Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

removing redirect virus/adding log reports please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

removing redirect virus/adding log reports please help!

Unread postby dynodan » June 11th, 2011, 2:44 pm

:? I appreciate your tolerance, I posted previously (see below) and had to add to itbecause I got the log files for dds, combo fix and tdss killer.
I am just getting used to how this all works.


Hello, I have been attempting to remove redirect virus. When clicking on search results in IE, it will redirect me to obscure local search sites. By quickly hitting the back arrow, the 2nd time I click on the desired website, it takes me there, so it is not as aggressive as it used to be. Somehow none of the scan fixes can find this thing. Malwarebytes would not install without errors and/or couldn't find anything. Thier website seemed to be down and couldn't get updates.

I was directed in a previous post not to run any combo fix on my own. Sorry to say I already had run it, but it didn't find any of the redirect virus. Sorry, I apologize, I know your time is freely given and has value. I ran it before I saw the warning not to. Dosen't seem to be any harm done. I appreciate you time and will cooperate with you. It instructed me not to uninstall combo until I was certain none of the saved or backup or quarantined files were needed. Also I have some kind of windows update disable virus telling me the automatic update is disable when it is set to update.
please help!
.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Run by Danny at 12:05:30 on 2011-06-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2877 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\SAiDownloader.exe
C:\WINDOWS\system32\SAiLicSvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [Camera Detector] c:\progra~1\acdsys~1\acdsee\CAMDET~1.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0ItSkhGTkg"&"inst=NzctNTkzMTEwODM4LVQ1LVU4NSsxLUJBKzEtS1YzKzctRlA5KzYtU1QxKzItVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItVklQMTArMS1GMTBNMTBEKzItTElDKzc3LVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsx"&"prod=90"&"ver=10.0.1382
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 9824293578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{20997094-154B-4DDB-A335-8D7AEA2A121A} : NameServer = 93.188.165.180,93.188.160.240
TCP: Interfaces\{20997094-154B-4DDB-A335-8D7AEA2A121A} : DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
Notify: AtiExtEvent - Ati2evxx.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\danny\application data\mozilla\firefox\profiles\kwh7te1i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://Internet Explorer
FF - plugin: c:\documents and settings\danny\application data\mozilla\firefox\profiles\kwh7te1i.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\danny\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\my new downloads\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-1-8 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-1-8 62080]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2009-4-16 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2009-7-13 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
.
=============== Created Last 30 ================
.
2011-06-11 15:53:44 -------- d-sha-r- C:\cmdcons
2011-06-11 15:52:02 98816 ----a-w- c:\windows\sed.exe
2011-06-11 15:52:02 518144 ----a-w- c:\windows\SWREG.exe
2011-06-11 15:52:02 256512 ----a-w- c:\windows\PEV.exe
2011-06-11 15:52:02 208896 ----a-w- c:\windows\MBR.exe
2011-05-14 22:47:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-14 22:47:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-14 22:47:32 -------- d-----w- c:\documents and settings\danny\application data\SUPERAntiSpyware.com
2011-05-14 22:12:06 -------- d-----w- c:\documents and settings\danny\application data\Malwarebytes
2011-05-14 22:12:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-14 21:17:30 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2009-02-11 20:38:34 1431504 ----a-w- c:\program files\RegCureSetup_RW.exe
2009-02-09 22:07:08 34031720 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2009-02-03 17:12:21 59981528 ----a-w- c:\program files\avg_free_stf_en_8_233a1415.exe
2008-07-22 14:00:53 48367896 ----a-w- c:\program files\avg_free_stf_en_8_138a1332.exe
2008-01-10 16:25:04 15895117 ----a-w- c:\program files\PDFCreator-0_9_5_setup.exe
.
============= FINISH: 12:06:07.29 ===============
2011/06/11 13:05:01.0765 1932 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/11 13:05:02.0203 1932 ================================================================================
2011/06/11 13:05:02.0203 1932 SystemInfo:
2011/06/11 13:05:02.0203 1932
2011/06/11 13:05:02.0203 1932 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/11 13:05:02.0203 1932 Product type: Workstation
2011/06/11 13:05:02.0203 1932 ComputerName: DANNY-7B4C23870
2011/06/11 13:05:02.0203 1932 UserName: Danny
2011/06/11 13:05:02.0203 1932 Windows directory: C:\WINDOWS
2011/06/11 13:05:02.0203 1932 System windows directory: C:\WINDOWS
2011/06/11 13:05:02.0203 1932 Processor architecture: Intel x86
2011/06/11 13:05:02.0203 1932 Number of processors: 2
2011/06/11 13:05:02.0203 1932 Page size: 0x1000
2011/06/11 13:05:02.0203 1932 Boot type: Normal boot
2011/06/11 13:05:02.0203 1932 ================================================================================
2011/06/11 13:05:02.0531 1932 Initialize success
2011/06/11 13:05:05.0578 4004 ================================================================================
2011/06/11 13:05:05.0578 4004 Scan started
2011/06/11 13:05:05.0578 4004 Mode: Manual;
2011/06/11 13:05:05.0578 4004 ================================================================================
2011/06/11 13:05:05.0968 4004 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/11 13:05:06.0015 4004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/11 13:05:06.0046 4004 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/11 13:05:06.0109 4004 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/11 13:05:06.0187 4004 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/11 13:05:06.0234 4004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/11 13:05:06.0250 4004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/11 13:05:06.0343 4004 ati2mtag (b2580f3de6a4e84060f8073df2ca0951) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/11 13:05:06.0375 4004 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/11 13:05:06.0406 4004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/11 13:05:06.0453 4004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/11 13:05:06.0578 4004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/11 13:05:06.0625 4004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/11 13:05:06.0656 4004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/11 13:05:06.0656 4004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/11 13:05:06.0734 4004 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/11 13:05:06.0765 4004 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/11 13:05:06.0812 4004 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/11 13:05:06.0843 4004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/11 13:05:06.0875 4004 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/11 13:05:06.0906 4004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/11 13:05:06.0921 4004 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/11 13:05:06.0937 4004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/11 13:05:06.0968 4004 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/11 13:05:06.0984 4004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/11 13:05:07.0000 4004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/11 13:05:07.0031 4004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/11 13:05:07.0046 4004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/11 13:05:07.0078 4004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/11 13:05:07.0093 4004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/11 13:05:07.0156 4004 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys
2011/06/11 13:05:07.0218 4004 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/11 13:05:07.0281 4004 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/11 13:05:07.0296 4004 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/11 13:05:07.0343 4004 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/11 13:05:07.0375 4004 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/11 13:05:07.0406 4004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/11 13:05:07.0453 4004 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/11 13:05:07.0468 4004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/11 13:05:07.0578 4004 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/11 13:05:07.0656 4004 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/11 13:05:07.0687 4004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/11 13:05:07.0718 4004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/11 13:05:07.0750 4004 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/11 13:05:07.0750 4004 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/11 13:05:07.0765 4004 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/11 13:05:07.0796 4004 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/06/11 13:05:07.0812 4004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/11 13:05:07.0828 4004 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/06/11 13:05:07.0843 4004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/11 13:05:07.0859 4004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/11 13:05:07.0890 4004 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/11 13:05:07.0921 4004 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/11 13:05:07.0953 4004 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/06/11 13:05:07.0984 4004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/11 13:05:08.0000 4004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/11 13:05:08.0015 4004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/11 13:05:08.0031 4004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/11 13:05:08.0046 4004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/11 13:05:08.0093 4004 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/11 13:05:08.0109 4004 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/11 13:05:08.0140 4004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/11 13:05:08.0156 4004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/11 13:05:08.0171 4004 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/11 13:05:08.0218 4004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/11 13:05:08.0218 4004 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/11 13:05:08.0234 4004 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/11 13:05:08.0281 4004 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/11 13:05:08.0281 4004 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/11 13:05:08.0296 4004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/11 13:05:08.0343 4004 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/11 13:05:08.0359 4004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/11 13:05:08.0390 4004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/11 13:05:08.0421 4004 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/11 13:05:08.0468 4004 NmPar (79ea5a1b343db2f5187758e00195d9bd) C:\WINDOWS\system32\DRIVERS\NmPar.sys
2011/06/11 13:05:08.0484 4004 nmserial (27f715b99867d1c19d83327800976719) C:\WINDOWS\system32\DRIVERS\nmserial.sys
2011/06/11 13:05:08.0500 4004 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/11 13:05:08.0515 4004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/11 13:05:08.0546 4004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/11 13:05:08.0593 4004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/11 13:05:08.0593 4004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/11 13:05:08.0609 4004 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/11 13:05:08.0703 4004 Par1284 (8e55251d83763ccca60fe26a811cfb0c) C:\Program Files\Beacon\Ultra-Flex Production Suite1\Program\Par1284.sys
2011/06/11 13:05:08.0718 4004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/11 13:05:08.0734 4004 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/11 13:05:08.0750 4004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/11 13:05:08.0781 4004 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/11 13:05:08.0812 4004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/11 13:05:08.0843 4004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/11 13:05:08.0937 4004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/11 13:05:08.0968 4004 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/11 13:05:09.0015 4004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/11 13:05:09.0031 4004 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/11 13:05:09.0109 4004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/11 13:05:09.0140 4004 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/06/11 13:05:09.0156 4004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/11 13:05:09.0187 4004 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/11 13:05:09.0187 4004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/11 13:05:09.0218 4004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/11 13:05:09.0234 4004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/11 13:05:09.0250 4004 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/11 13:05:09.0281 4004 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/11 13:05:09.0312 4004 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/11 13:05:09.0359 4004 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/11 13:05:09.0406 4004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/11 13:05:09.0437 4004 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/11 13:05:09.0453 4004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/11 13:05:09.0484 4004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/11 13:05:09.0546 4004 Sntnlusb (9de6e60ce7fd82b4985de5d9c22265ad) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2011/06/11 13:05:09.0578 4004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/11 13:05:09.0593 4004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/11 13:05:09.0625 4004 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/11 13:05:09.0640 4004 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/11 13:05:09.0671 4004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/11 13:05:09.0734 4004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/11 13:05:09.0765 4004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/11 13:05:09.0796 4004 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/11 13:05:09.0796 4004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/11 13:05:09.0828 4004 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/11 13:05:09.0859 4004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/11 13:05:09.0890 4004 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/11 13:05:09.0937 4004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/11 13:05:09.0953 4004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/11 13:05:09.0968 4004 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/11 13:05:09.0968 4004 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/11 13:05:09.0984 4004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/11 13:05:10.0000 4004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/11 13:05:10.0031 4004 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/11 13:05:10.0046 4004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/11 13:05:10.0078 4004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/11 13:05:10.0093 4004 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/11 13:05:10.0125 4004 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/11 13:05:10.0203 4004 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/11 13:05:10.0218 4004 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/11 13:05:10.0250 4004 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/11 13:05:10.0375 4004 ================================================================================
2011/06/11 13:05:10.0375 4004 Scan finished
2011/06/11 13:05:10.0375 4004 ================================================================================
2011/06/11 13:05:10.0375 3824 Detected object count: 0
2011/06/11 13:05:10.0375 3824 Actual detected object count: 0

ComboFix 11-06-11.01 - Danny 06/11/2011 10:54:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2887 [GMT -5:00]
Running from: c:\documents and settings\Danny\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Danny\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Danny\g2mdlhlpx.exe
c:\documents and settings\Danny\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-05-19 12:48 . 2011-05-19 12:48 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-14 22:47 . 2011-05-14 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-14 22:47 . 2011-05-15 00:22 -------- d-----w- c:\documents and settings\Danny\Application Data\SUPERAntiSpyware.com
2011-05-14 22:47 . 2011-05-15 00:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-14 22:12 . 2011-05-14 22:12 -------- d-----w- c:\documents and settings\Danny\Application Data\Malwarebytes
2011-05-14 22:12 . 2011-05-14 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-14 21:17 . 2011-05-14 21:17 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 20:38 . 2009-02-11 20:38 1431504 ----a-w- c:\program files\RegCureSetup_RW.exe
2009-02-09 22:07 . 2009-02-09 22:07 34031720 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2009-02-03 17:12 . 2009-02-03 17:12 59981528 ----a-w- c:\program files\avg_free_stf_en_8_233a1415.exe
2008-07-22 14:00 . 2008-07-22 14:00 48367896 ----a-w- c:\program files\avg_free_stf_en_8_138a1332.exe
2008-01-10 16:25 . 2008-01-10 16:25 15895117 ----a-w- c:\program files\PDFCreator-0_9_5_setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2004-09-22 1871872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Danny^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Danny\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Danny^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Danny\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-24 13:30 133104 ----atw- c:\documents and settings\Danny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 02:59 421160 ----a-w- c:\program files\My new Downloads\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\WINDOWS\\system32\\SAiLicSvr.exe"=
"c:\\Program Files\\SAi\\SAi Production Suite\\Program\\App2.exe"=
"c:\\Program Files\\SAi\\SAi Production Suite\\Program\\App.exe"=
"c:\\Program Files\\Beacon\\Ultra-Flex Production Suite1\\Program\\app2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\My new Downloads\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
.
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [1/8/2008 2:38 PM 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [1/8/2008 2:38 PM 62080]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [4/16/2009 9:55 AM 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [7/13/2009 12:45 PM 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 1:02 AM 328992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1801674531-725345543-1003Core.job
- c:\documents and settings\Danny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-24 13:30]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1801674531-725345543-1003UA.job
- c:\documents and settings\Danny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-24 13:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{20997094-154B-4DDB-A335-8D7AEA2A121A}: NameServer = 93.188.165.180,93.188.160.240
FF - ProfilePath - c:\documents and settings\Danny\Application Data\Mozilla\Firefox\Profiles\kwh7te1i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://Internet Explorer
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Spyware Doctor with AntiVirus - c:\documents and settings\Danny\Desktop\sdasetup_revwire207[1].exe
HKLM-Run-zzzHPSETUP - D:\Setup.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Fonts - c:\progra~1\Freeze.com\Fonts\UNINSTAL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 10:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-06-11 10:57:50
ComboFix-quarantined-files.txt 2011-06-11 15:57
.
Pre-Run: 406,199,910,400 bytes free
Post-Run: 420,541,059,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0230773F76C6DB94268C2A709DF64A3D
dynodan
Active Member
 
Posts: 3
Joined: June 11th, 2011, 11:20 am
Advertisement
Register to Remove

Re: removing redirect virus/adding log reports please help!

Unread postby askey127 » June 14th, 2011, 4:33 pm

Hi dynodan,
Let's see if we can get this fixed for you.
Please don't scan, remove or install anything unless I ask, until we are through cleaning.
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • You can also download OTL from HERE
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
The Extras.txt file will only show up the very first time you run OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: removing redirect virus/adding log reports please help!

Unread postby NonSuch » June 19th, 2011, 2:33 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware