Google search results are being redirected

Solved
By JerryFerreira
Jul 25, 2010
Topic Status:
Not open for further replies.
  1. I have completed the 8 step Preliminary Removal Instructions except for GMER because every time I run it, at the end of the scan my computer reboots and I cannot save the log file. What can I do?

    Thank you.
  2. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Post all other logs.
  3. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    Attached logs

    I got GMER to work with the Devices checkbox unchecked, so I'm also including it.

    Thanks so much Broni.

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    You're very welcome :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    ComboFix Log

    At first, McAfee didn't allow me to download ComboFix from the links you gave, but I worked around McAfee and got ComboFix to create a log file. Attached is the file.

    Thanks.

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Good :)
    How is redirection?
  7. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    No more redirection

    Looks good. I did a Google and Bing search and the results links are not being redirected.

    You are a genius.

    P.S. How do I prevent this from happening in the future? McAfee didn't warn me of any website/file/etc.
  8. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Good news :)
    We're not totally done yet, though :)
    We need to make sure your computer is 100% clean.

    There is no perfect security tool. Infections happen. At the end of this topic, I'll give you some security hints.

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Restart computer.

    =====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    OTL

    I just downloaded OTL and ran it, but now SecurityTool doesn't have a custom scan.
  10. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    What Security Tool are you talking about?
  11. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    OTL Icon

    I ran the OTL icon that I saved on my desktop, then all of a sudden Security Tool ran a scan saying that I'm infected with lots of stuff. I've seen this before in different names, but I think I have another/different problem now.

    This "Security Tool" won't let me run anything, saying that the program I'm trying to run is trying to send out my credit card info and that I should purchase the program.
  12. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    It seems, that OTL download link has been hacked.
    Don't use that file at all.
  13. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    See, if you can start in safe mode and run Malwarebytes.
    I'm really sorry for what happened, but I just discovered the issue.
    You're actually a 2nd victim.
     
  14. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    What should I do now? It's already infected my computer and I'm writing to you from another computer.

    Thanks
  15. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    Sorry, I replied too soon.
  16. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    I will do that right now.
  17. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    Broni,

    I'm running Malwarebytes in Safe Mode right now. After that finishes, I must go to bed. I'm in the East Coast and it's 3 hours ahead here, and I've been working on this since 9:00 a.m.

    Can I continue with you tomorrow?
  18. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Let me know.
    Good thing, it happened so late, so only you and one other person on this board are affected.
  19. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    That is good thing. I would hate to see so many other people get infected.

    Thanks so much. I'll be in touch tomorrow.

    Good night to you.
  20. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    That's good.
    We'll fix it.
    Sorry for the mess.
    I immediately informed OTL host people, so hopefully, they'll block the link soon.

    See you tomorrow.
  21. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    Good morning Broni,

    Hope you had a good night's sleep. I know I did. Anyway, I was able to run Malwarebytes in safe mode and it took care of 'Security Patrol'. Also, the redirection problem seems to be ok as of now, just before I downloaded 'OTL' from that hijacked link.

    Thanks.
  22. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    OTL

    Hi Broni,

    I was able to download the real OTL and ran the custom scan as you specified. It created the two log files. When I tried to cut and paste the OTL.Txt file, it said "The text that you have entered is too long (52610). Please shorten it to 20000 characters long."
  23. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    OTL log

    Here is the Extras.Txt copy and paste:


    OTL Extras logfile created on: 07/26/2010 5:32:09 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jerry\My Documents\My Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    894.00 Mb Total Physical Memory | 262.00 Mb Available Physical Memory | 29.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 57.47 Gb Free Space | 77.12% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: INSPIRON1521
    Current User Name: Jerry
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\PROGRA~1\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0E73F713-7E73-4C6E-B385-4D09DF3B9141}" = Adobe Setup
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{24224B54-37F0-4127-A374-8EE625C9DA91}" = InkSaver
    "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{395768CD-30FF-4A31-86FE-3DA1A5EAED2F}" = Adobe CMM
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3C7005A0-EAA2-012B-AEA5-000000000000}" = TurboTax 2009 wriiper
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
    "{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Essentials
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = Genesys USB Mass Storage Device
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_20605a51cb0190b8e219bc496fc6aa0" = Adobe CMM
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Any Video Converter_is1" = Any Video Converter 3.0.6
    "ATI Display Driver" = ATI Display Driver
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1195
    "CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
    "CertBlaster" = CertBlaster
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DELL Webcam Center" = DELL Webcam Center
    "DVD43_is1" = DVD43 v4.6.0
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{24224B54-37F0-4127-A374-8EE625C9DA91}" = InkSaver
    "MAGIX Audio Cleaning Lab 11 US" = MAGIX Audio Cleaning Lab 11 (US)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSC" = McAfee SecurityCenter
    "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
    "MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "RealPlayer 12.0" = RealPlayer
    "Score Writer 2.6" = Score Writer 2.6
    "SynTPDeinstKey" = Dell Touchpad
    "TurboTax 2009" = TurboTax 2009
    "Tweak UI 2.10" = Tweak UI
    "VolumeLock" = VolumeLock 1.7
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 07/24/2010 3:14:22 PM | Computer Name = INSPIRON1521 | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 07/24/2010 3:14:48 PM | Computer Name = INSPIRON1521 | Source = MSSecurityEssentials | ID = 5000
    Description =

    Error - 07/24/2010 3:15:17 PM | Computer Name = INSPIRON1521 | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 07/24/2010 3:15:39 PM | Computer Name = INSPIRON1521 | Source = MSSecurityEssentials | ID = 5000
    Description =

    Error - 07/24/2010 9:06:13 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 07/24/2010 9:10:06 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 07/24/2010 9:10:06 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 07/24/2010 9:41:55 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 07/24/2010 9:48:43 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 07/24/2010 9:48:43 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    [ System Events ]
    Error - 07/26/2010 10:59:10 AM | Computer Name = INSPIRON1521 | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 07/26/2010 10:59:17 AM | Computer Name = INSPIRON1521 | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {44747F36-B6C1-4067-9DB3-9095C8ABB032}
    with the Router Manager for the IP protocol. The following error occurred: Cannot
    complete this function.

    Error - 07/26/2010 11:05:17 AM | Computer Name = INSPIRON1521 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 07/26/2010 5:17:15 PM | Computer Name = INSPIRON1521 | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {44747F36-B6C1-4067-9DB3-9095C8ABB032}
    with the Router Manager for the IP protocol. The following error occurred: Cannot
    complete this function.

    Error - 07/26/2010 5:17:19 PM | Computer Name = INSPIRON1521 | Source = NetDDE | ID = 206
    Description = Listen failed: 23: The ncb_lana_num member did not specify a valid
    network number.

    Error - 07/26/2010 5:17:25 PM | Computer Name = INSPIRON1521 | Source = NetDDE | ID = 206
    Description = Listen failed: 15:

    Error - 07/26/2010 5:23:38 PM | Computer Name = INSPIRON1521 | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DIMENSION4550 that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{FE92ACB7-E5C1-. The master browser is stopping or an election is being
    forced.

    Error - 07/26/2010 5:28:49 PM | Computer Name = INSPIRON1521 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
    The
    error: "%193" Happened while starting this command: "C:\Program Files\Adobe\Reader
    9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding

    Error - 07/26/2010 5:28:49 PM | Computer Name = INSPIRON1521 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
    The
    error: "%193" Happened while starting this command: "C:\Program Files\Adobe\Reader
    9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding

    Error - 07/26/2010 5:28:49 PM | Computer Name = INSPIRON1521 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
    The
    error: "%193" Happened while starting this command: "C:\Program Files\Adobe\Reader
    9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding


    < End of report >
  24. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Hi
    I'm glad to hear good news :)

    Bad guys scared sh** out of me last night...LOL

    Did you have a chance to re-run MBAM in normal mode?
    If you didn't, please do so and if anything found, post the log.

    As for OTL.txt, you can either split it between couple of posts, or attach it.
  25. JerryFerreira

    JerryFerreira Newcomer, in training Topic Starter Posts: 26

    Mbam

    Hi Broni,

    Hope the bad guys didn't scare you too much last night---lol.

    I ran MBAM in normal mode and nothing was found. I've attached the OTL.txt file.

    Thanks so much.

    Attached Files:

    • OTL.Txt
      File size:
      102.5 KB
      Views:
      1
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.