• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

Quercus

Full Member
  • Content count

    17
  • Joined

  • Last visited

About Quercus

  • Rank
    Member
  • Birthday
  1. Software all removed and everything's still good with the Google searches. Thanks for the anti-malware tips. Frustrating that some of the more expensive antivirus packages don't do a better job. FYI - Apparently there's no Windows XP Service Pack 3 for 64bit machines, only Service Pack 2. Thanks again. Quercus.
  2. Updated OTL.txt log: OTL logfile created on: 11/12/2012 8:14:54 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jjacobs\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1021.99 Mb Total Physical Memory | 334.77 Mb Available Physical Memory | 32.76% Memory free 2.43 Gb Paging File | 1.95 Gb Available in Paging File | 80.38% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.78 Gb Total Space | 196.11 Gb Free Space | 84.25% Space Free | Partition Type: NTFS Drive D: | 232.82 Gb Total Space | 232.48 Gb Free Space | 99.85% Space Free | Partition Type: NTFS Drive X: | 931.47 Gb Total Space | 861.90 Gb Free Space | 92.53% Space Free | Partition Type: NTFS Drive Y: | 931.47 Gb Total Space | 861.90 Gb Free Space | 92.53% Space Free | Partition Type: NTFS Drive Z: | 931.47 Gb Total Space | 861.90 Gb Free Space | 92.53% Space Free | Partition Type: NTFS Computer Name: WS2 | User Name: JJACOBS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe PRC - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe PRC - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2010/12/15 08:21:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe PRC - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe PRC - [2010/12/15 08:20:29 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\ProtectionUtilSurrogate.exe PRC - [2009/12/24 21:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe PRC - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe PRC - [2007/02/18 10:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2005/11/20 16:40:41 | 000,151,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe PRC - [2005/06/03 01:30:58 | 000,015,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTHELPER.EXE PRC - [2003/09/17 17:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe PRC - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE ========== Modules (No Company Name) ========== MOD - [2005/07/06 22:36:20 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\storutil.dll MOD - [2003/11/19 23:44:18 | 000,057,455 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\net.dll MOD - [2003/11/19 23:36:42 | 000,053,364 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\zip.dll MOD - [2003/11/19 23:35:48 | 000,102,515 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\java.dll MOD - [2003/11/19 23:31:48 | 000,057,453 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\verify.dll MOD - [2003/11/19 23:31:30 | 001,212,546 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\client\jvm.dll MOD - [2003/11/19 23:31:18 | 000,028,791 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\hpi.dll ========== Services (SafeList) ========== SRV:64bit: - [2005/01/07 10:48:30 | 000,157,696 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent) SRV - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2010/12/15 08:20:51 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Smc.exe -- (SmcService) SRV - [2010/12/15 08:20:36 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE -- (SNAC) SRV - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe -- (NGCLIENT) SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) [Auto | Running] -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent) SRV - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Driver Services (SafeList) ========== DRV - [2012/11/02 07:12:58 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\ex64.sys -- (NAVEX15) DRV - [2012/11/02 07:12:50 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\eng64.sys -- (NAVENG) DRV - [2012/08/15 13:51:30 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 07:18:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/12/15 08:21:45 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\srtspl64.sys -- (SRTSPL) DRV - [2010/12/15 08:21:45 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtsp64.sys -- (SRTSP) DRV - [2010/12/15 08:21:45 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtspx64.sys -- (SRTSPX) DRV - [2005/03/25 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd) DRV - [2005/03/25 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WZPC_en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.xpt () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.7.2197: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: RealPlayer Enterprise LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ Hosts file not found O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AsioThk32Reg] C:\WINDOWS\SysWOW64\CTASIO.DLL (Creative Technology Ltd) O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\SysWow64\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk = C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130079827814 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269476613658 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcDcToday.ocx (AcDcToday Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstBanr.ocx (NOXLATE-BANR) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab (ZoneIntro Class) O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstFred.ocx (InstaFred) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcPreview.ocx (AcPreview Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tai.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9EFE698-81D6-419A-89D2-AAE048036FCF}: DhcpNameServer = 192.168.1.100 192.168.1.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012/11/07 10:31:13 | 000,000,000 | ---D | M] - Z:\Autohaus Acquisitions -- [ NTFS ] O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell - "" = AutoRun O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) Drivers32:64bit: midi - File not found Drivers32:64bit: midi1 - File not found Drivers32:64bit: midimapper - File not found Drivers32:64bit: mixer - File not found Drivers32:64bit: mixer1 - File not found Drivers32:64bit: msacm.imaadpcm - File not found Drivers32:64bit: msacm.msadpcm - File not found Drivers32:64bit: msacm.msg711 - File not found Drivers32:64bit: msacm.msgsm610 - File not found Drivers32:64bit: msacm.trspch - File not found Drivers32:64bit: vidc.i420 - File not found Drivers32:64bit: vidc.iv31 - File not found Drivers32:64bit: vidc.iv32 - File not found Drivers32:64bit: vidc.iv41 - File not found Drivers32:64bit: vidc.iv50 - File not found Drivers32:64bit: vidc.iyuv - File not found Drivers32:64bit: vidc.mrle - File not found Drivers32:64bit: vidc.msvc - File not found Drivers32:64bit: vidc.uyvy - File not found Drivers32:64bit: vidc.yuy2 - File not found Drivers32:64bit: vidc.yvu9 - File not found Drivers32:64bit: vidc.yvyu - File not found Drivers32:64bit: wave - File not found Drivers32:64bit: wave1 - File not found Drivers32:64bit: wavemapper - File not found Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/12 07:41:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/11 14:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos [2012/11/11 14:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Start Menu\Programs\Sophos [2012/11/11 14:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012/11/11 14:48:42 | 079,645,432 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.exe [2012/11/11 11:39:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe [2012/11/11 07:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Sun [2012/11/10 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/11/10 22:57:01 | 002,215,000 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe [2012/11/10 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/10 14:07:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll [2012/11/10 14:07:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2012/11/10 14:07:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl [2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2012/11/10 14:07:21 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2012/11/10 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/11/10 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/11/10 14:02:15 | 031,160,808 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe [2012/11/10 14:02:14 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe [2012/11/10 13:29:38 | 004,998,937 | ---- | C] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe [2012/11/10 09:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\f-secure [2012/11/10 09:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2012/11/10 09:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\QuickScan [2012/11/09 22:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro ========== Files - Modified Within 30 Days ========== [2012/11/12 20:05:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012/11/12 20:05:25 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/11/12 20:05:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/12 20:04:58 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys [2012/11/12 20:01:59 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.CDF [2012/11/12 20:01:59 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.BAK [2012/11/12 19:50:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/11/11 16:57:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/11/11 14:50:16 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.lnk [2012/11/11 14:47:55 | 079,645,432 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.exe [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe [2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012/11/10 14:07:12 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2012/11/10 14:07:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll [2012/11/10 14:07:11 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll [2012/11/10 14:07:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2012/11/10 14:07:11 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl [2012/11/10 14:01:56 | 031,160,808 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe [2012/11/10 13:57:55 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe [2012/11/10 13:44:59 | 004,998,937 | ---- | M] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe [2012/11/09 17:36:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/09 17:32:21 | 002,195,988 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip [2012/11/09 14:29:28 | 000,658,298 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2012/11/08 08:54:22 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2012/11/05 11:45:09 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\SysWow64\KGyGaAvL.sys [2012/10/30 13:39:20 | 002,215,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe ========== Files Created - No Company Name ========== [2012/11/11 16:57:13 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2012/11/11 16:57:13 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012/11/11 14:50:16 | 000,002,090 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.lnk [2012/11/10 23:08:53 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012/11/10 09:18:10 | 1071,808,512 | -HS- | C] () -- C:\hiberfil.sys [2012/11/09 17:36:15 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/09 17:32:19 | 002,195,988 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip [2011/08/05 15:00:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini [2008/04/03 07:05:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\fusioncache.dat [2006/10/05 08:01:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JPR.{PB [2006/10/05 08:01:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JCM.{PB [2005/11/29 12:17:53 | 000,006,332 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2005/04/01 21:52:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = %SystemRoot%\system32\shdocvw.dll "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2009/05/14 03:28:58 | 001,508,352 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\system32\wbem\fastprox.dll "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\system32\wbem\wbemess.dll "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/11/10 11:29:05 | 000,002,060 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012/11/10 13:33:02 | 000,001,986 | ---- | M] () -- C:\AdwCleaner[s1].txt [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2005/10/22 09:39:20 | 000,000,213 | RHS- | M] () -- C:\boot.ini [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2005/10/01 04:13:12 | 000,004,733 | RH-- | M] () -- C:\dell.sdr [2012/11/12 20:04:58 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys [2010/01/19 14:40:58 | 000,000,201 | ---- | M] () -- C:\inferno.log [2005/04/01 21:46:44 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2005/04/01 21:46:44 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2005/03/25 12:00:00 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM [2007/11/16 08:11:55 | 000,297,072 | RHS- | M] () -- C:\ntldr [2012/03/06 18:57:00 | 000,000,512 | ---- | M] () -- C:\osmbr.bak [2012/11/12 20:04:53 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2001/08/29 15:00:44 | 000,019,200 | ---- | M] (Microsoft Corporation) -- C:\Posusb.sys [2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat [2001/08/29 15:00:44 | 000,002,858 | ---- | M] () -- C:\TalonGPS.inf [2012/11/09 17:32:41 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_17.32.35_log.txt [2012/11/09 19:27:18 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_19.26.37_log.txt [2012/11/09 22:23:26 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_22.23.22_log.txt [2012/11/10 22:57:07 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_10.11.2012_22.57.03_log.txt [2012/11/09 17:34:04 | 000,090,100 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_17.33.22_log.txt [2012/11/09 19:29:00 | 000,090,078 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_19.27.54_log.txt [2012/11/09 22:24:41 | 000,090,100 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_22.23.39_log.txt [2012/11/10 23:01:43 | 000,027,776 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_10.11.2012_22.57.32_log.txt [2012/03/06 18:57:26 | 222,083,584 | ---- | M] () -- C:\virtpart.dat [2012/03/06 18:57:00 | 000,000,291 | ---- | M] () -- C:\virtpart.vmdk < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > "NoAutoUpdate" = 0 "AUOptions" = 3 "ScheduledInstallDay" = 0 "ScheduledInstallTime" = 3 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report >
  3. Joker, I'm looking in to the "Proxy Server" question. There is a Server but I believe it functions mostly as a NAT (Network Address Translation). There's a dynamic IP address protocol requirement that is handled by the Server. I can get to a command prompt by "Run" and "cmd". There's no search box in the start menu (just search options for files, people, etc.). I ran the netsh winsock reset command from the cmd C:\ prompt. I'm not sure that the int ip reset is applicable with the server setup? Anyway the Logs are below. The good news is that the Google hijacking seems to be resolved for now! We'll be keeping a careful eye on it. Virus Total Log: File already analysed This file was already analysed by VirusTotal on 2012-11-06 01:34:45. Detection ratio: 0/44 You can take a look at the last analysis or analyse it again now. OTL Log: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ApplicationHistory deleted successfully. C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll moved successfully. C:\tgo.2 moved successfully. C:\tgs.2 moved successfully. C:\th8.1 moved successfully. C:\thc.1 moved successfully. C:\thg.2 moved successfully. C:\ths.1 moved successfully. C:\tig.1 moved successfully. C:\tj0.1 moved successfully. C:\tp0.1 moved successfully. C:\tpg.2 moved successfully. C:\tpo.1 moved successfully. C:\tqk.1 moved successfully. C:\tqk.2 moved successfully. C:\tqo.1 moved successfully. C:\tqo.2 moved successfully. C:\tqo.3 moved successfully. C:\tqo.4 moved successfully. C:\tqo.5 moved successfully. C:\tqo.6 moved successfully. C:\tqs.1 moved successfully. C:\tro.2 moved successfully. C:\ts0.1 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 17565259 bytes ->Temporary Internet Files folder emptied: 8696341 bytes User: administrator.TAI.000 ->Temp folder emptied: 179775499 bytes ->Temporary Internet Files folder emptied: 47947588 bytes ->Java cache emptied: 32108493 bytes ->Google Chrome cache emptied: 6124526 bytes ->Flash cache emptied: 639 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 12268558 bytes User: jjacobs ->Temp folder emptied: 1151817141 bytes ->Temporary Internet Files folder emptied: 1564350919 bytes ->Java cache emptied: 49314607 bytes ->Google Chrome cache emptied: 6467610 bytes ->Flash cache emptied: 3493539 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32969 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1271977 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 105463548 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 155822551 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 12514465 bytes RecycleBin emptied: 135700331 bytes Total Files Cleaned = 3,591.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11122012_184758 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  4. Ran an OTL scan. Here is the OTL.TXT file OTL logfile created on: 11/12/2012 7:56:21 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jjacobs\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1021.99 Mb Total Physical Memory | 364.04 Mb Available Physical Memory | 35.62% Memory free 2.43 Gb Paging File | 1.97 Gb Available in Paging File | 80.92% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.78 Gb Total Space | 193.82 Gb Free Space | 83.26% Space Free | Partition Type: NTFS Drive D: | 232.82 Gb Total Space | 232.45 Gb Free Space | 99.84% Space Free | Partition Type: NTFS Drive X: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Drive Y: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Drive Z: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Computer Name: WS2 | User Name: JJACOBS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe PRC - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe PRC - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2010/12/15 08:21:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe PRC - [2010/12/15 08:20:45 | 000,353,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\SescLU.exe PRC - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe PRC - [2010/12/15 08:20:29 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\ProtectionUtilSurrogate.exe PRC - [2009/12/24 21:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe PRC - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe PRC - [2007/02/18 10:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2005/11/20 16:40:41 | 000,151,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe PRC - [2005/06/03 01:30:58 | 000,015,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTHELPER.EXE PRC - [2003/09/17 17:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe PRC - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE ========== Modules (No Company Name) ========== MOD - [2012/11/09 09:24:02 | 000,274,432 | ---- | M] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll MOD - [2005/07/06 22:36:20 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\storutil.dll MOD - [2003/11/19 23:44:18 | 000,057,455 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\net.dll MOD - [2003/11/19 23:36:42 | 000,053,364 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\zip.dll MOD - [2003/11/19 23:35:48 | 000,102,515 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\java.dll MOD - [2003/11/19 23:31:48 | 000,057,453 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\verify.dll MOD - [2003/11/19 23:31:30 | 001,212,546 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\client\jvm.dll MOD - [2003/11/19 23:31:18 | 000,028,791 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\hpi.dll ========== Services (SafeList) ========== SRV:64bit: - [2005/01/07 10:48:30 | 000,157,696 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent) SRV - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2010/12/15 08:20:51 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Smc.exe -- (SmcService) SRV - [2010/12/15 08:20:36 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE -- (SNAC) SRV - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe -- (NGCLIENT) SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) [Auto | Running] -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent) SRV - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Driver Services (SafeList) ========== DRV - [2012/11/02 07:12:58 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\ex64.sys -- (NAVEX15) DRV - [2012/11/02 07:12:50 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\eng64.sys -- (NAVENG) DRV - [2012/08/15 13:51:30 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 07:18:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/12/15 08:21:45 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\srtspl64.sys -- (SRTSPL) DRV - [2010/12/15 08:21:45 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtsp64.sys -- (SRTSP) DRV - [2010/12/15 08:21:45 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtspx64.sys -- (SRTSPX) DRV - [2005/03/25 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd) DRV - [2005/03/25 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WZPC_en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.xpt () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.7.2197: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: RealPlayer Enterprise LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ Hosts file not found O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AsioThk32Reg] C:\WINDOWS\SysWOW64\CTASIO.DLL (Creative Technology Ltd) O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\SysWow64\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\jjacobs\Local Settings\Application Data\Apple Computer\Adobe\ptlivpxva.dll",fltInfoW File not found O4 - HKCU..\Run: [ApplicationHistory] C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk = C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130079827814 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269476613658 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcDcToday.ocx (AcDcToday Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstBanr.ocx (NOXLATE-BANR) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab (ZoneIntro Class) O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstFred.ocx (InstaFred) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcPreview.ocx (AcPreview Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tai.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9EFE698-81D6-419A-89D2-AAE048036FCF}: DhcpNameServer = 192.168.1.100 192.168.1.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012/11/07 10:31:13 | 000,000,000 | ---D | M] - Z:\Autohaus Acquisitions -- [ NTFS ] O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell - "" = AutoRun O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/12 07:41:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/11 14:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos [2012/11/11 14:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Start Menu\Programs\Sophos [2012/11/11 14:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012/11/11 14:48:42 | 079,645,432 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.exe [2012/11/11 11:39:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe [2012/11/11 07:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Sun [2012/11/10 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/11/10 22:57:01 | 002,215,000 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe [2012/11/10 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/10 14:07:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll [2012/11/10 14:07:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2012/11/10 14:07:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl [2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2012/11/10 14:07:21 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2012/11/10 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/11/10 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/11/10 14:02:15 | 031,160,808 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe [2012/11/10 14:02:14 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe [2012/11/10 13:29:38 | 004,998,937 | ---- | C] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe [2012/11/10 09:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\f-secure [2012/11/10 09:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2012/11/10 09:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\QuickScan [2012/11/09 22:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/12 07:50:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/11/12 07:44:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012/11/12 07:43:14 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/11/12 07:42:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/12 07:42:55 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys [2012/11/11 16:57:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/11/11 16:54:36 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.CDF [2012/11/11 16:54:36 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.BAK [2012/11/11 14:50:16 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.lnk [2012/11/11 14:47:55 | 079,645,432 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.exe [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe [2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012/11/10 14:07:12 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2012/11/10 14:07:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll [2012/11/10 14:07:11 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll [2012/11/10 14:07:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2012/11/10 14:07:11 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl [2012/11/10 14:01:56 | 031,160,808 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe [2012/11/10 13:57:55 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe [2012/11/10 13:44:59 | 004,998,937 | ---- | M] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe [2012/11/09 17:36:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/09 17:32:21 | 002,195,988 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip [2012/11/09 14:29:28 | 000,658,298 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2012/11/08 08:54:22 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2012/11/05 11:45:09 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\SysWow64\KGyGaAvL.sys [2012/10/30 13:39:20 | 002,215,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe [3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/11 16:57:13 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2012/11/11 16:57:13 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012/11/11 14:50:16 | 000,002,090 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.lnk [2012/11/10 23:08:53 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012/11/10 09:18:10 | 1071,808,512 | -HS- | C] () -- C:\hiberfil.sys [2012/11/09 17:36:15 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/09 17:32:19 | 002,195,988 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip [2011/08/05 15:00:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini [2008/04/03 07:05:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\fusioncache.dat [2006/10/05 08:01:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JPR.{PB [2006/10/05 08:01:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JCM.{PB [2005/11/29 12:17:53 | 000,006,332 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2005/04/01 21:52:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = %SystemRoot%\system32\shdocvw.dll "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2009/05/14 03:28:58 | 001,508,352 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\system32\wbem\fastprox.dll "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\system32\wbem\wbemess.dll "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  5. Good morning Joker, After running OTL run/fix, this txt file appeared in a "C:\_OTL\MovedFiles" directory. I couldn't find any other text files. The google hijacking problem is continuing with redirects to click.livesearch.com and scour. All processes killed Error: Unable to interpret <:OTLO4 - HKCU..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\jjacobs\Local Settings\Application Data\Apple Computer\Adobe\ptlivpxva.dll",fltInfoW File not foundO4 - HKCU..\Run: [ApplicationHistory] C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll ()[2011/01/04 08:05:40 | 000,000,000 | ---- | M] () -- C:\tgo.2[2011/01/03 08:01:20 | 000,000,000 | ---- | M] () -- C:\tgs.2[2010/03/15 07:06:16 | 000,000,000 | ---- | M] () -- C:\th8.1[2010/03/29 07:10:08 | 000,000,000 | ---- | M] () -- C:\thc.1[2010/07/02 13:11:06 | 000,000,000 | ---- | M] () -- C:\thg.2[2012/03/05 08:03:08 | 000,000,000 | ---- | M] () -- C:\ths.1[2011/05/31 07:03:08 | 000,000,000 | ---- | M] () -- C:\tig.1[2011/05/03 07:08:31 | 000,000,000 | ---- | M] () -- C:\tj0.1[2010/06/03 07:09:00 | 000,000,000 | ---- | M] () -- C:\tp0.1[2010/03/08 08:03:39 | 000,000,000 | ---- | M] () -- C:\tpg.2[2010/09/28 07:10:21 | 000,000,000 | ---- | M] () -- C:\tpo.1[2011/08/29 06:59:39 | 000,000,000 | ---- | > in the current context! Error: Unable to interpret <M] () -- C:\tqk.1[2012/05/02 07:04:14 | 000,000,000 | ---- | M] () -- C:\tqk.2[2011/10/10 07:04:56 | 000,000,000 | ---- | M] () -- C:\tqo.1[2012/02/15 08:03:25 | 000,000,000 | ---- | M] () -- C:\tqo.2[2012/06/19 07:04:17 | 000,000,000 | ---- | M] () -- C:\tqo.3[2012/07/24 07:06:12 | 000,000,000 | ---- | M] () -- C:\tqo.4[2012/09/24 07:06:36 | 000,000,000 | ---- | M] () -- C:\tqo.5[2012/10/08 07:05:24 | 000,000,000 | ---- | M] () -- C:\tqo.6[2011/11/11 08:03:56 | 000,000,000 | ---- | M] () -- C:\tqs.1[2012/08/07 07:08:06 | 000,000,000 | ---- | M] () -- C:\tro.2[2011/04/04 07:06:41 | 000,000,000 | ---- | M] () -- C:\ts0.1:Commands[EmptyTemp]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 11122012_074102 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  6. Good Evening Joker, The problem is still ongoing. Your continued assistance is much appreciated. Quercus.
  7. Sophos Scan and Removal Results 2012-11-11 14:50:29 Sophos Virus Removal Tool version 2.2 2012-11-11 14:50:29 Copyright © 2009-2012 Sophos Limited. All rights reserved. 2012-11-11 14:50:29 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2012-11-11 14:50:29 Windows version 5.2 SP 2.0 Service Pack 2 build 3790 SM=0x100 PT=0x1 WOW64 2012-11-11 14:50:29 Checking for updates... 2012-11-11 14:50:42 Option all = no 2012-11-11 14:50:42 Option recurse = yes 2012-11-11 14:50:42 Option archive = no 2012-11-11 14:50:42 Option service = yes 2012-11-11 14:50:42 Option confirm = yes 2012-11-11 14:50:42 Option sxl = yes 2012-11-11 14:50:42 Option max-data-age = 35 2012-11-11 14:50:42 Component SVRTcli.exe version 2.2 2012-11-11 14:50:42 Component control.dll version 2.2 2012-11-11 14:50:42 Component SVRTservice.exe version 2.2 2012-11-11 14:50:42 Component engine\osdp.dll version 1.44.0.2022 2012-11-11 14:50:42 Component engine\veex.dll version 3.37.2.2022 2012-11-11 14:50:42 Component engine\savi.dll version 7.5.10.2022 2012-11-11 14:50:42 Component rkdisk.dll version 1.5.30.0 2012-11-11 14:50:42 Version info: Product version 2.2 2012-11-11 14:50:42 Version info: Detection engine 3.37.2 2012-11-11 14:50:42 Version info: Detection data 4.83 2012-11-11 14:50:42 Version info: Build date 11/5/2012 2012-11-11 14:50:42 Version info: Data files added 234 2012-11-11 14:50:42 Version info: Last successful update (not yet updated) 2012-11-11 14:50:42 Update progress: proxy server not available 2012-11-11 14:51:48 Downloading updates... 2012-11-11 14:51:48 Update progress: [i96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2012-11-11 14:51:48 Update progress: [i49502] Found supplement SAVIW32 LATEST 4 2012-11-11 14:51:48 Update progress: [i49502] Found supplement IDE484 LATEST 2012-11-11 14:51:48 Update progress: [i49502] Found supplement IDE485 LATEST 2012-11-11 14:51:48 Update progress: [i19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2012-11-11 14:51:48 Update progress: [i19463] Syncing product SAVIW32 21 2012-11-11 14:51:53 Update progress: [i19463] Syncing product IDE484 157 2012-11-11 14:51:53 Installing updates... 2012-11-11 14:51:53 Update progress: [i19463] Syncing product IDE485 79 2012-11-11 14:52:09 Update successful 2012-11-11 14:52:19 Option all = no 2012-11-11 14:52:19 Option recurse = yes 2012-11-11 14:52:19 Option archive = no 2012-11-11 14:52:19 Option service = yes 2012-11-11 14:52:19 Option confirm = yes 2012-11-11 14:52:19 Option sxl = yes 2012-11-11 14:52:19 Option max-data-age = 35 2012-11-11 14:52:19 Component SVRTcli.exe version 2.2 2012-11-11 14:52:19 Component control.dll version 2.2 2012-11-11 14:52:19 Component SVRTservice.exe version 2.2 2012-11-11 14:52:19 Component engine\osdp.dll version 1.44.0.2022 2012-11-11 14:52:19 Component engine\veex.dll version 3.37.2.2022 2012-11-11 14:52:19 Component engine\savi.dll version 7.5.10.2022 2012-11-11 14:52:19 Component rkdisk.dll version 1.5.30.0 2012-11-11 14:52:19 Version info: Product version 2.2 2012-11-11 14:52:19 Version info: Detection engine 3.37.2 2012-11-11 14:52:19 Version info: Detection data 4.83G 2012-11-11 14:52:19 Version info: Build date 11/5/2012 2012-11-11 14:52:19 Version info: Data files added 234 2012-11-11 14:52:19 Version info: Last successful update 11/11/2012 2:52:09 PM 2012-11-11 14:53:06 Scan completed. 2012-11-11 14:53:06 ------------------------------------------------------------ 2012-11-11 15:05:58 Sophos Virus Removal Tool version 2.2 2012-11-11 15:05:58 Copyright © 2009-2012 Sophos Limited. All rights reserved. 2012-11-11 15:05:58 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2012-11-11 15:05:58 Windows version 5.2 SP 2.0 Service Pack 2 build 3790 SM=0x100 PT=0x1 WOW64 2012-11-11 15:05:58 Checking for updates... 2012-11-11 15:06:06 Update progress: proxy server not available 2012-11-11 15:06:30 Option all = no 2012-11-11 15:06:30 Option recurse = yes 2012-11-11 15:06:30 Option archive = no 2012-11-11 15:06:30 Option service = yes 2012-11-11 15:06:30 Option confirm = yes 2012-11-11 15:06:30 Option sxl = yes 2012-11-11 15:06:30 Option max-data-age = 35 2012-11-11 15:06:30 Component SVRTcli.exe version 2.2 2012-11-11 15:06:30 Component control.dll version 2.2 2012-11-11 15:06:30 Component SVRTservice.exe version 2.2 2012-11-11 15:06:30 Component engine\osdp.dll version 1.44.0.2022 2012-11-11 15:06:30 Component engine\veex.dll version 3.37.2.2022 2012-11-11 15:06:30 Component engine\savi.dll version 7.5.10.2022 2012-11-11 15:06:30 Component rkdisk.dll version 1.5.30.0 2012-11-11 15:06:30 Version info: Product version 2.2 2012-11-11 15:06:30 Version info: Detection engine 3.37.2 2012-11-11 15:06:30 Version info: Detection data 4.83G 2012-11-11 15:06:30 Version info: Build date 11/5/2012 2012-11-11 15:06:30 Version info: Data files added 234 2012-11-11 15:06:30 Version info: Last successful update 11/11/2012 2:52:09 PM 2012-11-11 15:06:33 Update not required 2012-11-11 15:19:22 >>> Virus 'Mal/FakeAvJs-A' found in file C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8YL8DQF1\index[2].htm 2012-11-11 15:19:22 >>> Virus 'Mal/FakeAvJs-A' found in file HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes 2012-11-11 15:19:31 >>> Virus 'Mal/FakeAvJs-B' found in file C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\22[1].htm 2012-11-11 15:19:31 >>> Virus 'Mal/FakeAvJs-B' found in file HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes 2012-11-11 15:21:12 >>> Virus 'Mal/Generic-L' found in file C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe 2012-11-11 15:21:12 >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes 2012-11-11 15:31:47 Could not open C:\hiberfil.sys 2012-11-11 15:39:01 >>> Virus 'Mal/Generic-L' found in file C:\Temp\adwcleaner.exe 2012-11-11 15:39:01 >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes 2012-11-11 16:01:17 The following items will be cleaned up: 2012-11-11 16:01:17 Mal/FakeAvJs-A 2012-11-11 16:01:17 Mal/FakeAvJs-B 2012-11-11 16:01:17 Mal/Generic-L 2012-11-11 16:52:16 Threat 'Mal/FakeAvJs-A' has been cleaned up. 2012-11-11 16:52:16 File "C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8YL8DQF1\index[2].htm" belongs to malware 'Mal/FakeAvJs-A'. 2012-11-11 16:52:16 File "C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8YL8DQF1\index[2].htm" has been cleaned up. 2012-11-11 16:52:16 Registry value "HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes" belongs to malware 'Mal/FakeAvJs-A'. 2012-11-11 16:52:16 Registry value "HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes" has been cleaned up. 2012-11-11 16:52:16 Removal successful 2012-11-11 16:52:21 Threat 'Mal/FakeAvJs-B' has been cleaned up. 2012-11-11 16:52:21 File "C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\22[1].htm" belongs to malware 'Mal/FakeAvJs-B'. 2012-11-11 16:52:21 File "C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\22[1].htm" has been cleaned up. 2012-11-11 16:52:21 Removal successful 2012-11-11 16:52:41 Threat 'Mal/Generic-L' has been cleaned up. 2012-11-11 16:52:41 File "C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe" belongs to malware 'Mal/Generic-L'. 2012-11-11 16:52:41 File "C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe" has been cleaned up. 2012-11-11 16:52:41 File "C:\Temp\adwcleaner.exe" belongs to malware 'Mal/Generic-L'. 2012-11-11 16:52:41 File "C:\Temp\adwcleaner.exe" has been cleaned up. 2012-11-11 16:52:41 Removal successful
  8. Joker, A couple of notes: * Your post talks about a HijackThis log. Could that be a remnant from another post? I don't think it's been included previously in our troubleshooting. * Sophos Anti-Rootkit no longer seems to exist as a stand-alone. It seems to be incorporated in to the Sophos Virus Removal Tool 2.2, which is where your link is directed to. The help manual seems quite straight forward. Thanks. Quercus.
  9. Updated Malware Antibytes Scan Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.11.04 Windows XP Service Pack 2 x64 NTFS Internet Explorer 8.0.6001.18702 JJACOBS :: WS2 [administrator] 11/11/2012 11:53:39 AM mbam-log-2012-11-11 (11-53-39).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 493229 Time elapsed: 52 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. Here's the OTL Extras.txt log OTL Extras logfile created on: 11/11/2012 11:40:09 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jjacobs\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1021.99 Mb Total Physical Memory | 701.41 Mb Available Physical Memory | 68.63% Memory free 2.43 Gb Paging File | 1.92 Gb Available in Paging File | 79.02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.78 Gb Total Space | 194.33 Gb Free Space | 83.48% Space Free | Partition Type: NTFS Drive D: | 232.82 Gb Total Space | 232.45 Gb Free Space | 99.84% Space Free | Partition Type: NTFS Drive X: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Drive Y: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Drive Z: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Computer Name: WS2 | User Name: JJACOBS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1 .ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1 .js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .scr[@ = AutoCADScriptFile] -- C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation) .txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1 .vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .scr [@ = AutoCADScriptFile] -- C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings] "Enabled" = 1 "RemoteAddresses" = 192.168.1.0/24 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop] "Enabled" = 1 "RemoteAddresses" = 192.168.1.0/24 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings] "Enabled" = 1 "RemoteAddresses" = 192.168.1.0/24 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop] "Enabled" = 1 "RemoteAddresses" = 192.168.1.0/24 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "C:\Program Files (x86)\GAEA\WinLoG4\WinLoG4.EXE" = C:\Program Files (x86)\GAEA\WinLoG4\WinLoG4.EXE:*:Enabled:winlog4.exe -- (GAEA Technologies) "C:\Program Files (x86)\Symantec AntiVirus\Smc.exe" = C:\Program Files (x86)\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation) "C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE" = C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE:*:Enabled:SNAC64 Service -- (Symantec Corporation) "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation) "C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe" = C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "C:\Program Files (x86)\GAEA\WinLoG4\WinLoG4.EXE" = C:\Program Files (x86)\GAEA\WinLoG4\WinLoG4.EXE:*:Enabled:winlog4.exe -- (GAEA Technologies) "C:\Program Files (x86)\Symantec AntiVirus\Smc.exe" = C:\Program Files (x86)\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation) "C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE" = C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE:*:Enabled:SNAC64 Service -- (Symantec Corporation) "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation) "C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe" = C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe" = C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe" = C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections "{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}" = Symantec Endpoint Protection "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{B8F7D1D1-EFC7-4B17-B120-BA44195F6657}" = Intel ® Pro Alerting Agent "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "ie8" = Windows Internet Explorer 8 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64 "NVIDIA Drivers" = NVIDIA Drivers "PROSetDX" = Intel® PRO Network Connections Software v9.2.4.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows x64 Service Pack" = Windows XP Service Pack 2 "WMFDist11-64" = Windows Media Format 11 runtime "wmp11-64" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{110CF7B8-1127-4FE5-82D3-268B4BC9A57D}" = Sound Blaster Audigy 2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18A64EE3-F1FE-46F3-AAE1-8CDB35B6038B}" = Surfer 8 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5783F2D7-0134-0409-0000-0060B0CE6BBA}" = Autodesk Architectural Desktop 3.3 "{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{94251E15-F03A-42CF-B762-6A75B1A0790B}" = RAID Storage Manager "{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder "{A0FEF031-E464-4B30-0AB3-00000DB3717B}" = Symantec Ghost Console Client "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC698CF1-F9C3-4C30-85CA-7CED2A27648A}" = WinLoG4 "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 "{B3DED121-395C-4338-A455-A2CFF8BDE071}" = Kaspersky Security Scan "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe PageMaker 7.0" = Adobe PageMaker 7.0 "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Adobe SVG Viewer" = Adobe SVG Viewer "AnswerWorks" = AnswerWorks Runtime "Audigy2 Audio UG" = Audio User's Guide "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "InstallShield_{94251E15-F03A-42CF-B762-6A75B1A0790B}" = RAID Storage Manager "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "QuickTime" = QuickTime "RealPlayer Enterprise 6.0" = RealPlayer Enterprise "StreetFinder" = Rand McNally StreetFinder Deluxe "Super TextTwist" = Super TextTwist "Surfer 7" = Surfer 7 "TripMaker" = Rand McNally TripMaker Deluxe ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/9/2012 11:20:02 PM | Computer Name = WS2 | Source = VSS | ID = 8211 Description = Error - 11/10/2012 11:09:10 AM | Computer Name = WS2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dlbwy.dll, version 0.0.0.0, fault address 0x00001230. Error - 11/10/2012 11:24:28 AM | Computer Name = WS2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dlbwy.dll, version 0.0.0.0, fault address 0x00001230. Error - 11/10/2012 11:44:07 AM | Computer Name = WS2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dlbwy.dll, version 0.0.0.0, fault address 0x00001230. Error - 11/10/2012 2:26:41 PM | Computer Name = WS2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dlbwy.dll, version 0.0.0.0, fault address 0x00001230. Error - 11/10/2012 2:59:08 PM | Computer Name = WS2 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/10/2012 3:00:05 PM | Computer Name = WS2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dlbwy.dll, version 0.0.0.0, fault address 0x00001230. Error - 11/10/2012 3:08:30 PM | Computer Name = WS2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dlbwy.dll, version 0.0.0.0, fault address 0x00001230. Error - 11/11/2012 8:44:05 AM | Computer Name = WS2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dlbwy.dll, version 0.0.0.0, fault address 0x00001230. Error - 11/11/2012 8:46:10 AM | Computer Name = WS2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dlbwy.dll, version 0.0.0.0, fault address 0x00001230. [ System Events ] Error - 11/10/2012 2:35:36 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe. Reference error message: The referenced assembly is not installed on your system. . Error - 11/10/2012 2:35:46 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842784 Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system. Error - 11/10/2012 2:35:46 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The referenced assembly is not installed on your system. . Error - 11/10/2012 2:35:46 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe. Reference error message: The referenced assembly is not installed on your system. . Error - 11/10/2012 2:50:00 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842784 Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system. Error - 11/10/2012 2:50:00 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The referenced assembly is not installed on your system. . Error - 11/10/2012 2:50:00 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe. Reference error message: The referenced assembly is not installed on your system. . Error - 11/11/2012 8:40:18 AM | Computer Name = WS2 | Source = SideBySide | ID = 16842784 Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system. Error - 11/11/2012 8:40:18 AM | Computer Name = WS2 | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The referenced assembly is not installed on your system. . Error - 11/11/2012 8:40:18 AM | Computer Name = WS2 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe. Reference error message: The referenced assembly is not installed on your system. . < End of report >
  11. Here's the OTL.TXT Log TL logfile created on: 11/11/2012 11:40:09 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jjacobs\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1021.99 Mb Total Physical Memory | 701.41 Mb Available Physical Memory | 68.63% Memory free 2.43 Gb Paging File | 1.92 Gb Available in Paging File | 79.02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.78 Gb Total Space | 194.33 Gb Free Space | 83.48% Space Free | Partition Type: NTFS Drive D: | 232.82 Gb Total Space | 232.45 Gb Free Space | 99.84% Space Free | Partition Type: NTFS Drive X: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Drive Y: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Drive Z: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS Computer Name: WS2 | User Name: JJACOBS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe PRC - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe PRC - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2010/12/15 08:21:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe PRC - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe PRC - [2010/12/15 08:20:29 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\ProtectionUtilSurrogate.exe PRC - [2010/09/03 11:16:52 | 002,402,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe PRC - [2010/04/05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE PRC - [2009/12/24 21:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe PRC - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe PRC - [2007/02/18 10:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2005/11/20 16:40:41 | 000,151,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe PRC - [2005/06/03 01:30:58 | 000,015,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTHELPER.EXE PRC - [2003/09/17 17:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe PRC - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE ========== Modules (No Company Name) ========== MOD - [2012/11/09 09:24:02 | 000,274,432 | ---- | M] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll MOD - [2010/09/03 11:16:52 | 002,402,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe MOD - [2010/09/03 11:16:40 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS_WMI.dll MOD - [2005/07/06 22:36:20 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\storutil.dll MOD - [2003/11/19 23:44:18 | 000,057,455 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\net.dll MOD - [2003/11/19 23:36:42 | 000,053,364 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\zip.dll MOD - [2003/11/19 23:35:48 | 000,102,515 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\java.dll MOD - [2003/11/19 23:31:48 | 000,057,453 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\verify.dll MOD - [2003/11/19 23:31:30 | 001,212,546 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\client\jvm.dll MOD - [2003/11/19 23:31:18 | 000,028,791 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\hpi.dll ========== Services (SafeList) ========== SRV:64bit: - [2005/01/07 10:48:30 | 000,157,696 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent) SRV - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2010/12/15 08:20:51 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Smc.exe -- (SmcService) SRV - [2010/12/15 08:20:36 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE -- (SNAC) SRV - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe -- (NGCLIENT) SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) [Auto | Running] -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent) SRV - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Driver Services (SafeList) ========== DRV - [2012/11/02 07:12:58 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\ex64.sys -- (NAVEX15) DRV - [2012/11/02 07:12:50 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\eng64.sys -- (NAVENG) DRV - [2012/08/15 13:51:30 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 07:18:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/12/15 08:21:45 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\srtspl64.sys -- (SRTSPL) DRV - [2010/12/15 08:21:45 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtsp64.sys -- (SRTSP) DRV - [2010/12/15 08:21:45 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtspx64.sys -- (SRTSPX) DRV - [2005/03/25 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd) DRV - [2005/03/25 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WZPC_en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.xpt () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.7.2197: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: RealPlayer Enterprise LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ Hosts file not found O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AsioThk32Reg] C:\WINDOWS\SysWOW64\CTASIO.DLL (Creative Technology Ltd) O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\SysWow64\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\jjacobs\Local Settings\Application Data\Apple Computer\Adobe\ptlivpxva.dll",fltInfoW File not found O4 - HKCU..\Run: [ApplicationHistory] C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk = C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130079827814 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269476613658 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcDcToday.ocx (AcDcToday Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstBanr.ocx (NOXLATE-BANR) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab (ZoneIntro Class) O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstFred.ocx (InstaFred) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcPreview.ocx (AcPreview Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tai.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9EFE698-81D6-419A-89D2-AAE048036FCF}: DhcpNameServer = 192.168.1.100 192.168.1.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012/11/07 10:31:13 | 000,000,000 | ---D | M] - Z:\Autohaus Acquisitions -- [ NTFS ] O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell - "" = AutoRun O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) Drivers32:64bit: midi - File not found Drivers32:64bit: midi1 - File not found Drivers32:64bit: midimapper - File not found Drivers32:64bit: mixer - File not found Drivers32:64bit: mixer1 - File not found Drivers32:64bit: msacm.imaadpcm - File not found Drivers32:64bit: msacm.msadpcm - File not found Drivers32:64bit: msacm.msg711 - File not found Drivers32:64bit: msacm.msgsm610 - File not found Drivers32:64bit: msacm.trspch - File not found Drivers32:64bit: vidc.i420 - File not found Drivers32:64bit: vidc.iv31 - File not found Drivers32:64bit: vidc.iv32 - File not found Drivers32:64bit: vidc.iv41 - File not found Drivers32:64bit: vidc.iv50 - File not found Drivers32:64bit: vidc.iyuv - File not found Drivers32:64bit: vidc.mrle - File not found Drivers32:64bit: vidc.msvc - File not found Drivers32:64bit: vidc.uyvy - File not found Drivers32:64bit: vidc.yuy2 - File not found Drivers32:64bit: vidc.yvu9 - File not found Drivers32:64bit: vidc.yvyu - File not found Drivers32:64bit: wave - File not found Drivers32:64bit: wave1 - File not found Drivers32:64bit: wavemapper - File not found Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012/11/11 11:39:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe [2012/11/11 07:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Sun [2012/11/10 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/11/10 22:57:01 | 002,215,000 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe [2012/11/10 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/10 14:07:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll [2012/11/10 14:07:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2012/11/10 14:07:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl [2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2012/11/10 14:07:21 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2012/11/10 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/11/10 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/11/10 14:02:15 | 031,160,808 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe [2012/11/10 14:02:14 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe [2012/11/10 13:29:38 | 004,998,937 | ---- | C] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe [2012/11/10 09:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\f-secure [2012/11/10 09:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2012/11/10 09:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\QuickScan [2012/11/09 22:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe [2012/11/11 10:11:01 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.CDF [2012/11/11 10:11:01 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.BAK [2012/11/11 09:50:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/11/11 07:41:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012/11/11 07:40:18 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/11/11 07:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/11 07:39:58 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys [2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012/11/10 14:07:45 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/11/10 14:07:12 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2012/11/10 14:07:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll [2012/11/10 14:07:11 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll [2012/11/10 14:07:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2012/11/10 14:07:11 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl [2012/11/10 14:01:56 | 031,160,808 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe [2012/11/10 13:57:55 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe [2012/11/10 13:44:59 | 004,998,937 | ---- | M] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe [2012/11/10 11:28:13 | 000,541,569 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe [2012/11/09 17:36:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/09 17:32:21 | 002,195,988 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip [2012/11/09 14:29:28 | 000,658,298 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2012/11/08 08:54:22 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2012/11/05 11:45:09 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\SysWow64\KGyGaAvL.sys [2012/10/30 13:39:20 | 002,215,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe [3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/10 23:08:53 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012/11/10 11:28:29 | 000,541,569 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe [2012/11/10 09:18:10 | 1071,808,512 | -HS- | C] () -- C:\hiberfil.sys [2012/11/09 17:36:15 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/09 17:32:19 | 002,195,988 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip [2011/08/05 15:00:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini [2008/04/03 07:05:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\fusioncache.dat [2006/10/05 08:01:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JPR.{PB [2006/10/05 08:01:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JCM.{PB [2005/11/29 12:17:53 | 000,006,332 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2005/04/01 21:52:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = %SystemRoot%\system32\shdocvw.dll "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2009/05/14 03:28:58 | 001,508,352 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\system32\wbem\fastprox.dll "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\system32\wbem\wbemess.dll "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/11/10 11:29:05 | 000,002,060 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012/11/10 13:33:02 | 000,001,986 | ---- | M] () -- C:\AdwCleaner[s1].txt [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2005/10/22 09:39:20 | 000,000,213 | RHS- | M] () -- C:\boot.ini [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2005/10/01 04:13:12 | 000,004,733 | RH-- | M] () -- C:\dell.sdr [2012/11/11 07:39:58 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys [2010/01/19 14:40:58 | 000,000,201 | ---- | M] () -- C:\inferno.log [2005/04/01 21:46:44 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2005/04/01 21:46:44 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2005/03/25 12:00:00 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM [2007/11/16 08:11:55 | 000,297,072 | RHS- | M] () -- C:\ntldr [2012/03/06 18:57:00 | 000,000,512 | ---- | M] () -- C:\osmbr.bak [2012/11/11 07:39:53 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2001/08/29 15:00:44 | 000,019,200 | ---- | M] (Microsoft Corporation) -- C:\Posusb.sys [2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat [2001/08/29 15:00:44 | 000,002,858 | ---- | M] () -- C:\TalonGPS.inf [2012/11/09 17:32:41 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_17.32.35_log.txt [2012/11/09 19:27:18 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_19.26.37_log.txt [2012/11/09 22:23:26 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_22.23.22_log.txt [2012/11/10 22:57:07 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_10.11.2012_22.57.03_log.txt [2012/11/09 17:34:04 | 000,090,100 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_17.33.22_log.txt [2012/11/09 19:29:00 | 000,090,078 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_19.27.54_log.txt [2012/11/09 22:24:41 | 000,090,100 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_22.23.39_log.txt [2012/11/10 23:01:43 | 000,027,776 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_10.11.2012_22.57.32_log.txt [2011/01/04 08:05:40 | 000,000,000 | ---- | M] () -- C:\tgo.2 [2011/01/03 08:01:20 | 000,000,000 | ---- | M] () -- C:\tgs.2 [2010/03/15 07:06:16 | 000,000,000 | ---- | M] () -- C:\th8.1 [2010/03/29 07:10:08 | 000,000,000 | ---- | M] () -- C:\thc.1 [2010/07/02 13:11:06 | 000,000,000 | ---- | M] () -- C:\thg.2 [2012/03/05 08:03:08 | 000,000,000 | ---- | M] () -- C:\ths.1 [2011/05/31 07:03:08 | 000,000,000 | ---- | M] () -- C:\tig.1 [2011/05/03 07:08:31 | 000,000,000 | ---- | M] () -- C:\tj0.1 [2010/06/03 07:09:00 | 000,000,000 | ---- | M] () -- C:\tp0.1 [2010/03/08 08:03:39 | 000,000,000 | ---- | M] () -- C:\tpg.2 [2010/09/28 07:10:21 | 000,000,000 | ---- | M] () -- C:\tpo.1 [2011/08/29 06:59:39 | 000,000,000 | ---- | M] () -- C:\tqk.1 [2012/05/02 07:04:14 | 000,000,000 | ---- | M] () -- C:\tqk.2 [2011/10/10 07:04:56 | 000,000,000 | ---- | M] () -- C:\tqo.1 [2012/02/15 08:03:25 | 000,000,000 | ---- | M] () -- C:\tqo.2 [2012/06/19 07:04:17 | 000,000,000 | ---- | M] () -- C:\tqo.3 [2012/07/24 07:06:12 | 000,000,000 | ---- | M] () -- C:\tqo.4 [2012/09/24 07:06:36 | 000,000,000 | ---- | M] () -- C:\tqo.5 [2012/10/08 07:05:24 | 000,000,000 | ---- | M] () -- C:\tqo.6 [2011/11/11 08:03:56 | 000,000,000 | ---- | M] () -- C:\tqs.1 [2012/08/07 07:08:06 | 000,000,000 | ---- | M] () -- C:\tro.2 [2011/04/04 07:06:41 | 000,000,000 | ---- | M] () -- C:\ts0.1 [2012/03/06 18:57:26 | 222,083,584 | ---- | M] () -- C:\virtpart.dat [2012/03/06 18:57:00 | 000,000,291 | ---- | M] () -- C:\virtpart.vmdk < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > "NoAutoUpdate" = 0 "AUOptions" = 3 "ScheduledInstallDay" = 0 "ScheduledInstallTime" = 3 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report >
  12. Joker, Sadly, the problem is still going on unabated. The google search works well and it may let you search once without a problem. By the 2nd search or using the back button, the browser is redirected to click.livesearchnow.com or 8.26.70.252 or 63.209.65.107 - Scour beta. The Browser is slow and a bit buggy (a couple of messages for "Internet Explorer has encountered a problem and needs to close"). IE usually recovers without closing.
  13. Good Morning, Here is the ESET Scan Log (C:\programfiles(x86)\ESET\ESET Online Scanner\log.txt). Rebooting and trying out Google. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=40997b3e7e335744a6bab723aeae5f6a # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-11 05:26:29 # local_time=2012-11-11 12:26:29 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.2.3790 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=133472 # found=10 # cleaned=10 # scan_time=4710 C:\Documents and Settings\administrator.TAI.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadfgedadbdbdggcdhgcdjdedegbgddh\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8OG65P0U\burtsed[1].js probably a variant of JS/TrojanDownloader.FraudLoad.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8YL8DQF1\text_constants_en[1].js probably a variant of Win32/Agent.EIBWZYQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\balloon[1].xsl Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\lclsrch[1].xml Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\LDEU48A6\rampir_info[1].htm JS/Fraud.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\jjacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadfgedadbdbdggcdhgcdjdedegbgddh\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\jjacobs\Local Settings\Temporary Internet Files\Content.IE5\L6EY087O\SoftonicDownloader_for_kaspersky-tdsskiller[1].exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\RECYCLER\S-1-5-21-1567575379-270853854-1349272934-1113\Dc186.dll a variant of Win32/Kryptik.ANRR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Temp\SoftonicDownloader_for_kaspersky-tdsskiller.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  14. Good evening, TDSS Killer Log is included below. There was nothing found and no request to reboot. ESET Log to follow shortly along with a test of Google searches. 22:57:32.0556 2700 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 22:57:33.0070 2700 ============================================================ 22:57:33.0070 2700 Current date / time: 2012/11/10 22:57:33.0070 22:57:33.0070 2700 SystemInfo: 22:57:33.0070 2700 22:57:33.0070 2700 OS Version: 5.2.3790 ServicePack: 2.0 22:57:33.0070 2700 Product type: Workstation 22:57:33.0070 2700 ComputerName: WS2 22:57:33.0070 2700 UserName: JJACOBS 22:57:33.0070 2700 Windows directory: C:\WINDOWS 22:57:33.0070 2700 System windows directory: C:\WINDOWS 22:57:33.0070 2700 Running under WOW64 22:57:33.0070 2700 Processor architecture: Intel x64 22:57:33.0070 2700 Number of processors: 1 22:57:33.0070 2700 Page size: 0x1000 22:57:33.0070 2700 Boot type: Normal boot 22:57:33.0070 2700 ============================================================ 22:57:34.0629 2700 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044 22:57:34.0645 2700 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044 22:57:34.0660 2700 ============================================================ 22:57:34.0660 2700 \Device\Harddisk0\DR0: 22:57:34.0660 2700 MBR partitions: 22:57:34.0660 2700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D1915B4 22:57:34.0660 2700 \Device\Harddisk1\DR1: 22:57:34.0660 2700 MBR partitions: 22:57:34.0660 2700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A 22:57:34.0660 2700 ============================================================ 22:57:34.0723 2700 C: <-> \Device\Harddisk0\DR0\Partition1 22:57:34.0738 2700 D: <-> \Device\Harddisk1\DR1\Partition1 22:57:34.0738 2700 ============================================================ 22:57:34.0738 2700 Initialize success 22:57:34.0738 2700 ============================================================ 22:57:51.0326 3312 ============================================================ 22:57:51.0326 3312 Scan started 22:57:51.0326 3312 Mode: Manual; 22:57:51.0326 3312 ============================================================ 22:57:52.0230 3312 ================ Scan system memory ======================== 22:57:52.0230 3312 System memory - ok 22:57:52.0230 3312 ================ Scan services ============================= 22:57:52.0245 3312 Abiosdsk - ok 22:57:52.0245 3312 ACPI - ok 22:57:52.0245 3312 ACPIEC - ok 22:57:52.0261 3312 adpu160m - ok 22:57:52.0261 3312 adpu320 - ok 22:57:52.0261 3312 aec - ok 22:57:52.0277 3312 AeLookupSvc - ok 22:57:52.0277 3312 AFAmgt - ok 22:57:52.0277 3312 AFD - ok 22:57:52.0292 3312 agp440 - ok 22:57:52.0292 3312 aic78u2 - ok 22:57:52.0292 3312 aic78xx - ok 22:57:52.0308 3312 Alerter - ok 22:57:52.0308 3312 ALG - ok 22:57:52.0308 3312 AliIde - ok 22:57:52.0323 3312 AmdIde - ok 22:57:52.0323 3312 AppMgmt - ok 22:57:52.0323 3312 arc - ok 22:57:52.0339 3312 Arp1394 - ok 22:57:52.0339 3312 ASFAgent - ok 22:57:52.0339 3312 AsfAlrt - ok 22:57:52.0370 3312 aspnet_state - ok 22:57:52.0370 3312 AsyncMac - ok 22:57:52.0370 3312 atapi - ok 22:57:52.0370 3312 Atdisk - ok 22:57:52.0386 3312 ati2mtag - ok 22:57:52.0386 3312 Atmarpc - ok 22:57:52.0386 3312 AudioSrv - ok 22:57:52.0401 3312 audstub - ok 22:57:52.0401 3312 Beep - ok 22:57:52.0417 3312 BITS - ok 22:57:52.0417 3312 Browser - ok 22:57:52.0417 3312 CAMHWBS2 - ok 22:57:52.0433 3312 ccEvtMgr - ok 22:57:52.0433 3312 ccSetMgr - ok 22:57:52.0433 3312 CdaC15BA - ok 22:57:52.0448 3312 CdaD10BA - ok 22:57:52.0448 3312 Cdfs - ok 22:57:52.0448 3312 Cdrom - ok 22:57:52.0464 3312 Changer - ok 22:57:52.0464 3312 CiSvc - ok 22:57:52.0464 3312 ClipSrv - ok 22:57:52.0479 3312 clr_optimization_v2.0.50727_32 - ok 22:57:52.0479 3312 clr_optimization_v2.0.50727_64 - ok 22:57:52.0479 3312 clr_optimization_v4.0.30319_32 - ok 22:57:52.0495 3312 clr_optimization_v4.0.30319_64 - ok 22:57:52.0495 3312 CmdIde - ok 22:57:52.0495 3312 commonfx.dll - ok 22:57:52.0510 3312 COMSysApp - ok 22:57:52.0510 3312 crcdisk - ok 22:57:52.0526 3312 Creative Service for CDROM Access - ok 22:57:52.0526 3312 CryptSvc - ok 22:57:52.0526 3312 ctac32k - ok 22:57:52.0542 3312 ctaud2k - ok 22:57:52.0542 3312 ctaudfx.dll - ok 22:57:52.0542 3312 ctprxy2k - ok 22:57:52.0557 3312 ctsblfx.dll - ok 22:57:52.0557 3312 ctsfm2k - ok 22:57:52.0557 3312 DcomLaunch - ok 22:57:52.0573 3312 Dhcp - ok 22:57:52.0573 3312 Disk - ok 22:57:52.0588 3312 dmadmin - ok 22:57:52.0588 3312 dmboot - ok 22:57:52.0588 3312 dmio - ok 22:57:52.0604 3312 dmload - ok 22:57:52.0604 3312 dmserver - ok 22:57:52.0604 3312 Dnscache - ok 22:57:52.0620 3312 dpti2o - ok 22:57:52.0620 3312 E1000 - ok 22:57:52.0620 3312 eeCtrl - ok 22:57:52.0635 3312 emupia - ok 22:57:52.0635 3312 EraserUtilRebootDrv - ok 22:57:52.0635 3312 ERSvc - ok 22:57:52.0651 3312 Eventlog - ok 22:57:52.0651 3312 EventSystem - ok 22:57:52.0651 3312 Fastfat - ok 22:57:52.0666 3312 Fax - ok 22:57:52.0666 3312 Fdc - ok 22:57:52.0666 3312 Fips - ok 22:57:52.0682 3312 Flpydisk - ok 22:57:52.0682 3312 FltMgr - ok 22:57:52.0682 3312 FontCache3.0.0.0 - ok 22:57:52.0698 3312 Fs_Rec - ok 22:57:52.0698 3312 Ftdisk - ok 22:57:52.0698 3312 Gpc - ok 22:57:52.0713 3312 gupdate - ok 22:57:52.0713 3312 gupdatem - ok 22:57:52.0713 3312 gusvc - ok 22:57:52.0729 3312 ha10kx2k - ok 22:57:52.0729 3312 hap16v2k - ok 22:57:52.0729 3312 helpsvc - ok 22:57:52.0744 3312 HidServ - ok 22:57:52.0744 3312 HidUsb - ok 22:57:52.0744 3312 HSF_DP - ok 22:57:52.0760 3312 HTTP - ok 22:57:52.0760 3312 HTTPFilter - ok 22:57:52.0760 3312 i2omgmt - ok 22:57:52.0776 3312 i8042prt - ok 22:57:52.0776 3312 IASJet - ok 22:57:52.0776 3312 idsvc - ok 22:57:52.0791 3312 iirsp - ok 22:57:52.0791 3312 imapi - ok 22:57:52.0791 3312 ImapiService - ok 22:57:52.0807 3312 IntelIde - ok 22:57:52.0807 3312 intelppm - ok 22:57:52.0822 3312 IoloFilter - ok 22:57:52.0822 3312 IOLO_SRV - ok 22:57:52.0822 3312 Ip6Fw - ok 22:57:52.0838 3312 IpFilterDriver - ok 22:57:52.0838 3312 IpInIp - ok 22:57:52.0838 3312 IpNat - ok 22:57:52.0853 3312 IPSec - ok 22:57:52.0853 3312 IRENUM - ok 22:57:52.0869 3312 isapnp - ok 22:57:52.0869 3312 JavaQuickStarterService - ok 22:57:52.0869 3312 Kbdclass - ok 22:57:52.0885 3312 kbdhid - ok 22:57:52.0885 3312 kmixer - ok 22:57:52.0885 3312 KSecDD - ok 22:57:52.0900 3312 ksthunk - ok 22:57:52.0900 3312 lanmanserver - ok 22:57:52.0900 3312 lanmanworkstation - ok 22:57:52.0916 3312 LiveUpdate - ok 22:57:52.0916 3312 LmHosts - ok 22:57:52.0931 3312 MDM - ok 22:57:52.0931 3312 Messenger - ok 22:57:52.0931 3312 mnmdd - ok 22:57:52.0947 3312 mnmsrvc - ok 22:57:52.0947 3312 Modem - ok 22:57:52.0963 3312 Mouclass - ok 22:57:52.0963 3312 mouhid - ok 22:57:52.0963 3312 MountMgr - ok 22:57:52.0978 3312 mraid35x - ok 22:57:52.0978 3312 MRxDAV - ok 22:57:52.0978 3312 MRxSmb - ok 22:57:52.0994 3312 MSDTC - ok 22:57:52.0994 3312 Msfs - ok 22:57:53.0009 3312 MSIServer - ok 22:57:53.0009 3312 MSKSSRV - ok 22:57:53.0009 3312 MSPCLOCK - ok 22:57:53.0025 3312 MSPQM - ok 22:57:53.0025 3312 mssmbios - ok 22:57:53.0025 3312 MSSQL$MICROSOFTBCM - ok 22:57:53.0041 3312 MSSQLServerADHelper - ok 22:57:53.0041 3312 Mup - ok 22:57:53.0041 3312 NAL - ok 22:57:53.0056 3312 NAVENG - ok 22:57:53.0056 3312 NAVEX15 - ok 22:57:53.0072 3312 NDIS - ok 22:57:53.0072 3312 NdisTapi - ok 22:57:53.0072 3312 Ndisuio - ok 22:57:53.0072 3312 NdisWan - ok 22:57:53.0087 3312 NDProxy - ok 22:57:53.0087 3312 NetBIOS - ok 22:57:53.0103 3312 NetBT - ok 22:57:53.0103 3312 NetDDE - ok 22:57:53.0103 3312 NetDDEdsdm - ok 22:57:53.0118 3312 Netlogon - ok 22:57:53.0118 3312 Netman - ok 22:57:53.0118 3312 NetTcpPortSharing - ok 22:57:53.0134 3312 NGCLIENT - ok 22:57:53.0134 3312 NIC1394 - ok 22:57:53.0134 3312 Nla - ok 22:57:53.0150 3312 Npfs - ok 22:57:53.0150 3312 Ntfs - ok 22:57:53.0150 3312 NtLmSsp - ok 22:57:53.0165 3312 NtmsSvc - ok 22:57:53.0165 3312 Null - ok 22:57:53.0181 3312 nv - ok 22:57:53.0181 3312 nv_agp - ok 22:57:53.0181 3312 ohci1394 - ok 22:57:53.0196 3312 ose - ok 22:57:53.0196 3312 ossrv - ok 22:57:53.0212 3312 Parport - ok 22:57:53.0228 3312 PartMgr - ok 22:57:53.0228 3312 PCI - ok 22:57:53.0243 3312 PCIIde - ok 22:57:53.0243 3312 Pcmcia - ok 22:57:53.0243 3312 PDCOMP - ok 22:57:53.0259 3312 PDFRAME - ok 22:57:53.0259 3312 PDRELI - ok 22:57:53.0259 3312 PDRFRAME - ok 22:57:53.0274 3312 PlugPlay - ok 22:57:53.0290 3312 PolicyAgent - ok 22:57:53.0290 3312 PptpMiniport - ok 22:57:53.0290 3312 ProtectedStorage - ok 22:57:53.0306 3312 PSched - ok 22:57:53.0306 3312 Ptilink - ok 22:57:53.0306 3312 RAIDStorAgent - ok 22:57:53.0321 3312 RasAcd - ok 22:57:53.0321 3312 RasAuto - ok 22:57:53.0321 3312 Rasl2tp - ok 22:57:53.0337 3312 RasMan - ok 22:57:53.0337 3312 RasPppoe - ok 22:57:53.0352 3312 Raspti - ok 22:57:53.0352 3312 Rdbss - ok 22:57:53.0352 3312 RDPCDD - ok 22:57:53.0368 3312 rdpdr - ok 22:57:53.0368 3312 RDPWD - ok 22:57:53.0384 3312 RDSessMgr - ok 22:57:53.0384 3312 redbook - ok 22:57:53.0384 3312 RemoteAccess - ok 22:57:53.0399 3312 RemoteRegistry - ok 22:57:53.0399 3312 RpcLocator - ok 22:57:53.0399 3312 RpcSs - ok 22:57:53.0415 3312 SamSs - ok 22:57:53.0415 3312 SCardSvr - ok 22:57:53.0430 3312 Schedule - ok 22:57:53.0430 3312 Secdrv - ok 22:57:53.0446 3312 seclogon - ok 22:57:53.0446 3312 SENS - ok 22:57:53.0446 3312 Serenum - ok 22:57:53.0461 3312 Serial - ok 22:57:53.0477 3312 Sfloppy - ok 22:57:53.0493 3312 SharedAccess - ok 22:57:53.0493 3312 ShellHWDetection - ok 22:57:53.0493 3312 Simbad - ok 22:57:53.0508 3312 SmcService - ok 22:57:53.0508 3312 smwdm - ok 22:57:53.0524 3312 SNAC - ok 22:57:53.0524 3312 splitter - ok 22:57:53.0539 3312 Spooler - ok 22:57:53.0539 3312 SQLAgent$MICROSOFTBCM - ok 22:57:53.0539 3312 sr - ok 22:57:53.0555 3312 srservice - ok 22:57:53.0555 3312 SRTSP - ok 22:57:53.0571 3312 SRTSPL - ok 22:57:53.0571 3312 SRTSPX - ok 22:57:53.0571 3312 Srv - ok 22:57:53.0586 3312 SSDPSRV - ok 22:57:53.0586 3312 stisvc - ok 22:57:53.0586 3312 swenum - ok 22:57:53.0602 3312 swmidi - ok 22:57:53.0602 3312 swprv - ok 22:57:53.0602 3312 Symantec AntiVirus - ok 22:57:53.0617 3312 symc8xx - ok 22:57:53.0617 3312 SymEvent - ok 22:57:53.0617 3312 symmpi - ok 22:57:53.0633 3312 sym_hi - ok 22:57:53.0633 3312 sym_u3 - ok 22:57:53.0649 3312 sysaudio - ok 22:57:53.0649 3312 SysmonLog - ok 22:57:53.0649 3312 TapiSrv - ok 22:57:53.0664 3312 Tcpip - ok 22:57:53.0664 3312 TDPIPE - ok 22:57:53.0664 3312 TDTCP - ok 22:57:53.0680 3312 Teefer2 - ok 22:57:53.0680 3312 TermDD - ok 22:57:53.0695 3312 TermService - ok 22:57:53.0695 3312 Themes - ok 22:57:53.0695 3312 TlntSvr - ok 22:57:53.0711 3312 TosIde - ok 22:57:53.0711 3312 TrkWks - ok 22:57:53.0726 3312 Udfs - ok 22:57:53.0726 3312 uliagpkx - ok 22:57:53.0726 3312 ultra - ok 22:57:53.0742 3312 Update - ok 22:57:53.0742 3312 upnphost - ok 22:57:53.0742 3312 UPS - ok 22:57:53.0758 3312 usbehci - ok 22:57:53.0758 3312 usbhub - ok 22:57:53.0773 3312 usbscan - ok 22:57:53.0773 3312 USBSTOR - ok 22:57:53.0773 3312 usbuhci - ok 22:57:53.0789 3312 vds - ok 22:57:53.0789 3312 vga - ok 22:57:53.0789 3312 VgaSave - ok 22:57:53.0804 3312 ViaIde - ok 22:57:53.0804 3312 VolSnap - ok 22:57:53.0804 3312 VSS - ok 22:57:53.0820 3312 W32Time - ok 22:57:53.0820 3312 Wanarp - ok 22:57:53.0836 3312 WDICA - ok 22:57:53.0851 3312 wdmaud - ok 22:57:53.0851 3312 WebClient - ok 22:57:53.0867 3312 winachsf - ok 22:57:53.0867 3312 WinHttpAutoProxySvc - ok 22:57:53.0882 3312 winmgmt - ok 22:57:53.0898 3312 WmdmPmSN - ok 22:57:53.0898 3312 Wmi - ok 22:57:53.0914 3312 WmiApSrv - ok 22:57:53.0914 3312 WMPNetworkSvc - ok 22:57:53.0914 3312 WpdUsb - ok 22:57:53.0929 3312 WPFFontCache_v0400 - ok 22:57:53.0929 3312 WPS - ok 22:57:53.0929 3312 WpsHelper - ok 22:57:53.0945 3312 wscsvc - ok 22:57:53.0945 3312 wuauserv - ok 22:57:53.0960 3312 WudfPf - ok 22:57:53.0960 3312 WudfRd - ok 22:57:53.0976 3312 WudfSvc - ok 22:57:53.0976 3312 WZCSVC - ok 22:57:53.0976 3312 xmlprov - ok 22:57:53.0992 3312 ================ Scan global =============================== 22:57:53.0992 3312 [Global] - ok 22:57:54.0007 3312 ================ Scan MBR ================================== 22:57:54.0038 3312 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 22:57:54.0225 3312 \Device\Harddisk0\DR0 - ok 22:57:54.0241 3312 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 22:57:54.0241 3312 \Device\Harddisk1\DR1 - ok 22:57:54.0241 3312 ================ Scan VBR ================================== 22:57:54.0241 3312 [ D5BD4AE194987E5C7B7C90AA41244356 ] \Device\Harddisk0\DR0\Partition1 22:57:54.0241 3312 \Device\Harddisk0\DR0\Partition1 - ok 22:57:54.0257 3312 [ 7ABA5A5F9E607B32CD51B09176FAF800 ] \Device\Harddisk1\DR1\Partition1 22:57:54.0257 3312 \Device\Harddisk1\DR1\Partition1 - ok 22:57:54.0257 3312 ============================================================ 22:57:54.0257 3312 Scan finished 22:57:54.0257 3312 ============================================================ 22:57:54.0272 1328 Detected object count: 0 22:57:54.0272 1328 Actual detected object count: 0
  15. Joker, I appreciate the prompt responses. I have no good excuse not to have upgraded to XP SP3. Spybot S&D Tea Timer is not running. TheAdwCleaner(S1) log is attached. Unfortunately ComboFix will not run. "This operating system is not supported! ComboFix only runs on: Windows XP (32 bit)...". Java is now updated to JRE7 with all old versions removed. # AdwCleaner v2.007 - Logfile created 11/10/2012 at 13:32:49 # Updated 06/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (64 bits) # User : JJACOBS - WS2 # Boot Mode : Normal # Running from : C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\jjacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\administrator.TAI.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2060 octets] - [10/11/2012 11:28:51] AdwCleaner[s1].txt - [1859 octets] - [10/11/2012 13:32:49] ########## EOF - C:\AdwCleaner[s1].txt - [1919 octets] ##########