Solved Google search results are being redirected

Status
Not open for further replies.

JerryFerreira

Posts: 26   +0
I have completed the 8 step Preliminary Removal Instructions except for GMER because every time I run it, at the end of the scan my computer reboots and I cannot save the log file. What can I do?

Thank you.
 
Attached logs

I got GMER to work with the Devices checkbox unchecked, so I'm also including it.

Thanks so much Broni.
 

Attachments

  • mbam-log-2010-07-25 (16-11-33).txt
    1.2 KB · Views: 1
  • gmer.log
    69 KB · Views: 1
  • Attach.txt
    17.6 KB · Views: 0
  • DDS.txt
    11.8 KB · Views: 1
You're very welcome :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix Log

At first, McAfee didn't allow me to download ComboFix from the links you gave, but I worked around McAfee and got ComboFix to create a log file. Attached is the file.

Thanks.
 

Attachments

  • ComboFix.txt
    14.8 KB · Views: 1
No more redirection

Looks good. I did a Google and Bing search and the results links are not being redirected.

You are a genius.

P.S. How do I prevent this from happening in the future? McAfee didn't warn me of any website/file/etc.
 
Good news :)
We're not totally done yet, though :)
We need to make sure your computer is 100% clean.

There is no perfect security tool. Infections happen. At the end of this topic, I'll give you some security hints.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.

=====================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Icon

I ran the OTL icon that I saved on my desktop, then all of a sudden Security Tool ran a scan saying that I'm infected with lots of stuff. I've seen this before in different names, but I think I have another/different problem now.

This "Security Tool" won't let me run anything, saying that the program I'm trying to run is trying to send out my credit card info and that I should purchase the program.
 
See, if you can start in safe mode and run Malwarebytes.
I'm really sorry for what happened, but I just discovered the issue.
You're actually a 2nd victim.
 
Broni,

I'm running Malwarebytes in Safe Mode right now. After that finishes, I must go to bed. I'm in the East Coast and it's 3 hours ahead here, and I've been working on this since 9:00 a.m.

Can I continue with you tomorrow?
 
Let me know.
Good thing, it happened so late, so only you and one other person on this board are affected.
 
That is good thing. I would hate to see so many other people get infected.

Thanks so much. I'll be in touch tomorrow.

Good night to you.
 
That's good.
We'll fix it.
Sorry for the mess.
I immediately informed OTL host people, so hopefully, they'll block the link soon.

See you tomorrow.
 
Good morning Broni,

Hope you had a good night's sleep. I know I did. Anyway, I was able to run Malwarebytes in safe mode and it took care of 'Security Patrol'. Also, the redirection problem seems to be ok as of now, just before I downloaded 'OTL' from that hijacked link.

Thanks.
 
OTL

Hi Broni,

I was able to download the real OTL and ran the custom scan as you specified. It created the two log files. When I tried to cut and paste the OTL.Txt file, it said "The text that you have entered is too long (52610). Please shorten it to 20000 characters long."
 
OTL log

Here is the Extras.Txt copy and paste:


OTL Extras logfile created on: 07/26/2010 5:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jerry\My Documents\My Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

894.00 Mb Total Physical Memory | 262.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.47 Gb Free Space | 77.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON1521
Current User Name: Jerry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E73F713-7E73-4C6E-B385-4D09DF3B9141}" = Adobe Setup
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24224B54-37F0-4127-A374-8EE625C9DA91}" = InkSaver
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{395768CD-30FF-4A31-86FE-3DA1A5EAED2F}" = Adobe CMM
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C7005A0-EAA2-012B-AEA5-000000000000}" = TurboTax 2009 wriiper
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Essentials
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = Genesys USB Mass Storage Device
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_20605a51cb0190b8e219bc496fc6aa0" = Adobe CMM
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Any Video Converter_is1" = Any Video Converter 3.0.6
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1195
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CertBlaster" = CertBlaster
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DELL Webcam Center" = DELL Webcam Center
"DVD43_is1" = DVD43 v4.6.0
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{24224B54-37F0-4127-A374-8EE625C9DA91}" = InkSaver
"MAGIX Audio Cleaning Lab 11 US" = MAGIX Audio Cleaning Lab 11 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Score Writer 2.6" = Score Writer 2.6
"SynTPDeinstKey" = Dell Touchpad
"TurboTax 2009" = TurboTax 2009
"Tweak UI 2.10" = Tweak UI
"VolumeLock" = VolumeLock 1.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/24/2010 3:14:22 PM | Computer Name = INSPIRON1521 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 07/24/2010 3:14:48 PM | Computer Name = INSPIRON1521 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 07/24/2010 3:15:17 PM | Computer Name = INSPIRON1521 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 07/24/2010 3:15:39 PM | Computer Name = INSPIRON1521 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 07/24/2010 9:06:13 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 07/24/2010 9:10:06 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 07/24/2010 9:10:06 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 07/24/2010 9:41:55 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 07/24/2010 9:48:43 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 07/24/2010 9:48:43 PM | Computer Name = INSPIRON1521 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

[ System Events ]
Error - 07/26/2010 10:59:10 AM | Computer Name = INSPIRON1521 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 07/26/2010 10:59:17 AM | Computer Name = INSPIRON1521 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {44747F36-B6C1-4067-9DB3-9095C8ABB032}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 07/26/2010 11:05:17 AM | Computer Name = INSPIRON1521 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 07/26/2010 5:17:15 PM | Computer Name = INSPIRON1521 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {44747F36-B6C1-4067-9DB3-9095C8ABB032}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 07/26/2010 5:17:19 PM | Computer Name = INSPIRON1521 | Source = NetDDE | ID = 206
Description = Listen failed: 23: The ncb_lana_num member did not specify a valid
network number.

Error - 07/26/2010 5:17:25 PM | Computer Name = INSPIRON1521 | Source = NetDDE | ID = 206
Description = Listen failed: 15:

Error - 07/26/2010 5:23:38 PM | Computer Name = INSPIRON1521 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DIMENSION4550 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{FE92ACB7-E5C1-. The master browser is stopping or an election is being
forced.

Error - 07/26/2010 5:28:49 PM | Computer Name = INSPIRON1521 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%193" Happened while starting this command: "C:\Program Files\Adobe\Reader
9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding

Error - 07/26/2010 5:28:49 PM | Computer Name = INSPIRON1521 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%193" Happened while starting this command: "C:\Program Files\Adobe\Reader
9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding

Error - 07/26/2010 5:28:49 PM | Computer Name = INSPIRON1521 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%193" Happened while starting this command: "C:\Program Files\Adobe\Reader
9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding


< End of report >
 
Hi
I'm glad to hear good news :)

Bad guys scared sh** out of me last night...LOL

Did you have a chance to re-run MBAM in normal mode?
If you didn't, please do so and if anything found, post the log.

As for OTL.txt, you can either split it between couple of posts, or attach it.
 
Mbam

Hi Broni,

Hope the bad guys didn't scare you too much last night---lol.

I ran MBAM in normal mode and nothing was found. I've attached the OTL.txt file.

Thanks so much.
 

Attachments

  • OTL.Txt
    102.5 KB · Views: 1
Status
Not open for further replies.
Back