/04/24 09:01:36 | 000,000,000 | ---D | C] -- C:\rsit
[2007/04/11 17:09:46 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 23:07:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job
[2011/05/06 22:55:27 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\SecurityCheck.exe
[2011/05/06 22:50:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/06 22:49:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/06 22:49:18 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 13:34:32 | 000,379,392 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\subinacl.msi
[2011/05/05 15:20:29 | 004,342,555 | R--- | M] () -- C:\Documents and Settings\Dillon\Desktop\Combofix.exe
[2011/05/04 23:19:04 | 000,659,968 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MicrosoftFixit50195.msi
[2011/05/04 23:00:42 | 001,373,616 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MCPR.exe
[2011/05/03 22:00:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBR_2011-05-03.bin
[2011/05/03 22:00:00 | 001,452,824 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBRBackup.exe
[2011/05/03 09:35:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBRCheck.exe
[2011/05/03 09:23:24 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\vmr.com
[2011/05/02 22:04:05 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\FixPolicies.exe
[2011/05/02 21:16:50 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Dillon\Desktop\WinsockxpFix.exe
[2011/05/02 21:16:42 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\Dillon\Desktop\LSPFix.exe
[2011/05/02 21:16:37 | 000,036,864 | ---- | M] (Rock Systems & Development) -- C:\Documents and Settings\Dillon\Desktop\SafeMSI.exe
[2011/05/01 21:13:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/05/01 20:26:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/01 13:49:25 | 000,244,224 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\CF_UNINST.EXE
[2011/04/29 12:04:24 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/29 12:04:24 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 10:14:45 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:50:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 09:05:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 18:06:46 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:05:19 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 17:38:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/26 12:14:23 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 12:14:01 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/24 16:24:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/24 08:45:10 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:29 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/15 10:27:46 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 14:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 22:04:59 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 22:55:25 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\SecurityCheck.exe
[2011/05/06 13:34:31 | 000,379,392 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\subinacl.msi
[2011/05/04 23:19:04 | 000,659,968 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MicrosoftFixit50195.msi
[2011/05/04 23:00:42 | 001,373,616 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MCPR.exe
[2011/05/03 22:00:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBR_2011-05-03.bin
[2011/05/03 21:59:57 | 001,452,824 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBRBackup.exe
[2011/05/03 09:35:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBRCheck.exe
[2011/05/03 08:49:26 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\vmr.com
[2011/05/02 22:04:06 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\FixPolicies.exe
[2011/05/01 20:06:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 20:06:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 20:06:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 20:06:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 20:06:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/01 19:55:33 | 004,342,555 | R--- | C] () -- C:\Documents and Settings\Dillon\Desktop\Combofix.exe
[2011/05/01 13:49:22 | 000,244,224 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\CF_UNINST.EXE
[2011/04/28 10:14:45 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:55:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:07:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 16:05:12 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 22:51:11 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/26 12:24:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/04/26 12:14:00 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/26 08:30:12 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/04/24 16:24:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/24 16:24:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/24 08:45:08 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:24 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/13 22:04:59 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/01/08 10:05:14 | 000,181,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2007/09/30 08:28:49 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/21 21:46:11 | 000,007,313 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2007/04/21 21:45:35 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/02/16 14:23:13 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/16 14:22:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/02/16 14:22:44 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/06/14 20:03:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/13 21:21:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/04/29 08:38:16 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/26 09:33:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/26 09:26:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/20 18:38:32 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Dillon\Application Data\usb.dat.bin
[2006/02/07 19:44:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/02/01 22:14:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/01/31 10:29:58 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\fusioncache.dat
[2006/01/31 10:19:55 | 000,050,523 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2006/01/31 10:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpdmdl01.dat
[2006/01/30 00:16:05 | 000,000,203 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/01/29 10:35:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/28 18:32:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\FASTWiz.html
[2005/11/11 16:46:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\usbaptest.dll
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/04/11 04:43:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/11 04:41:01 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/29 20:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 06:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:30 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:10:30 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:02:54 | 000,319,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 05:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/05 22:03:18 | 000,004,978 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/03/05 18:28:38 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/30 19:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 19:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/07/13 19:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/12/14 07:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/05/02 21:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/02/27 21:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mMcHmPf06300
[2005/04/11 05:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/01/28 11:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/16 14:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/06/01 09:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/27 20:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/21 11:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/10 17:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Alien Skin
[2009/11/10 11:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Amazon
[2011/04/26 08:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2006/01/30 01:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\InterVideo
[2006/01/29 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Leadertech
[2006/01/30 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Musicmatch
[2011/01/07 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Samsung
[2011/05/06 23:07:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job

========== Purity Check ==========



< End of report >


Last two reports and Virustotal links in the next post.
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby Scop » May 7th, 2011, 2:32 am

checkup.txt's report:



Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````




MBAM's report:



Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 6524

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/6/2011 11:09:47 PM
mbam-log-2011-05-06 (23-09-47).txt

Scan type: Quick scan
Objects scanned: 155597
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




And the Virustotal links.

mMcHmPf06300: http://www.virustotal.com/file-scan/report.html?id=cdf114e77674b5e7b927e7c52091c696bb02728cfa69735e0421ffeec8b026f9-1304749228
Cpqset.exe: http://www.virustotal.com/file-scan/report.html?id=b6796816e68880983627c313fc87448ca74a2b848fe8b56bd7f18305e16a5a54-1304748887
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » May 7th, 2011, 11:21 pm

I'm sorry for the delay. The logs are looking better and better, unfortunately we must repeat the process 1-2 times more.


Backup the Registry again

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Start ERUNT backup by clicking Start >> Programs/All Programs >> ERUNT >> ERUNT.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Note: Do not follow the OTL (Script) instructions below if the registry backup was unsuccessful, post back instead.


Run OTL Script

This OTL script will reboot the computer. Save all work before continuing.

  • Double-click OTL.exe (on your desktop) to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Services
    nosGetPlusHelper
    AppMgmt
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


OTL - System Scan

  1. Double click on the OTL icon on your desktop to run it.
  2. When the window appears, underneath Output at the top, make sure Minimal Output is selected.
  3. Under Services section, select All.
  4. Click the Scan All Users checkbox.
  5. Check/tick the boxes beside LOP Check and Purity Check.
  6. Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    %System%\ipsec.dll /s /md5
    %System%\appmgmt.dll /s /md5
    %System%\browsvr.dll /s /md5
    %System%\trkw.dll /s /md5
    %System%\trks.dll /s /md5
    %System%\kdc.dll /s /md5
    %System%\dmsrv.dll /s /md5
    %System%\mesg.dll /s /md5
    %System%\netlogin.dll /s /md5
    %System%\protstrg.dll /s /md5
    %System%\lmhosts.dll /s /md5
    %System%\w32t.dll /s /md5
    %System%\ntms.dll /s /md5
    %System%\Drivers\usb2.sys /s /md5
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntmssvc\Parameters|ntms.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters|w32t.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts\Parameters|lmhosts.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters|netlogin.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver\Parameters|dmsrv.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Parameters|kdc.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkSvr\Parameters|trks.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Parameters|trkw.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters|browsvr.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters|appmgmt.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters|ipsec.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters|mesg.dll /RS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\Parameters|protstrg.dll /RS
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\usb2|usb2.sys /RS
    type "C:\Documents and Settings\All Users\Application Data\mMcHmPf06300\mMcHmPf06300" /c
    
    
  7. Click the Run Scan button. The scan won't take long. Please do not use the computer during the scan.
  8. When the scan completes, OTL.txt will open.
  9. Please post the contents of this file in your next reply.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » May 9th, 2011, 3:47 pm

My turn to apologize! Was away from home yesterday, but I have the two OTL reports:



========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service nosGetPlusHelper stopped successfully!
Service nosGetPlusHelper deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_121408

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




OTL logfile created on: 5/9/2011 12:24:20 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dillon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.05 Gb Total Space | 6.34 Gb Free Space | 17.11% Space Free | Partition Type: NTFS

Computer Name: DILLONA | User Name: Dillon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dillon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
PRC - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dillon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll (SupportSoft, Inc.)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (All) ==========

SRV - (HidServ) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (lanmanserver) -- C:\WINDOWS\system32\srvsvc.dll (Microsoft Corporation)
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (lanmanworkstation) -- C:\WINDOWS\system32\wkssvc.dll (Microsoft Corporation)
SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Microsoft Corporation)
SRV - (RpcSs) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)
SRV - (DcomLaunch) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)
SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation)
SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (EventSystem) -- C:\WINDOWS\system32\es.dll (Microsoft Corporation)
SRV - (Nla) Network Location Awareness (NLA) -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation)
SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Microsoft Corporation)
SRV - (UPS) -- C:\WINDOWS\system32\ups.exe (Microsoft Corporation)
SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation)
SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation)
SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (MSIServer) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation)
SRV - (mnmsrvc) -- C:\WINDOWS\system32\mnmsrvc.exe (Microsoft Corporation)
SRV - (RpcLocator) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\locator.exe (Microsoft Corporation)
SRV - (SamSs) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (ProtectedStorage) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (PolicyAgent) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (NtLmSsp) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (Netlogon) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Microsoft Corporation)
SRV - (dmadmin) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SRV - (SwPrv) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (COMSysApp) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation)
SRV - (CiSvc) -- C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation)
SRV - (ALG) -- C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Microsoft Corporation)
SRV - (xmlprov) -- C:\WINDOWS\system32\xmlprov.dll (Microsoft Corporation)
SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)
SRV - (wscsvc) -- C:\WINDOWS\system32\wscsvc.dll (Microsoft Corporation)
SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Microsoft Corporation)
SRV - (stisvc) Windows Image Acquisition (WIA) -- C:\WINDOWS\system32\wiaservc.dll (Microsoft Corporation)
SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Microsoft Corporation)
SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Microsoft Corporation)
SRV - (WebClient) -- C:\WINDOWS\system32\webclnt.dll (Microsoft Corporation)
SRV - (HTTPFilter) -- C:\WINDOWS\system32\w3ssl.dll (Microsoft Corporation)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation)
SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Microsoft Corporation)
SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation)
SRV - (TrkWks) -- C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)
SRV - (SSDPSRV) -- C:\WINDOWS\system32\ssdpsrv.dll (Microsoft Corporation)
SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)
SRV - (SENS) -- C:\WINDOWS\system32\sens.dll (Microsoft Corporation)
SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Microsoft Corporation)
SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation)
SRV - (napagent) -- C:\WINDOWS\system32\qagentrt.dll (Microsoft Corporation)
SRV - (RasMan) -- C:\WINDOWS\system32\rasmans.dll (Microsoft Corporation)
SRV - (RasAuto) -- C:\WINDOWS\system32\rasauto.dll (Microsoft Corporation)
SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (hkmsvc) -- C:\WINDOWS\system32\kmsvc.dll (Microsoft Corporation)
SRV - (LmHosts) -- C:\WINDOWS\system32\lmhsvc.dll (Microsoft Corporation)
SRV - (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) -- C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation)
SRV - (ERSvc) -- C:\WINDOWS\system32\ersvc.dll (Microsoft Corporation)
SRV - (Dot3svc) -- C:\WINDOWS\system32\dot3svc.dll (Microsoft Corporation)
SRV - (EapHost) -- C:\WINDOWS\system32\eapsvc.dll (Microsoft Corporation)
SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Microsoft Corp.)
SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Microsoft Corporation)
SRV - (CryptSvc) -- C:\WINDOWS\system32\cryptsvc.dll (Microsoft Corporation)
SRV - (Browser) -- C:\WINDOWS\system32\browser.dll (Microsoft Corporation)
SRV - (AudioSrv) -- C:\WINDOWS\system32\audiosrv.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)
SRV - (WmdmPmSN) -- C:\WINDOWS\system32\mspmsnsv.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (WudfSvc) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (hpqwmi) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (RSVP) -- C:\WINDOWS\system32\rsvp.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (IFP800) -- C:\WINDOWS\system32\drivers\ifp800.sys (iRiver, Inc.)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (2WIREPCP) -- C:\WINDOWS\system32\drivers\2WirePCP.sys (2Wire, Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=ie8_0904
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2011/05/01 20:26:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendowifi.com/troubleshoo ... aptest.cab (USBAPTester Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab (VerifyGMN Class)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7434653125 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 14:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dwarf Fortress
[2011/05/06 14:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\My Documents\New Folder
[2011/05/06 13:39:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 13:32:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/02 22:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Desktop\FixPolicies
[2011/05/02 21:16:49 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Dillon\Desktop\WinsockxpFix.exe
[2011/05/02 21:16:41 | 000,186,368 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\Dillon\Desktop\LSPFix.exe
[2011/05/02 21:16:32 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Documents and Settings\Dillon\Desktop\SafeMSI.exe
[2011/05/02 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/05/01 20:28:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dillon\Application Data\yahoo!
[2011/05/01 20:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/01 20:06:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 20:06:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 20:06:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 20:06:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 20:05:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 09:59:11 | 000,000,000 | ---D | C] -- C:\vict0r
[2011/04/28 09:58:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/28 09:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/28 09:50:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\Malwarebytes
[2011/04/28 09:07:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/28 09:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 09:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/28 09:07:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/28 09:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/28 09:05:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 18:06:45 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Desktop\tdsskiller
[2011/04/26 12:14:15 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 08:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2011/04/26 08:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\My Documents\Amazon MP3 Uploader
[2011/04/26 08:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/24 16:24:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/24 16:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/24 09:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/04/24 09:01:36 | 000,000,000 | ---D | C] -- C:\rsit
[2007/04/11 17:09:46 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 12:22:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job
[2011/05/09 12:17:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/09 12:16:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 12:16:54 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 22:55:27 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\SecurityCheck.exe
[2011/05/06 13:34:32 | 000,379,392 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\subinacl.msi
[2011/05/05 15:20:29 | 004,342,555 | R--- | M] () -- C:\Documents and Settings\Dillon\Desktop\Combofix.exe
[2011/05/04 23:19:04 | 000,659,968 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MicrosoftFixit50195.msi
[2011/05/04 23:00:42 | 001,373,616 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MCPR.exe
[2011/05/03 22:00:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBR_2011-05-03.bin
[2011/05/03 22:00:00 | 001,452,824 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBRBackup.exe
[2011/05/03 09:35:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBRCheck.exe
[2011/05/03 09:23:24 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\vmr.com
[2011/05/02 22:04:05 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\FixPolicies.exe
[2011/05/02 21:16:50 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Dillon\Desktop\WinsockxpFix.exe
[2011/05/02 21:16:42 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\Dillon\Desktop\LSPFix.exe
[2011/05/02 21:16:37 | 000,036,864 | ---- | M] (Rock Systems & Development) -- C:\Documents and Settings\Dillon\Desktop\SafeMSI.exe
[2011/05/01 21:13:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/05/01 20:26:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/01 13:49:25 | 000,244,224 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\CF_UNINST.EXE
[2011/04/29 12:04:24 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/29 12:04:24 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 10:14:45 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:50:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 09:05:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 18:06:46 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:05:19 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 17:38:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/26 12:14:23 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 12:14:01 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/24 16:24:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/24 08:45:10 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:29 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/15 10:27:46 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 14:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 22:04:59 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 22:55:25 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\SecurityCheck.exe
[2011/05/06 13:34:31 | 000,379,392 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\subinacl.msi
[2011/05/04 23:19:04 | 000,659,968 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MicrosoftFixit50195.msi
[2011/05/04 23:00:42 | 001,373,616 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MCPR.exe
[2011/05/03 22:00:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBR_2011-05-03.bin
[2011/05/03 21:59:57 | 001,452,824 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBRBackup.exe
[2011/05/03 09:35:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBRCheck.exe
[2011/05/03 08:49:26 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\vmr.com
[2011/05/02 22:04:06 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\FixPolicies.exe
[2011/05/01 20:06:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 20:06:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 20:06:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 20:06:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 20:06:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/01 19:55:33 | 004,342,555 | R--- | C] () -- C:\Documents and Settings\Dillon\Desktop\Combofix.exe
[2011/05/01 13:49:22 | 000,244,224 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\CF_UNINST.EXE
[2011/04/28 10:14:45 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:55:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:07:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 16:05:12 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 22:51:11 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/26 12:24:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/04/26 12:14:00 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/26 08:30:12 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/04/24 16:24:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/24 16:24:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/24 08:45:08 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:24 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/13 22:04:59 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/01/08 10:05:14 | 000,181,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2007/09/30 08:28:49 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/21 21:46:11 | 000,007,313 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2007/04/21 21:45:35 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/02/16 14:23:13 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/16 14:22:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/02/16 14:22:44 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/06/14 20:03:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/13 21:21:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/04/29 08:38:16 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/26 09:33:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/26 09:26:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/20 18:38:32 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Dillon\Application Data\usb.dat.bin
[2006/02/07 19:44:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/02/01 22:14:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/01/31 10:29:58 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\fusioncache.dat
[2006/01/31 10:19:55 | 000,050,523 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2006/01/31 10:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpdmdl01.dat
[2006/01/30 00:16:05 | 000,000,203 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/01/29 10:35:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/28 18:32:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\FASTWiz.html
[2005/11/11 16:46:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\usbaptest.dll
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/04/11 04:43:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/11 04:41:01 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/29 20:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 06:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:30 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:10:30 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:02:54 | 000,319,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 05:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/05 22:03:18 | 000,004,978 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/03/05 18:28:38 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/30 19:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 19:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/07/13 19:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/12/14 07:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/05/02 21:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/02/27 21:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mMcHmPf06300
[2005/04/11 05:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/01/28 11:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/16 14:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/06/01 09:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/27 20:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/21 11:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/10 17:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Alien Skin
[2009/11/10 11:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Amazon
[2011/04/26 08:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2006/01/30 01:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\InterVideo
[2006/01/29 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Leadertech
[2006/01/30 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Musicmatch
[2011/01/07 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Samsung
[2009/10/19 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/05/09 12:22:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntmssvc\Parameters|ntms.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters|w32t.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts\Parameters|lmhosts.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters|netlogin.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver\Parameters|dmsrv.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Parameters|kdc.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkSvr\Parameters|trks.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Parameters|trkw.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters|browsvr.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters|appmgmt.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters|ipsec.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters|mesg.dll /RS >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\Parameters|protstrg.dll /RS >

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\usb2|usb2.sys /RS >

< type "C:\Documents and Settings\All Users\Application Data\mMcHmPf06300\mMcHmPf06300" /c >
Ysut.|睹›æn*þ”™æŒ‘FôEŽTŽ¸>ãñ>tÃl—õ_¯õë_ûðøÈÒnsn湛͹s›s7ÍÜn͛ܛ¹næsnÜæÜÍs7›sæ7æn›¹Ü›7¹7sÜÍæܹÍ

< >

< End of report >
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » May 10th, 2011, 8:28 pm

Hi.

I'm sorry, I won't be able to post new instructions until tomorrow. :(
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » May 10th, 2011, 9:13 pm

No worries! Things are still running smoothly, and I'll have some time to work on it when next you have instructions for me.
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » May 11th, 2011, 3:50 pm

Hi.

I'd like you to do another online virus scan and OTL scan. If everything checks out, then these are the last scans you need to perform. :)

Do you recognize the following directory/file?
C:\Documents and Settings\All Users\Application Data\mMcHmPf06300\mMcHmPf06300


Disable Microsoft Security Essentials

Make sure MSE is disabled:

Make sure there's no scheduled scan in Microsoft Security Essentials for the rest of the day before running the scan:
  • Start Microsoft Security Essentials, then click Settings -> Sceduled scan and uncheck Run a scheduled scan... if a scan is about to start, then click Save changes and close the program.
  • Go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Close MSE when done.


Panda Online Scan

Please go Here to run Panda's ActiveScan. (Right click the link and open it in a new tab or window.)
  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take some time.
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and paste the log in your reply (Ctrl+V on the keyboard)

Please enable Microsoft Security Essentials after the online virusscan is finished.


OTL - System Scan

  1. Double click on the OTL icon on your desktop to run it.
  2. When the window appears, underneath Output at the top, make sure Minimal Output is selected.
  3. Click the Scan All Users checkbox.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    C:\Windows\System32\ipsec.dll /md5
    C:\Windows\System32\appmgmt.dll /md5
    C:\Windows\System32\browsvr.dll /md5
    C:\Windows\System32\trkw.dll /md5
    C:\Windows\System32\trks.dll /md5
    C:\Windows\System32\kdc.dll /md5
    C:\Windows\System32\dmsrv.dll /md5
    C:\Windows\System32\mesg.dll /md5
    C:\Windows\System32\netlogin.dll /md5
    C:\Windows\System32\protstrg.dll /md5
    C:\Windows\System32\lmhosts.dll /md5
    C:\Windows\System32\w32t.dll /md5
    C:\Windows\System32\ntms.dll /md5
    C:\Windows\System32\Drivers\usb2.sys /md5
    
    
  6. Click the Run Scan button. The scan won't take long. Please do not use the computer during the scan.
  7. When the scan completes, OTL.txt will open.
  8. Please post the contents of this file in your next reply.


To post:
  • Directory/file?
  • Activescan log
  • OTL log
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby vict0r » May 13th, 2011, 11:34 pm

Hi.

Did the Panda Activescan work?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware