Jump to content


Photo

Google Browser Hijacker


  • This topic is locked This topic is locked
26 replies to this topic

#1 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 10 November 2012 - 10:40 AM

Good Morning,

I'm a new poster and very appreciative of the opportunity to ask for help for this malware problem.

Problem: IE Explorer 8, Windows XP 64bit machine. Default search engine is Google. When clicking on search responses there are persistent redirects to sites like:
8.26.70.252
63.209.69.107
Scour
beesq.net
answerdev.nixxie.com, etc.

Tried to run DDS which indicates: "This operating system is not supported.". I presume due to the XP 64bit configuration.

Ran Malwarebytes Anti-Malware with the log below. The malware was removed but the problem persists. Running Malwarebytes again does not re-identify any malware.

Thanks very much for any help you can provide.


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.09.08

Windows XP Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
JJACOBS :: WS2 [administrator]

11/9/2012 5:37:15 PM
mbam-log-2012-11-09 (17-37-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 493378
Time elapsed: 47 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tsgrwnun (Rogue.AntivirusSuite.Gen) -> Data: C:\Documents and Settings\jjacobs\Local Settings\Application Data\brvaeikln\orybjkitssd.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ytemthgq (Trojan.FakeAlert.Gen) -> Data: C:\Documents and Settings\jjacobs\Local Settings\Application Data\onkvoflbq\rhhwviruqiw.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\jjacobs\Local Settings\Temp\0.42210044255782064 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Documents and Settings\jjacobs\Local Settings\Temp\0.6139734146035233 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\WINDOWS\ie8\occache.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\amd64\occache.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 10 November 2012 - 11:19 AM

Hi Quercus, and Welcome to SWI.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

Please delete your current copy of DDS and download a new copy from here. It has been updated recently, and it might now run on your system.

Please also follow the instruction from Instructions for posting requested logs and download and run Security Check and post the log.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
Please post the log form DDS (if you were able to run it this time), the log from Security Check, and the log from AdwCleaner, and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 10 November 2012 - 11:37 AM

Thanks very much for the prompt response.

The new version of DDS still wouldn't run. It returns a long notepad file in gibberish with little readable english other than info about the version and "This program cannot be run in DOS mode.". Here are the logs from Security Check and AdwCleaner:

Results of screen317's Security Check version 0.99.54
Windows XP x64
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
S
y
m
a
n
t
e
c
ECHO is off.
E
n
d
p
o
i
n
t
ECHO is off.
P
r
o
t
e
c
t
i
o
n
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 23
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Symantec AntiVirus Smc.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus SmcGui.exe
Symantec AntiVirus ProtectionUtilSurrogate.exe
Kaspersky Security Scan KSS.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


# AdwCleaner v2.007 - Logfile created 11/10/2012 at 11:28:51
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (64 bits)
# User : JJACOBS - WS2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\jjacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\administrator.TAI.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1933 octets] - [10/11/2012 11:28:51]

########## EOF - C:\AdwCleaner[R1].txt - [1993 octets] ##########

#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 10 November 2012 - 01:24 PM

Why have you never installed Windows XP Service Pack 3? Your system will remain vulnerable until it is updated. Don't do that now though, installing a Windows Service Pack on an infected system can create a mess. You need to wait until the system is clean.

I see you have Spybot Search & Destroy installed. If you have Teatimer running, please disable it and keep it disabled until we are finished as it will interfere with fixes.

Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt.

Download ComboFix© by sUBs from one of these locations:

http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingc...to-use-combofix

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.

Your Java is extremely outdated and vulnerable.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, click the "Accept License Agreement" button
  • Download the files for Windows x86 Offline (jre-7u9-windows-i586.exe) and Windows x64 (jre-7u9-windows-x64.exe) and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
    • Java™ 6 Update 23
    • Java™ SE Runtime Environment 6 Update 1
    • Java™ 6 Update 5
  • Then from your Desktop double-click on the new versions you downloaded and install them.

Please post the log from ComboFix, the log from AdwCleaner.exe, and note any errors encountered.
Are you still being redirected?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 10 November 2012 - 01:53 PM

Joker,

I appreciate the prompt responses.

I have no good excuse not to have upgraded to XP SP3. Spybot S&D Tea Timer is not running. TheAdwCleaner(S1) log is attached. Unfortunately ComboFix will not run. "This operating system is not supported! ComboFix only runs on: Windows XP (32 bit)...". Java is now updated to JRE7 with all old versions removed.

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 13:32:49
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (64 bits)
# User : JJACOBS - WS2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\jjacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\administrator.TAI.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2060 octets] - [10/11/2012 11:28:51]
AdwCleaner[S1].txt - [1859 octets] - [10/11/2012 13:32:49]

########## EOF - C:\AdwCleaner[S1].txt - [1919 octets] ##########

Edited by Quercus, 10 November 2012 - 02:09 PM.


#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 10 November 2012 - 07:12 PM

ComboFix is x64 compatibel, but it seems unfortunately not with Windows XP.

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
    - A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).
  • Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please post a copy of the log from TDSSKiller in your next reply, and in a second post (because that log can be long), the log from ESET's online scanner, and note any errors encountered.

Are you still being redirected?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 10 November 2012 - 11:06 PM

Good evening,

TDSS Killer Log is included below. There was nothing found and no request to reboot. ESET Log to follow shortly along with a test of Google searches.

22:57:32.0556 2700 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:57:33.0070 2700 ============================================================
22:57:33.0070 2700 Current date / time: 2012/11/10 22:57:33.0070
22:57:33.0070 2700 SystemInfo:
22:57:33.0070 2700
22:57:33.0070 2700 OS Version: 5.2.3790 ServicePack: 2.0
22:57:33.0070 2700 Product type: Workstation
22:57:33.0070 2700 ComputerName: WS2
22:57:33.0070 2700 UserName: JJACOBS
22:57:33.0070 2700 Windows directory: C:\WINDOWS
22:57:33.0070 2700 System windows directory: C:\WINDOWS
22:57:33.0070 2700 Running under WOW64
22:57:33.0070 2700 Processor architecture: Intel x64
22:57:33.0070 2700 Number of processors: 1
22:57:33.0070 2700 Page size: 0x1000
22:57:33.0070 2700 Boot type: Normal boot
22:57:33.0070 2700 ============================================================
22:57:34.0629 2700 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
22:57:34.0645 2700 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
22:57:34.0660 2700 ============================================================
22:57:34.0660 2700 \Device\Harddisk0\DR0:
22:57:34.0660 2700 MBR partitions:
22:57:34.0660 2700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D1915B4
22:57:34.0660 2700 \Device\Harddisk1\DR1:
22:57:34.0660 2700 MBR partitions:
22:57:34.0660 2700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
22:57:34.0660 2700 ============================================================
22:57:34.0723 2700 C: <-> \Device\Harddisk0\DR0\Partition1
22:57:34.0738 2700 D: <-> \Device\Harddisk1\DR1\Partition1
22:57:34.0738 2700 ============================================================
22:57:34.0738 2700 Initialize success
22:57:34.0738 2700 ============================================================
22:57:51.0326 3312 ============================================================
22:57:51.0326 3312 Scan started
22:57:51.0326 3312 Mode: Manual;
22:57:51.0326 3312 ============================================================
22:57:52.0230 3312 ================ Scan system memory ========================
22:57:52.0230 3312 System memory - ok
22:57:52.0230 3312 ================ Scan services =============================
22:57:52.0245 3312 Abiosdsk - ok
22:57:52.0245 3312 ACPI - ok
22:57:52.0245 3312 ACPIEC - ok
22:57:52.0261 3312 adpu160m - ok
22:57:52.0261 3312 adpu320 - ok
22:57:52.0261 3312 aec - ok
22:57:52.0277 3312 AeLookupSvc - ok
22:57:52.0277 3312 AFAmgt - ok
22:57:52.0277 3312 AFD - ok
22:57:52.0292 3312 agp440 - ok
22:57:52.0292 3312 aic78u2 - ok
22:57:52.0292 3312 aic78xx - ok
22:57:52.0308 3312 Alerter - ok
22:57:52.0308 3312 ALG - ok
22:57:52.0308 3312 AliIde - ok
22:57:52.0323 3312 AmdIde - ok
22:57:52.0323 3312 AppMgmt - ok
22:57:52.0323 3312 arc - ok
22:57:52.0339 3312 Arp1394 - ok
22:57:52.0339 3312 ASFAgent - ok
22:57:52.0339 3312 AsfAlrt - ok
22:57:52.0370 3312 aspnet_state - ok
22:57:52.0370 3312 AsyncMac - ok
22:57:52.0370 3312 atapi - ok
22:57:52.0370 3312 Atdisk - ok
22:57:52.0386 3312 ati2mtag - ok
22:57:52.0386 3312 Atmarpc - ok
22:57:52.0386 3312 AudioSrv - ok
22:57:52.0401 3312 audstub - ok
22:57:52.0401 3312 Beep - ok
22:57:52.0417 3312 BITS - ok
22:57:52.0417 3312 Browser - ok
22:57:52.0417 3312 CAMHWBS2 - ok
22:57:52.0433 3312 ccEvtMgr - ok
22:57:52.0433 3312 ccSetMgr - ok
22:57:52.0433 3312 CdaC15BA - ok
22:57:52.0448 3312 CdaD10BA - ok
22:57:52.0448 3312 Cdfs - ok
22:57:52.0448 3312 Cdrom - ok
22:57:52.0464 3312 Changer - ok
22:57:52.0464 3312 CiSvc - ok
22:57:52.0464 3312 ClipSrv - ok
22:57:52.0479 3312 clr_optimization_v2.0.50727_32 - ok
22:57:52.0479 3312 clr_optimization_v2.0.50727_64 - ok
22:57:52.0479 3312 clr_optimization_v4.0.30319_32 - ok
22:57:52.0495 3312 clr_optimization_v4.0.30319_64 - ok
22:57:52.0495 3312 CmdIde - ok
22:57:52.0495 3312 commonfx.dll - ok
22:57:52.0510 3312 COMSysApp - ok
22:57:52.0510 3312 crcdisk - ok
22:57:52.0526 3312 Creative Service for CDROM Access - ok
22:57:52.0526 3312 CryptSvc - ok
22:57:52.0526 3312 ctac32k - ok
22:57:52.0542 3312 ctaud2k - ok
22:57:52.0542 3312 ctaudfx.dll - ok
22:57:52.0542 3312 ctprxy2k - ok
22:57:52.0557 3312 ctsblfx.dll - ok
22:57:52.0557 3312 ctsfm2k - ok
22:57:52.0557 3312 DcomLaunch - ok
22:57:52.0573 3312 Dhcp - ok
22:57:52.0573 3312 Disk - ok
22:57:52.0588 3312 dmadmin - ok
22:57:52.0588 3312 dmboot - ok
22:57:52.0588 3312 dmio - ok
22:57:52.0604 3312 dmload - ok
22:57:52.0604 3312 dmserver - ok
22:57:52.0604 3312 Dnscache - ok
22:57:52.0620 3312 dpti2o - ok
22:57:52.0620 3312 E1000 - ok
22:57:52.0620 3312 eeCtrl - ok
22:57:52.0635 3312 emupia - ok
22:57:52.0635 3312 EraserUtilRebootDrv - ok
22:57:52.0635 3312 ERSvc - ok
22:57:52.0651 3312 Eventlog - ok
22:57:52.0651 3312 EventSystem - ok
22:57:52.0651 3312 Fastfat - ok
22:57:52.0666 3312 Fax - ok
22:57:52.0666 3312 Fdc - ok
22:57:52.0666 3312 Fips - ok
22:57:52.0682 3312 Flpydisk - ok
22:57:52.0682 3312 FltMgr - ok
22:57:52.0682 3312 FontCache3.0.0.0 - ok
22:57:52.0698 3312 Fs_Rec - ok
22:57:52.0698 3312 Ftdisk - ok
22:57:52.0698 3312 Gpc - ok
22:57:52.0713 3312 gupdate - ok
22:57:52.0713 3312 gupdatem - ok
22:57:52.0713 3312 gusvc - ok
22:57:52.0729 3312 ha10kx2k - ok
22:57:52.0729 3312 hap16v2k - ok
22:57:52.0729 3312 helpsvc - ok
22:57:52.0744 3312 HidServ - ok
22:57:52.0744 3312 HidUsb - ok
22:57:52.0744 3312 HSF_DP - ok
22:57:52.0760 3312 HTTP - ok
22:57:52.0760 3312 HTTPFilter - ok
22:57:52.0760 3312 i2omgmt - ok
22:57:52.0776 3312 i8042prt - ok
22:57:52.0776 3312 IASJet - ok
22:57:52.0776 3312 idsvc - ok
22:57:52.0791 3312 iirsp - ok
22:57:52.0791 3312 imapi - ok
22:57:52.0791 3312 ImapiService - ok
22:57:52.0807 3312 IntelIde - ok
22:57:52.0807 3312 intelppm - ok
22:57:52.0822 3312 IoloFilter - ok
22:57:52.0822 3312 IOLO_SRV - ok
22:57:52.0822 3312 Ip6Fw - ok
22:57:52.0838 3312 IpFilterDriver - ok
22:57:52.0838 3312 IpInIp - ok
22:57:52.0838 3312 IpNat - ok
22:57:52.0853 3312 IPSec - ok
22:57:52.0853 3312 IRENUM - ok
22:57:52.0869 3312 isapnp - ok
22:57:52.0869 3312 JavaQuickStarterService - ok
22:57:52.0869 3312 Kbdclass - ok
22:57:52.0885 3312 kbdhid - ok
22:57:52.0885 3312 kmixer - ok
22:57:52.0885 3312 KSecDD - ok
22:57:52.0900 3312 ksthunk - ok
22:57:52.0900 3312 lanmanserver - ok
22:57:52.0900 3312 lanmanworkstation - ok
22:57:52.0916 3312 LiveUpdate - ok
22:57:52.0916 3312 LmHosts - ok
22:57:52.0931 3312 MDM - ok
22:57:52.0931 3312 Messenger - ok
22:57:52.0931 3312 mnmdd - ok
22:57:52.0947 3312 mnmsrvc - ok
22:57:52.0947 3312 Modem - ok
22:57:52.0963 3312 Mouclass - ok
22:57:52.0963 3312 mouhid - ok
22:57:52.0963 3312 MountMgr - ok
22:57:52.0978 3312 mraid35x - ok
22:57:52.0978 3312 MRxDAV - ok
22:57:52.0978 3312 MRxSmb - ok
22:57:52.0994 3312 MSDTC - ok
22:57:52.0994 3312 Msfs - ok
22:57:53.0009 3312 MSIServer - ok
22:57:53.0009 3312 MSKSSRV - ok
22:57:53.0009 3312 MSPCLOCK - ok
22:57:53.0025 3312 MSPQM - ok
22:57:53.0025 3312 mssmbios - ok
22:57:53.0025 3312 MSSQL$MICROSOFTBCM - ok
22:57:53.0041 3312 MSSQLServerADHelper - ok
22:57:53.0041 3312 Mup - ok
22:57:53.0041 3312 NAL - ok
22:57:53.0056 3312 NAVENG - ok
22:57:53.0056 3312 NAVEX15 - ok
22:57:53.0072 3312 NDIS - ok
22:57:53.0072 3312 NdisTapi - ok
22:57:53.0072 3312 Ndisuio - ok
22:57:53.0072 3312 NdisWan - ok
22:57:53.0087 3312 NDProxy - ok
22:57:53.0087 3312 NetBIOS - ok
22:57:53.0103 3312 NetBT - ok
22:57:53.0103 3312 NetDDE - ok
22:57:53.0103 3312 NetDDEdsdm - ok
22:57:53.0118 3312 Netlogon - ok
22:57:53.0118 3312 Netman - ok
22:57:53.0118 3312 NetTcpPortSharing - ok
22:57:53.0134 3312 NGCLIENT - ok
22:57:53.0134 3312 NIC1394 - ok
22:57:53.0134 3312 Nla - ok
22:57:53.0150 3312 Npfs - ok
22:57:53.0150 3312 Ntfs - ok
22:57:53.0150 3312 NtLmSsp - ok
22:57:53.0165 3312 NtmsSvc - ok
22:57:53.0165 3312 Null - ok
22:57:53.0181 3312 nv - ok
22:57:53.0181 3312 nv_agp - ok
22:57:53.0181 3312 ohci1394 - ok
22:57:53.0196 3312 ose - ok
22:57:53.0196 3312 ossrv - ok
22:57:53.0212 3312 Parport - ok
22:57:53.0228 3312 PartMgr - ok
22:57:53.0228 3312 PCI - ok
22:57:53.0243 3312 PCIIde - ok
22:57:53.0243 3312 Pcmcia - ok
22:57:53.0243 3312 PDCOMP - ok
22:57:53.0259 3312 PDFRAME - ok
22:57:53.0259 3312 PDRELI - ok
22:57:53.0259 3312 PDRFRAME - ok
22:57:53.0274 3312 PlugPlay - ok
22:57:53.0290 3312 PolicyAgent - ok
22:57:53.0290 3312 PptpMiniport - ok
22:57:53.0290 3312 ProtectedStorage - ok
22:57:53.0306 3312 PSched - ok
22:57:53.0306 3312 Ptilink - ok
22:57:53.0306 3312 RAIDStorAgent - ok
22:57:53.0321 3312 RasAcd - ok
22:57:53.0321 3312 RasAuto - ok
22:57:53.0321 3312 Rasl2tp - ok
22:57:53.0337 3312 RasMan - ok
22:57:53.0337 3312 RasPppoe - ok
22:57:53.0352 3312 Raspti - ok
22:57:53.0352 3312 Rdbss - ok
22:57:53.0352 3312 RDPCDD - ok
22:57:53.0368 3312 rdpdr - ok
22:57:53.0368 3312 RDPWD - ok
22:57:53.0384 3312 RDSessMgr - ok
22:57:53.0384 3312 redbook - ok
22:57:53.0384 3312 RemoteAccess - ok
22:57:53.0399 3312 RemoteRegistry - ok
22:57:53.0399 3312 RpcLocator - ok
22:57:53.0399 3312 RpcSs - ok
22:57:53.0415 3312 SamSs - ok
22:57:53.0415 3312 SCardSvr - ok
22:57:53.0430 3312 Schedule - ok
22:57:53.0430 3312 Secdrv - ok
22:57:53.0446 3312 seclogon - ok
22:57:53.0446 3312 SENS - ok
22:57:53.0446 3312 Serenum - ok
22:57:53.0461 3312 Serial - ok
22:57:53.0477 3312 Sfloppy - ok
22:57:53.0493 3312 SharedAccess - ok
22:57:53.0493 3312 ShellHWDetection - ok
22:57:53.0493 3312 Simbad - ok
22:57:53.0508 3312 SmcService - ok
22:57:53.0508 3312 smwdm - ok
22:57:53.0524 3312 SNAC - ok
22:57:53.0524 3312 splitter - ok
22:57:53.0539 3312 Spooler - ok
22:57:53.0539 3312 SQLAgent$MICROSOFTBCM - ok
22:57:53.0539 3312 sr - ok
22:57:53.0555 3312 srservice - ok
22:57:53.0555 3312 SRTSP - ok
22:57:53.0571 3312 SRTSPL - ok
22:57:53.0571 3312 SRTSPX - ok
22:57:53.0571 3312 Srv - ok
22:57:53.0586 3312 SSDPSRV - ok
22:57:53.0586 3312 stisvc - ok
22:57:53.0586 3312 swenum - ok
22:57:53.0602 3312 swmidi - ok
22:57:53.0602 3312 swprv - ok
22:57:53.0602 3312 Symantec AntiVirus - ok
22:57:53.0617 3312 symc8xx - ok
22:57:53.0617 3312 SymEvent - ok
22:57:53.0617 3312 symmpi - ok
22:57:53.0633 3312 sym_hi - ok
22:57:53.0633 3312 sym_u3 - ok
22:57:53.0649 3312 sysaudio - ok
22:57:53.0649 3312 SysmonLog - ok
22:57:53.0649 3312 TapiSrv - ok
22:57:53.0664 3312 Tcpip - ok
22:57:53.0664 3312 TDPIPE - ok
22:57:53.0664 3312 TDTCP - ok
22:57:53.0680 3312 Teefer2 - ok
22:57:53.0680 3312 TermDD - ok
22:57:53.0695 3312 TermService - ok
22:57:53.0695 3312 Themes - ok
22:57:53.0695 3312 TlntSvr - ok
22:57:53.0711 3312 TosIde - ok
22:57:53.0711 3312 TrkWks - ok
22:57:53.0726 3312 Udfs - ok
22:57:53.0726 3312 uliagpkx - ok
22:57:53.0726 3312 ultra - ok
22:57:53.0742 3312 Update - ok
22:57:53.0742 3312 upnphost - ok
22:57:53.0742 3312 UPS - ok
22:57:53.0758 3312 usbehci - ok
22:57:53.0758 3312 usbhub - ok
22:57:53.0773 3312 usbscan - ok
22:57:53.0773 3312 USBSTOR - ok
22:57:53.0773 3312 usbuhci - ok
22:57:53.0789 3312 vds - ok
22:57:53.0789 3312 vga - ok
22:57:53.0789 3312 VgaSave - ok
22:57:53.0804 3312 ViaIde - ok
22:57:53.0804 3312 VolSnap - ok
22:57:53.0804 3312 VSS - ok
22:57:53.0820 3312 W32Time - ok
22:57:53.0820 3312 Wanarp - ok
22:57:53.0836 3312 WDICA - ok
22:57:53.0851 3312 wdmaud - ok
22:57:53.0851 3312 WebClient - ok
22:57:53.0867 3312 winachsf - ok
22:57:53.0867 3312 WinHttpAutoProxySvc - ok
22:57:53.0882 3312 winmgmt - ok
22:57:53.0898 3312 WmdmPmSN - ok
22:57:53.0898 3312 Wmi - ok
22:57:53.0914 3312 WmiApSrv - ok
22:57:53.0914 3312 WMPNetworkSvc - ok
22:57:53.0914 3312 WpdUsb - ok
22:57:53.0929 3312 WPFFontCache_v0400 - ok
22:57:53.0929 3312 WPS - ok
22:57:53.0929 3312 WpsHelper - ok
22:57:53.0945 3312 wscsvc - ok
22:57:53.0945 3312 wuauserv - ok
22:57:53.0960 3312 WudfPf - ok
22:57:53.0960 3312 WudfRd - ok
22:57:53.0976 3312 WudfSvc - ok
22:57:53.0976 3312 WZCSVC - ok
22:57:53.0976 3312 xmlprov - ok
22:57:53.0992 3312 ================ Scan global ===============================
22:57:53.0992 3312 [Global] - ok
22:57:54.0007 3312 ================ Scan MBR ==================================
22:57:54.0038 3312 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:57:54.0225 3312 \Device\Harddisk0\DR0 - ok
22:57:54.0241 3312 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:57:54.0241 3312 \Device\Harddisk1\DR1 - ok
22:57:54.0241 3312 ================ Scan VBR ==================================
22:57:54.0241 3312 [ D5BD4AE194987E5C7B7C90AA41244356 ] \Device\Harddisk0\DR0\Partition1
22:57:54.0241 3312 \Device\Harddisk0\DR0\Partition1 - ok
22:57:54.0257 3312 [ 7ABA5A5F9E607B32CD51B09176FAF800 ] \Device\Harddisk1\DR1\Partition1
22:57:54.0257 3312 \Device\Harddisk1\DR1\Partition1 - ok
22:57:54.0257 3312 ============================================================
22:57:54.0257 3312 Scan finished
22:57:54.0257 3312 ============================================================
22:57:54.0272 1328 Detected object count: 0
22:57:54.0272 1328 Actual detected object count: 0

Edited by Quercus, 10 November 2012 - 11:17 PM.


#8 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 11 November 2012 - 07:37 AM

Good Morning,

Here is the ESET Scan Log (C:\programfiles(x86)\ESET\ESET Online Scanner\log.txt). Rebooting and trying out Google.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40997b3e7e335744a6bab723aeae5f6a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-11 05:26:29
# local_time=2012-11-11 12:26:29 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.2.3790 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=133472
# found=10
# cleaned=10
# scan_time=4710
C:\Documents and Settings\administrator.TAI.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadfgedadbdbdggcdhgcdjdedegbgddh\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8OG65P0U\burtsed[1].js probably a variant of JS/TrojanDownloader.FraudLoad.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8YL8DQF1\text_constants_en[1].js probably a variant of Win32/Agent.EIBWZYQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\balloon[1].xsl Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\lclsrch[1].xml Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\LDEU48A6\rampir_info[1].htm JS/Fraud.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jjacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadfgedadbdbdggcdhgcdjdedegbgddh\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jjacobs\Local Settings\Temporary Internet Files\Content.IE5\L6EY087O\SoftonicDownloader_for_kaspersky-tdsskiller[1].exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\RECYCLER\S-1-5-21-1567575379-270853854-1349272934-1113\Dc186.dll a variant of Win32/Kryptik.ANRR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Temp\SoftonicDownloader_for_kaspersky-tdsskiller.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#9 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 11 November 2012 - 07:55 AM

Joker,

Sadly, the problem is still going on unabated. The google search works well and it may let you search once without a problem. By the 2nd search or using the back button, the browser is redirected to click.livesearchnow.com or 8.26.70.252 or 63.209.65.107 - Scour beta. The Browser is slow and a bit buggy (a couple of messages for "Internet Explorer has encountered a problem and needs to close"). IE usually recovers without closing.

#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 11 November 2012 - 11:17 AM

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Please Run Malwarebytes' Anti-Malware.
  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform full scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.



Download Sophos Anti-Rootkit and save it to your desktop:
  • Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes
  • Before performing an Anti-Rootkit Scan:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
    • After starting the scan, do not use the computer until the scan has completed.
    • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
    • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
  • Files tagged as Removable: No are not marked for removal and cannot be removed.
  • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
  • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\Local Settings\Temp\, or in your case C:\UsersPE-Laptoc\AppData\Local\Temp.

Please post the logs from OTL (OTL.Txt and Extras.Txt), each in it's own post, and in another post, the logs from the Sophos scanner and MBAM, and note any errors encountered. Are you still being redirected?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 11 November 2012 - 02:59 PM

Here's the OTL.TXT Log

TL logfile created on: 11/11/2012 11:40:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jjacobs\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.99 Mb Total Physical Memory | 701.41 Mb Available Physical Memory | 68.63% Memory free
2.43 Gb Paging File | 1.92 Gb Available in Paging File | 79.02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 194.33 Gb Free Space | 83.48% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 232.45 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive X: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive Y: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive Z: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS

Computer Name: WS2 | User Name: JJACOBS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
PRC - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
PRC - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/15 08:21:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2010/12/15 08:20:29 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\ProtectionUtilSurrogate.exe
PRC - [2010/09/03 11:16:52 | 002,402,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
PRC - [2010/04/05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2009/12/24 21:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
PRC - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe
PRC - [2007/02/18 10:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2005/11/20 16:40:41 | 000,151,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe
PRC - [2005/06/03 01:30:58 | 000,015,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTHELPER.EXE
PRC - [2003/09/17 17:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE


========== Modules (No Company Name) ==========

MOD - [2012/11/09 09:24:02 | 000,274,432 | ---- | M] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll
MOD - [2010/09/03 11:16:52 | 002,402,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
MOD - [2010/09/03 11:16:40 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS_WMI.dll
MOD - [2005/07/06 22:36:20 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\storutil.dll
MOD - [2003/11/19 23:44:18 | 000,057,455 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\net.dll
MOD - [2003/11/19 23:36:42 | 000,053,364 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\zip.dll
MOD - [2003/11/19 23:35:48 | 000,102,515 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\java.dll
MOD - [2003/11/19 23:31:48 | 000,057,453 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\verify.dll
MOD - [2003/11/19 23:31:30 | 001,212,546 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\client\jvm.dll
MOD - [2003/11/19 23:31:18 | 000,028,791 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\hpi.dll


========== Services (SafeList) ==========

SRV:64bit: - [2005/01/07 10:48:30 | 000,157,696 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/15 08:20:51 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/12/15 08:20:36 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE -- (SNAC)
SRV - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) [Auto | Running] -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent)
SRV - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2012/11/02 07:12:58 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\ex64.sys -- (NAVEX15)
DRV - [2012/11/02 07:12:50 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\eng64.sys -- (NAVENG)
DRV - [2012/08/15 13:51:30 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 07:18:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/15 08:21:45 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/12/15 08:21:45 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/12/15 08:21:45 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtspx64.sys -- (SRTSPX)
DRV - [2005/03/25 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/03/25 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.xpt ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.7.2197: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: RealPlayer Enterprise™ LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/

Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AsioThk32Reg] C:\WINDOWS\SysWOW64\CTASIO.DLL (Creative Technology Ltd)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\jjacobs\Local Settings\Application Data\Apple Computer\Adobe\ptlivpxva.dll",fltInfoW File not found
O4 - HKCU..\Run: [ApplicationHistory] C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk = C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130079827814 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1269476613658 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstFred.ocx (InstaFred)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tai.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9EFE698-81D6-419A-89D2-AAE048036FCF}: DhcpNameServer = 192.168.1.100 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/11/07 10:31:13 | 000,000,000 | ---D | M] - Z:\Autohaus Acquisitions -- [ NTFS ]
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


Drivers32:64bit: midi - File not found
Drivers32:64bit: midi1 - File not found
Drivers32:64bit: midimapper - File not found
Drivers32:64bit: mixer - File not found
Drivers32:64bit: mixer1 - File not found
Drivers32:64bit: msacm.imaadpcm - File not found
Drivers32:64bit: msacm.msadpcm - File not found
Drivers32:64bit: msacm.msg711 - File not found
Drivers32:64bit: msacm.msgsm610 - File not found
Drivers32:64bit: msacm.trspch - File not found
Drivers32:64bit: vidc.i420 - File not found
Drivers32:64bit: vidc.iv31 - File not found
Drivers32:64bit: vidc.iv32 - File not found
Drivers32:64bit: vidc.iv41 - File not found
Drivers32:64bit: vidc.iv50 - File not found
Drivers32:64bit: vidc.iyuv - File not found
Drivers32:64bit: vidc.mrle - File not found
Drivers32:64bit: vidc.msvc - File not found
Drivers32:64bit: vidc.uyvy - File not found
Drivers32:64bit: vidc.yuy2 - File not found
Drivers32:64bit: vidc.yvu9 - File not found
Drivers32:64bit: vidc.yvyu - File not found
Drivers32:64bit: wave - File not found
Drivers32:64bit: wave1 - File not found
Drivers32:64bit: wavemapper - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 11:39:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
[2012/11/11 07:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Sun
[2012/11/10 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/10 22:57:01 | 002,215,000 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe
[2012/11/10 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/10 14:07:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/11/10 14:07:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/11/10 14:07:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/11/10 14:07:21 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2012/11/10 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/11/10 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/10 14:02:15 | 031,160,808 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe
[2012/11/10 14:02:14 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe
[2012/11/10 13:29:38 | 004,998,937 | ---- | C] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe
[2012/11/10 09:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\f-secure
[2012/11/10 09:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/11/10 09:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\QuickScan
[2012/11/09 22:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
[2012/11/11 10:11:01 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.CDF
[2012/11/11 10:11:01 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.BAK
[2012/11/11 09:50:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/11 07:41:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/11/11 07:40:18 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/11 07:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/11 07:39:58 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/10 14:07:45 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/11/10 14:07:12 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2012/11/10 14:07:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/11/10 14:07:11 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2012/11/10 14:07:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/11/10 14:07:11 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/11/10 14:01:56 | 031,160,808 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe
[2012/11/10 13:57:55 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe
[2012/11/10 13:44:59 | 004,998,937 | ---- | M] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe
[2012/11/10 11:28:13 | 000,541,569 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe
[2012/11/09 17:36:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 17:32:21 | 002,195,988 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip
[2012/11/09 14:29:28 | 000,658,298 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/11/08 08:54:22 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/05 11:45:09 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\SysWow64\KGyGaAvL.sys
[2012/10/30 13:39:20 | 002,215,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/10 23:08:53 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/10 11:28:29 | 000,541,569 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe
[2012/11/10 09:18:10 | 1071,808,512 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/09 17:36:15 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 17:32:19 | 002,195,988 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip
[2011/08/05 15:00:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2008/04/03 07:05:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\fusioncache.dat
[2006/10/05 08:01:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JPR.{PB
[2006/10/05 08:01:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JCM.{PB
[2005/11/29 12:17:53 | 000,006,332 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2005/04/01 21:52:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2009/05/14 03:28:58 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/11/10 11:29:05 | 000,002,060 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/11/10 13:33:02 | 000,001,986 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2005/04/01 21:46:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/10/22 09:39:20 | 000,000,213 | RHS- | M] () -- C:\boot.ini
[2005/04/01 21:46:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/10/01 04:13:12 | 000,004,733 | RH-- | M] () -- C:\dell.sdr
[2012/11/11 07:39:58 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 14:40:58 | 000,000,201 | ---- | M] () -- C:\inferno.log
[2005/04/01 21:46:44 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/04/01 21:46:44 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2005/03/25 12:00:00 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM
[2007/11/16 08:11:55 | 000,297,072 | RHS- | M] () -- C:\ntldr
[2012/03/06 18:57:00 | 000,000,512 | ---- | M] () -- C:\osmbr.bak
[2012/11/11 07:39:53 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2001/08/29 15:00:44 | 000,019,200 | ---- | M] (Microsoft Corporation) -- C:\Posusb.sys
[2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2001/08/29 15:00:44 | 000,002,858 | ---- | M] () -- C:\TalonGPS.inf
[2012/11/09 17:32:41 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_17.32.35_log.txt
[2012/11/09 19:27:18 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_19.26.37_log.txt
[2012/11/09 22:23:26 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_22.23.22_log.txt
[2012/11/10 22:57:07 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_10.11.2012_22.57.03_log.txt
[2012/11/09 17:34:04 | 000,090,100 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_17.33.22_log.txt
[2012/11/09 19:29:00 | 000,090,078 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_19.27.54_log.txt
[2012/11/09 22:24:41 | 000,090,100 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_22.23.39_log.txt
[2012/11/10 23:01:43 | 000,027,776 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_10.11.2012_22.57.32_log.txt
[2011/01/04 08:05:40 | 000,000,000 | ---- | M] () -- C:\tgo.2
[2011/01/03 08:01:20 | 000,000,000 | ---- | M] () -- C:\tgs.2
[2010/03/15 07:06:16 | 000,000,000 | ---- | M] () -- C:\th8.1
[2010/03/29 07:10:08 | 000,000,000 | ---- | M] () -- C:\thc.1
[2010/07/02 13:11:06 | 000,000,000 | ---- | M] () -- C:\thg.2
[2012/03/05 08:03:08 | 000,000,000 | ---- | M] () -- C:\ths.1
[2011/05/31 07:03:08 | 000,000,000 | ---- | M] () -- C:\tig.1
[2011/05/03 07:08:31 | 000,000,000 | ---- | M] () -- C:\tj0.1
[2010/06/03 07:09:00 | 000,000,000 | ---- | M] () -- C:\tp0.1
[2010/03/08 08:03:39 | 000,000,000 | ---- | M] () -- C:\tpg.2
[2010/09/28 07:10:21 | 000,000,000 | ---- | M] () -- C:\tpo.1
[2011/08/29 06:59:39 | 000,000,000 | ---- | M] () -- C:\tqk.1
[2012/05/02 07:04:14 | 000,000,000 | ---- | M] () -- C:\tqk.2
[2011/10/10 07:04:56 | 000,000,000 | ---- | M] () -- C:\tqo.1
[2012/02/15 08:03:25 | 000,000,000 | ---- | M] () -- C:\tqo.2
[2012/06/19 07:04:17 | 000,000,000 | ---- | M] () -- C:\tqo.3
[2012/07/24 07:06:12 | 000,000,000 | ---- | M] () -- C:\tqo.4
[2012/09/24 07:06:36 | 000,000,000 | ---- | M] () -- C:\tqo.5
[2012/10/08 07:05:24 | 000,000,000 | ---- | M] () -- C:\tqo.6
[2011/11/11 08:03:56 | 000,000,000 | ---- | M] () -- C:\tqs.1
[2012/08/07 07:08:06 | 000,000,000 | ---- | M] () -- C:\tro.2
[2011/04/04 07:06:41 | 000,000,000 | ---- | M] () -- C:\ts0.1
[2012/03/06 18:57:26 | 222,083,584 | ---- | M] () -- C:\virtpart.dat
[2012/03/06 18:57:00 | 000,000,291 | ---- | M] () -- C:\virtpart.vmdk

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 3
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

#12 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 11 November 2012 - 03:00 PM

Here's the OTL Extras.txt log

OTL Extras logfile created on: 11/11/2012 11:40:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jjacobs\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.99 Mb Total Physical Memory | 701.41 Mb Available Physical Memory | 68.63% Memory free
2.43 Gb Paging File | 1.92 Gb Available in Paging File | 79.02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 194.33 Gb Free Space | 83.48% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 232.45 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive X: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive Y: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive Z: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS

Computer Name: WS2 | User Name: JJACOBS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.scr[@ = AutoCADScriptFile] -- C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation)
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.scr [@ = AutoCADScriptFile] -- C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 192.168.1.0/24

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 192.168.1.0/24

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 192.168.1.0/24

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 192.168.1.0/24

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\GAEA\WinLoG4\WinLoG4.EXE" = C:\Program Files (x86)\GAEA\WinLoG4\WinLoG4.EXE:*:Enabled:winlog4.exe -- (GAEA Technologies)
"C:\Program Files (x86)\Symantec AntiVirus\Smc.exe" = C:\Program Files (x86)\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE" = C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE:*:Enabled:SNAC64 Service -- (Symantec Corporation)
"C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe" = C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\GAEA\WinLoG4\WinLoG4.EXE" = C:\Program Files (x86)\GAEA\WinLoG4\WinLoG4.EXE:*:Enabled:winlog4.exe -- (GAEA Technologies)
"C:\Program Files (x86)\Symantec AntiVirus\Smc.exe" = C:\Program Files (x86)\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE" = C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE:*:Enabled:SNAC64 Service -- (Symantec Corporation)
"C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe" = C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe" = C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe" = C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}" = Symantec Endpoint Protection
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B8F7D1D1-EFC7-4B17-B120-BA44195F6657}" = Intel ® Pro Alerting Agent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{110CF7B8-1127-4FE5-82D3-268B4BC9A57D}" = Sound Blaster Audigy 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A64EE3-F1FE-46F3-AAE1-8CDB35B6038B}" = Surfer 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5783F2D7-0134-0409-0000-0060B0CE6BBA}" = Autodesk Architectural Desktop 3.3
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94251E15-F03A-42CF-B762-6A75B1A0790B}" = RAID Storage Manager
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{A0FEF031-E464-4B30-0AB3-00000DB3717B}" = Symantec Ghost Console Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC698CF1-F9C3-4C30-85CA-7CED2A27648A}" = WinLoG4
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B3DED121-395C-4338-A455-A2CFF8BDE071}" = Kaspersky Security Scan
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"AnswerWorks" = AnswerWorks Runtime
"Audigy2 Audio UG" = Audio User's Guide
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{94251E15-F03A-42CF-B762-6A75B1A0790B}" = RAID Storage Manager
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"QuickTime" = QuickTime
"RealPlayer Enterprise 6.0" = RealPlayer Enterprise
"StreetFinder" = Rand McNally StreetFinder Deluxe
"Super TextTwist" = Super TextTwist
"Surfer 7" = Surfer 7
"TripMaker" = Rand McNally TripMaker Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2012 11:20:02 PM | Computer Name = WS2 | Source = VSS | ID = 8211
Description =

Error - 11/10/2012 11:09:10 AM | Computer Name = WS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module dlbwy.dll, version 0.0.0.0, fault address 0x00001230.

Error - 11/10/2012 11:24:28 AM | Computer Name = WS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module dlbwy.dll, version 0.0.0.0, fault address 0x00001230.

Error - 11/10/2012 11:44:07 AM | Computer Name = WS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module dlbwy.dll, version 0.0.0.0, fault address 0x00001230.

Error - 11/10/2012 2:26:41 PM | Computer Name = WS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module dlbwy.dll, version 0.0.0.0, fault address 0x00001230.

Error - 11/10/2012 2:59:08 PM | Computer Name = WS2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2012 3:00:05 PM | Computer Name = WS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module dlbwy.dll, version 0.0.0.0, fault address 0x00001230.

Error - 11/10/2012 3:08:30 PM | Computer Name = WS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module dlbwy.dll, version 0.0.0.0, fault address 0x00001230.

Error - 11/11/2012 8:44:05 AM | Computer Name = WS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module dlbwy.dll, version 0.0.0.0, fault address 0x00001230.

Error - 11/11/2012 8:46:10 AM | Computer Name = WS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module dlbwy.dll, version 0.0.0.0, fault address 0x00001230.

[ System Events ]
Error - 11/10/2012 2:35:36 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/10/2012 2:35:46 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.


Error - 11/10/2012 2:35:46 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/10/2012 2:35:46 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/10/2012 2:50:00 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.


Error - 11/10/2012 2:50:00 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/10/2012 2:50:00 PM | Computer Name = WS2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/11/2012 8:40:18 AM | Computer Name = WS2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.


Error - 11/11/2012 8:40:18 AM | Computer Name = WS2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/11/2012 8:40:18 AM | Computer Name = WS2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .


< End of report >

#13 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 11 November 2012 - 03:01 PM

Updated Malware Antibytes Scan


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.11.04

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
JJACOBS :: WS2 [administrator]

11/11/2012 11:53:39 AM
mbam-log-2012-11-11 (11-53-39).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 493229
Time elapsed: 52 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 11 November 2012 - 03:09 PM

Joker,

A couple of notes:

* Your post talks about a HijackThis log. Could that be a remnant from another post? I don't think it's been included previously in our troubleshooting.

* Sophos Anti-Rootkit no longer seems to exist as a stand-alone. It seems to be incorporated in to the Sophos Virus Removal Tool 2.2, which is where your link is directed to. The help manual seems quite straight forward.

Thanks.

Quercus.

#15 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 11 November 2012 - 05:04 PM

Sophos Scan and Removal Results

2012-11-11 14:50:29 Sophos Virus Removal Tool version 2.2
2012-11-11 14:50:29 Copyright © 2009-2012 Sophos Limited. All rights reserved.

2012-11-11 14:50:29 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-11-11 14:50:29 Windows version 5.2 SP 2.0 Service Pack 2 build 3790 SM=0x100 PT=0x1 WOW64
2012-11-11 14:50:29 Checking for updates...
2012-11-11 14:50:42 Option all = no
2012-11-11 14:50:42 Option recurse = yes
2012-11-11 14:50:42 Option archive = no
2012-11-11 14:50:42 Option service = yes
2012-11-11 14:50:42 Option confirm = yes
2012-11-11 14:50:42 Option sxl = yes
2012-11-11 14:50:42 Option max-data-age = 35
2012-11-11 14:50:42 Component SVRTcli.exe version 2.2
2012-11-11 14:50:42 Component control.dll version 2.2
2012-11-11 14:50:42 Component SVRTservice.exe version 2.2
2012-11-11 14:50:42 Component engine\osdp.dll version 1.44.0.2022
2012-11-11 14:50:42 Component engine\veex.dll version 3.37.2.2022
2012-11-11 14:50:42 Component engine\savi.dll version 7.5.10.2022
2012-11-11 14:50:42 Component rkdisk.dll version 1.5.30.0
2012-11-11 14:50:42 Version info: Product version 2.2
2012-11-11 14:50:42 Version info: Detection engine 3.37.2
2012-11-11 14:50:42 Version info: Detection data 4.83
2012-11-11 14:50:42 Version info: Build date 11/5/2012
2012-11-11 14:50:42 Version info: Data files added 234
2012-11-11 14:50:42 Version info: Last successful update (not yet updated)
2012-11-11 14:50:42 Update progress: proxy server not available
2012-11-11 14:51:48 Downloading updates...
2012-11-11 14:51:48 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2012-11-11 14:51:48 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2012-11-11 14:51:48 Update progress: [I49502] Found supplement IDE484 LATEST
2012-11-11 14:51:48 Update progress: [I49502] Found supplement IDE485 LATEST
2012-11-11 14:51:48 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2012-11-11 14:51:48 Update progress: [I19463] Syncing product SAVIW32 21
2012-11-11 14:51:53 Update progress: [I19463] Syncing product IDE484 157
2012-11-11 14:51:53 Installing updates...
2012-11-11 14:51:53 Update progress: [I19463] Syncing product IDE485 79
2012-11-11 14:52:09 Update successful
2012-11-11 14:52:19 Option all = no
2012-11-11 14:52:19 Option recurse = yes
2012-11-11 14:52:19 Option archive = no
2012-11-11 14:52:19 Option service = yes
2012-11-11 14:52:19 Option confirm = yes
2012-11-11 14:52:19 Option sxl = yes
2012-11-11 14:52:19 Option max-data-age = 35
2012-11-11 14:52:19 Component SVRTcli.exe version 2.2
2012-11-11 14:52:19 Component control.dll version 2.2
2012-11-11 14:52:19 Component SVRTservice.exe version 2.2
2012-11-11 14:52:19 Component engine\osdp.dll version 1.44.0.2022
2012-11-11 14:52:19 Component engine\veex.dll version 3.37.2.2022
2012-11-11 14:52:19 Component engine\savi.dll version 7.5.10.2022
2012-11-11 14:52:19 Component rkdisk.dll version 1.5.30.0
2012-11-11 14:52:19 Version info: Product version 2.2
2012-11-11 14:52:19 Version info: Detection engine 3.37.2
2012-11-11 14:52:19 Version info: Detection data 4.83G
2012-11-11 14:52:19 Version info: Build date 11/5/2012
2012-11-11 14:52:19 Version info: Data files added 234
2012-11-11 14:52:19 Version info: Last successful update 11/11/2012 2:52:09 PM

2012-11-11 14:53:06 Scan completed.
2012-11-11 14:53:06

------------------------------------------------------------

2012-11-11 15:05:58 Sophos Virus Removal Tool version 2.2
2012-11-11 15:05:58 Copyright © 2009-2012 Sophos Limited. All rights reserved.

2012-11-11 15:05:58 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-11-11 15:05:58 Windows version 5.2 SP 2.0 Service Pack 2 build 3790 SM=0x100 PT=0x1 WOW64
2012-11-11 15:05:58 Checking for updates...
2012-11-11 15:06:06 Update progress: proxy server not available
2012-11-11 15:06:30 Option all = no
2012-11-11 15:06:30 Option recurse = yes
2012-11-11 15:06:30 Option archive = no
2012-11-11 15:06:30 Option service = yes
2012-11-11 15:06:30 Option confirm = yes
2012-11-11 15:06:30 Option sxl = yes
2012-11-11 15:06:30 Option max-data-age = 35
2012-11-11 15:06:30 Component SVRTcli.exe version 2.2
2012-11-11 15:06:30 Component control.dll version 2.2
2012-11-11 15:06:30 Component SVRTservice.exe version 2.2
2012-11-11 15:06:30 Component engine\osdp.dll version 1.44.0.2022
2012-11-11 15:06:30 Component engine\veex.dll version 3.37.2.2022
2012-11-11 15:06:30 Component engine\savi.dll version 7.5.10.2022
2012-11-11 15:06:30 Component rkdisk.dll version 1.5.30.0
2012-11-11 15:06:30 Version info: Product version 2.2
2012-11-11 15:06:30 Version info: Detection engine 3.37.2
2012-11-11 15:06:30 Version info: Detection data 4.83G
2012-11-11 15:06:30 Version info: Build date 11/5/2012
2012-11-11 15:06:30 Version info: Data files added 234
2012-11-11 15:06:30 Version info: Last successful update 11/11/2012 2:52:09 PM
2012-11-11 15:06:33 Update not required

2012-11-11 15:19:22 >>> Virus 'Mal/FakeAvJs-A' found in file C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8YL8DQF1\index[2].htm
2012-11-11 15:19:22 >>> Virus 'Mal/FakeAvJs-A' found in file HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
2012-11-11 15:19:31 >>> Virus 'Mal/FakeAvJs-B' found in file C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\22[1].htm
2012-11-11 15:19:31 >>> Virus 'Mal/FakeAvJs-B' found in file HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
2012-11-11 15:21:12 >>> Virus 'Mal/Generic-L' found in file C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe
2012-11-11 15:21:12 >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
2012-11-11 15:31:47 Could not open C:\hiberfil.sys
2012-11-11 15:39:01 >>> Virus 'Mal/Generic-L' found in file C:\Temp\adwcleaner.exe
2012-11-11 15:39:01 >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
2012-11-11 16:01:17 The following items will be cleaned up:
2012-11-11 16:01:17 Mal/FakeAvJs-A
2012-11-11 16:01:17 Mal/FakeAvJs-B
2012-11-11 16:01:17 Mal/Generic-L
2012-11-11 16:52:16 Threat 'Mal/FakeAvJs-A' has been cleaned up.
2012-11-11 16:52:16 File "C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8YL8DQF1\index[2].htm" belongs to malware 'Mal/FakeAvJs-A'.
2012-11-11 16:52:16 File "C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\8YL8DQF1\index[2].htm" has been cleaned up.
2012-11-11 16:52:16 Registry value "HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes" belongs to malware 'Mal/FakeAvJs-A'.
2012-11-11 16:52:16 Registry value "HKU\S-1-5-21-1567575379-270853854-1349272934-1113\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes" has been cleaned up.
2012-11-11 16:52:16 Removal successful
2012-11-11 16:52:21 Threat 'Mal/FakeAvJs-B' has been cleaned up.
2012-11-11 16:52:21 File "C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\22[1].htm" belongs to malware 'Mal/FakeAvJs-B'.
2012-11-11 16:52:21 File "C:\Documents and Settings\administrator.TAI.000\Local Settings\Temporary Internet Files\Content.IE5\BLRWBH2O\22[1].htm" has been cleaned up.
2012-11-11 16:52:21 Removal successful
2012-11-11 16:52:41 Threat 'Mal/Generic-L' has been cleaned up.
2012-11-11 16:52:41 File "C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe" belongs to malware 'Mal/Generic-L'.
2012-11-11 16:52:41 File "C:\Documents and Settings\jjacobs\Desktop\adwcleaner.exe" has been cleaned up.
2012-11-11 16:52:41 File "C:\Temp\adwcleaner.exe" belongs to malware 'Mal/Generic-L'.
2012-11-11 16:52:41 File "C:\Temp\adwcleaner.exe" has been cleaned up.
2012-11-11 16:52:41 Removal successful

#16 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 11 November 2012 - 05:08 PM

Good Evening Joker,

The problem is still ongoing. Your continued assistance is much appreciated.

Quercus.

#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 11 November 2012 - 10:07 PM

Please run OTL.exe.
  • Select the text inside the box below (all the text from :OTL to [EmptyTemp]) with the mouse and copy to the clipboard by pressing CTRL + C (or after selecting the text, right-click and choose Copy):

    [box]:OTL
    O4 - HKCU..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\jjacobs\Local Settings\Application Data\Apple Computer\Adobe\ptlivpxva.dll",fltInfoW File not found
    O4 - HKCU..\Run: [ApplicationHistory] C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll ()
    [2011/01/04 08:05:40 | 000,000,000 | ---- | M] () -- C:\tgo.2
    [2011/01/03 08:01:20 | 000,000,000 | ---- | M] () -- C:\tgs.2
    [2010/03/15 07:06:16 | 000,000,000 | ---- | M] () -- C:\th8.1
    [2010/03/29 07:10:08 | 000,000,000 | ---- | M] () -- C:\thc.1
    [2010/07/02 13:11:06 | 000,000,000 | ---- | M] () -- C:\thg.2
    [2012/03/05 08:03:08 | 000,000,000 | ---- | M] () -- C:\ths.1
    [2011/05/31 07:03:08 | 000,000,000 | ---- | M] () -- C:\tig.1
    [2011/05/03 07:08:31 | 000,000,000 | ---- | M] () -- C:\tj0.1
    [2010/06/03 07:09:00 | 000,000,000 | ---- | M] () -- C:\tp0.1
    [2010/03/08 08:03:39 | 000,000,000 | ---- | M] () -- C:\tpg.2
    [2010/09/28 07:10:21 | 000,000,000 | ---- | M] () -- C:\tpo.1
    [2011/08/29 06:59:39 | 000,000,000 | ---- | M] () -- C:\tqk.1
    [2012/05/02 07:04:14 | 000,000,000 | ---- | M] () -- C:\tqk.2
    [2011/10/10 07:04:56 | 000,000,000 | ---- | M] () -- C:\tqo.1
    [2012/02/15 08:03:25 | 000,000,000 | ---- | M] () -- C:\tqo.2
    [2012/06/19 07:04:17 | 000,000,000 | ---- | M] () -- C:\tqo.3
    [2012/07/24 07:06:12 | 000,000,000 | ---- | M] () -- C:\tqo.4
    [2012/09/24 07:06:36 | 000,000,000 | ---- | M] () -- C:\tqo.5
    [2012/10/08 07:05:24 | 000,000,000 | ---- | M] () -- C:\tqo.6
    [2011/11/11 08:03:56 | 000,000,000 | ---- | M] () -- C:\tqs.1
    [2012/08/07 07:08:06 | 000,000,000 | ---- | M] () -- C:\tro.2
    [2011/04/04 07:06:41 | 000,000,000 | ---- | M] () -- C:\ts0.1
    :Commands
    [EmptyTemp][/box]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button (not the Run Scan).
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. It will reboot.
  • Post the log OTL.TXT in your reply.
Are you still being redirected?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 12 November 2012 - 07:52 AM

Good morning Joker,

After running OTL run/fix, this txt file appeared in a "C:\_OTL\MovedFiles" directory. I couldn't find any other text files.

The google hijacking problem is continuing with redirects to click.livesearch.com and scour.

All processes killed
Error: Unable to interpret <:OTLO4 - HKCU..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\jjacobs\Local Settings\Application Data\Apple Computer\Adobe\ptlivpxva.dll",fltInfoW File not foundO4 - HKCU..\Run: [ApplicationHistory] C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll ()[2011/01/04 08:05:40 | 000,000,000 | ---- | M] () -- C:\tgo.2[2011/01/03 08:01:20 | 000,000,000 | ---- | M] () -- C:\tgs.2[2010/03/15 07:06:16 | 000,000,000 | ---- | M] () -- C:\th8.1[2010/03/29 07:10:08 | 000,000,000 | ---- | M] () -- C:\thc.1[2010/07/02 13:11:06 | 000,000,000 | ---- | M] () -- C:\thg.2[2012/03/05 08:03:08 | 000,000,000 | ---- | M] () -- C:\ths.1[2011/05/31 07:03:08 | 000,000,000 | ---- | M] () -- C:\tig.1[2011/05/03 07:08:31 | 000,000,000 | ---- | M] () -- C:\tj0.1[2010/06/03 07:09:00 | 000,000,000 | ---- | M] () -- C:\tp0.1[2010/03/08 08:03:39 | 000,000,000 | ---- | M] () -- C:\tpg.2[2010/09/28 07:10:21 | 000,000,000 | ---- | M] () -- C:\tpo.1[2011/08/29 06:59:39 | 000,000,000 | ---- | > in the current context!
Error: Unable to interpret <M] () -- C:\tqk.1[2012/05/02 07:04:14 | 000,000,000 | ---- | M] () -- C:\tqk.2[2011/10/10 07:04:56 | 000,000,000 | ---- | M] () -- C:\tqo.1[2012/02/15 08:03:25 | 000,000,000 | ---- | M] () -- C:\tqo.2[2012/06/19 07:04:17 | 000,000,000 | ---- | M] () -- C:\tqo.3[2012/07/24 07:06:12 | 000,000,000 | ---- | M] () -- C:\tqo.4[2012/09/24 07:06:36 | 000,000,000 | ---- | M] () -- C:\tqo.5[2012/10/08 07:05:24 | 000,000,000 | ---- | M] () -- C:\tqo.6[2011/11/11 08:03:56 | 000,000,000 | ---- | M] () -- C:\tqs.1[2012/08/07 07:08:06 | 000,000,000 | ---- | M] () -- C:\tro.2[2011/04/04 07:06:41 | 000,000,000 | ---- | M] () -- C:\ts0.1:Commands[EmptyTemp]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 11122012_074102

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by Quercus, 12 November 2012 - 07:55 AM.


#19 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 12 November 2012 - 08:04 AM

Ran an OTL scan. Here is the OTL.TXT file

OTL logfile created on: 11/12/2012 7:56:21 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jjacobs\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.99 Mb Total Physical Memory | 364.04 Mb Available Physical Memory | 35.62% Memory free
2.43 Gb Paging File | 1.97 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 193.82 Gb Free Space | 83.26% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 232.45 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive X: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive Y: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive Z: | 931.47 Gb Total Space | 862.07 Gb Free Space | 92.55% Space Free | Partition Type: NTFS

Computer Name: WS2 | User Name: JJACOBS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
PRC - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
PRC - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/15 08:21:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/15 08:20:45 | 000,353,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\SescLU.exe
PRC - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2010/12/15 08:20:29 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\ProtectionUtilSurrogate.exe
PRC - [2009/12/24 21:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
PRC - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe
PRC - [2007/02/18 10:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2005/11/20 16:40:41 | 000,151,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe
PRC - [2005/06/03 01:30:58 | 000,015,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTHELPER.EXE
PRC - [2003/09/17 17:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE


========== Modules (No Company Name) ==========

MOD - [2012/11/09 09:24:02 | 000,274,432 | ---- | M] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll
MOD - [2005/07/06 22:36:20 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\storutil.dll
MOD - [2003/11/19 23:44:18 | 000,057,455 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\net.dll
MOD - [2003/11/19 23:36:42 | 000,053,364 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\zip.dll
MOD - [2003/11/19 23:35:48 | 000,102,515 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\java.dll
MOD - [2003/11/19 23:31:48 | 000,057,453 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\verify.dll
MOD - [2003/11/19 23:31:30 | 001,212,546 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\client\jvm.dll
MOD - [2003/11/19 23:31:18 | 000,028,791 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\hpi.dll


========== Services (SafeList) ==========

SRV:64bit: - [2005/01/07 10:48:30 | 000,157,696 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/15 08:20:51 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/12/15 08:20:36 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE -- (SNAC)
SRV - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) [Auto | Running] -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent)
SRV - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2012/11/02 07:12:58 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\ex64.sys -- (NAVEX15)
DRV - [2012/11/02 07:12:50 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\eng64.sys -- (NAVENG)
DRV - [2012/08/15 13:51:30 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 07:18:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/15 08:21:45 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/12/15 08:21:45 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/12/15 08:21:45 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtspx64.sys -- (SRTSPX)
DRV - [2005/03/25 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/03/25 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.xpt ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.7.2197: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: RealPlayer Enterprise™ LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/

Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AsioThk32Reg] C:\WINDOWS\SysWOW64\CTASIO.DLL (Creative Technology Ltd)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\jjacobs\Local Settings\Application Data\Apple Computer\Adobe\ptlivpxva.dll",fltInfoW File not found
O4 - HKCU..\Run: [ApplicationHistory] C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk = C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130079827814 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1269476613658 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstFred.ocx (InstaFred)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tai.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9EFE698-81D6-419A-89D2-AAE048036FCF}: DhcpNameServer = 192.168.1.100 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/11/07 10:31:13 | 000,000,000 | ---D | M] - Z:\Autohaus Acquisitions -- [ NTFS ]
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 07:41:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/11 14:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/11/11 14:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Start Menu\Programs\Sophos
[2012/11/11 14:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/11/11 14:48:42 | 079,645,432 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.exe
[2012/11/11 11:39:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
[2012/11/11 07:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Sun
[2012/11/10 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/10 22:57:01 | 002,215,000 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe
[2012/11/10 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/10 14:07:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/11/10 14:07:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/11/10 14:07:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/11/10 14:07:21 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2012/11/10 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/11/10 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/10 14:02:15 | 031,160,808 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe
[2012/11/10 14:02:14 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe
[2012/11/10 13:29:38 | 004,998,937 | ---- | C] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe
[2012/11/10 09:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\f-secure
[2012/11/10 09:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/11/10 09:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\QuickScan
[2012/11/09 22:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/12 07:50:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/12 07:44:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/11/12 07:43:14 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/12 07:42:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/12 07:42:55 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/11 16:57:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/11/11 16:54:36 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.CDF
[2012/11/11 16:54:36 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.BAK
[2012/11/11 14:50:16 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.lnk
[2012/11/11 14:47:55 | 079,645,432 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.exe
[2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
[2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/10 14:07:12 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2012/11/10 14:07:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/11/10 14:07:11 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2012/11/10 14:07:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/11/10 14:07:11 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/11/10 14:01:56 | 031,160,808 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe
[2012/11/10 13:57:55 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe
[2012/11/10 13:44:59 | 004,998,937 | ---- | M] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe
[2012/11/09 17:36:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 17:32:21 | 002,195,988 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip
[2012/11/09 14:29:28 | 000,658,298 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/11/08 08:54:22 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/05 11:45:09 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\SysWow64\KGyGaAvL.sys
[2012/10/30 13:39:20 | 002,215,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/11 16:57:13 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/11/11 16:57:13 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/11/11 14:50:16 | 000,002,090 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.lnk
[2012/11/10 23:08:53 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/10 09:18:10 | 1071,808,512 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/09 17:36:15 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 17:32:19 | 002,195,988 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip
[2011/08/05 15:00:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2008/04/03 07:05:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\fusioncache.dat
[2006/10/05 08:01:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JPR.{PB
[2006/10/05 08:01:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JCM.{PB
[2005/11/29 12:17:53 | 000,006,332 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2005/04/01 21:52:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2009/05/14 03:28:58 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#20 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 12 November 2012 - 05:38 PM

You had a copy paste error, and that's why there were errors in the log from the OTL fix. We'll try it without the box around the text next time.

But let's do a few other things first.

There was this line in the OTL results, are you using a proxy?

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:
C:\Windows\System32\webcheck.dll
Don't delete the file, I just need to see the results.

Now let's see if we can take care of what seems to be a possible TCP/IP and Winsock problem.
  • Click the Start button.
  • In the Search box, type: Command Prompt
  • Right-click the Command Prompt icon, and choose "Run as administrator".
  • Enter your ID and password.
  • When the Command Prompt window opens, type the following two commands, pressing the ENTER key after each:
netsh winsock reset
netsh int ip reset



Now please run OTL.exe.
  • Select the BLUE text below (all the text from :OTL to [EmptyTemp]) with the mouse and copy to the clipboard by pressing CTRL + C (or after selecting the text, right-click and choose Copy):

    :OTL
    O4 - HKCU..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\jjacobs\Local Settings\Application Data\Apple Computer\Adobe\ptlivpxva.dll",fltInfoW File not found
    O4 - HKCU..\Run: [ApplicationHistory] C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll ()
    [2011/01/04 08:05:40 | 000,000,000 | ---- | M] () -- C:\tgo.2
    [2011/01/03 08:01:20 | 000,000,000 | ---- | M] () -- C:\tgs.2
    [2010/03/15 07:06:16 | 000,000,000 | ---- | M] () -- C:\th8.1
    [2010/03/29 07:10:08 | 000,000,000 | ---- | M] () -- C:\thc.1
    [2010/07/02 13:11:06 | 000,000,000 | ---- | M] () -- C:\thg.2
    [2012/03/05 08:03:08 | 000,000,000 | ---- | M] () -- C:\ths.1
    [2011/05/31 07:03:08 | 000,000,000 | ---- | M] () -- C:\tig.1
    [2011/05/03 07:08:31 | 000,000,000 | ---- | M] () -- C:\tj0.1
    [2010/06/03 07:09:00 | 000,000,000 | ---- | M] () -- C:\tp0.1
    [2010/03/08 08:03:39 | 000,000,000 | ---- | M] () -- C:\tpg.2
    [2010/09/28 07:10:21 | 000,000,000 | ---- | M] () -- C:\tpo.1
    [2011/08/29 06:59:39 | 000,000,000 | ---- | M] () -- C:\tqk.1
    [2012/05/02 07:04:14 | 000,000,000 | ---- | M] () -- C:\tqk.2
    [2011/10/10 07:04:56 | 000,000,000 | ---- | M] () -- C:\tqo.1
    [2012/02/15 08:03:25 | 000,000,000 | ---- | M] () -- C:\tqo.2
    [2012/06/19 07:04:17 | 000,000,000 | ---- | M] () -- C:\tqo.3
    [2012/07/24 07:06:12 | 000,000,000 | ---- | M] () -- C:\tqo.4
    [2012/09/24 07:06:36 | 000,000,000 | ---- | M] () -- C:\tqo.5
    [2012/10/08 07:05:24 | 000,000,000 | ---- | M] () -- C:\tqo.6
    [2011/11/11 08:03:56 | 000,000,000 | ---- | M] () -- C:\tqs.1
    [2012/08/07 07:08:06 | 000,000,000 | ---- | M] () -- C:\tro.2
    [2011/04/04 07:06:41 | 000,000,000 | ---- | M] () -- C:\ts0.1
    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button (not the Run Scan).
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. It will reboot.
  • Post the log OTL.TXT in your reply, and in a second reply, the results from scanning the file at VirusTotal, and let me know if you were using a proxy.
Are you still being redirected?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#21 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 12 November 2012 - 07:16 PM

Joker,

I'm looking in to the "Proxy Server" question. There is a Server but I believe it functions mostly as a NAT (Network Address Translation). There's a dynamic IP address protocol requirement that is handled by the Server.

I can get to a command prompt by "Run" and "cmd". There's no search box in the start menu (just search options for files, people, etc.). I ran the netsh winsock reset command from the cmd C:\ prompt. I'm not sure that the int ip reset is applicable with the server setup?

Anyway the Logs are below.

The good news is that the Google hijacking seems to be resolved for now! We'll be keeping a careful eye on it.

Virus Total Log:
File already analysed
This file was already analysed by VirusTotal on 2012-11-06 01:34:45.

Detection ratio: 0/44

You can take a look at the last analysis or analyse it again now.


OTL Log:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ApplicationHistory deleted successfully.
C:\Documents and Settings\jjacobs\Local Settings\Application Data\Corel\ApplicationHistory\dlbwy.dll moved successfully.
C:\tgo.2 moved successfully.
C:\tgs.2 moved successfully.
C:\th8.1 moved successfully.
C:\thc.1 moved successfully.
C:\thg.2 moved successfully.
C:\ths.1 moved successfully.
C:\tig.1 moved successfully.
C:\tj0.1 moved successfully.
C:\tp0.1 moved successfully.
C:\tpg.2 moved successfully.
C:\tpo.1 moved successfully.
C:\tqk.1 moved successfully.
C:\tqk.2 moved successfully.
C:\tqo.1 moved successfully.
C:\tqo.2 moved successfully.
C:\tqo.3 moved successfully.
C:\tqo.4 moved successfully.
C:\tqo.5 moved successfully.
C:\tqo.6 moved successfully.
C:\tqs.1 moved successfully.
C:\tro.2 moved successfully.
C:\ts0.1 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 17565259 bytes
->Temporary Internet Files folder emptied: 8696341 bytes

User: administrator.TAI.000
->Temp folder emptied: 179775499 bytes
->Temporary Internet Files folder emptied: 47947588 bytes
->Java cache emptied: 32108493 bytes
->Google Chrome cache emptied: 6124526 bytes
->Flash cache emptied: 639 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12268558 bytes

User: jjacobs
->Temp folder emptied: 1151817141 bytes
->Temporary Internet Files folder emptied: 1564350919 bytes
->Java cache emptied: 49314607 bytes
->Google Chrome cache emptied: 6467610 bytes
->Flash cache emptied: 3493539 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1271977 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105463548 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 155822551 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 12514465 bytes
RecycleBin emptied: 135700331 bytes

Total Files Cleaned = 3,591.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11122012_184758

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#22 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 12 November 2012 - 07:41 PM

The good news is that the Google hijacking seems to be resolved for now!

Excellent!

Please run a new OTL log, all you need to post is OTL.TXT:
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows, you only need to post OTL.Txt.
If all is well, the only thing after this will be some cleanup of the tools we've used.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#23 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 12 November 2012 - 08:39 PM

Updated OTL.txt log:

OTL logfile created on: 11/12/2012 8:14:54 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jjacobs\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.99 Mb Total Physical Memory | 334.77 Mb Available Physical Memory | 32.76% Memory free
2.43 Gb Paging File | 1.95 Gb Available in Paging File | 80.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 196.11 Gb Free Space | 84.25% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 232.48 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive X: | 931.47 Gb Total Space | 861.90 Gb Free Space | 92.53% Space Free | Partition Type: NTFS
Drive Y: | 931.47 Gb Total Space | 861.90 Gb Free Space | 92.53% Space Free | Partition Type: NTFS
Drive Z: | 931.47 Gb Total Space | 861.90 Gb Free Space | 92.53% Space Free | Partition Type: NTFS

Computer Name: WS2 | User Name: JJACOBS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
PRC - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
PRC - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/15 08:21:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2010/12/15 08:20:29 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\ProtectionUtilSurrogate.exe
PRC - [2009/12/24 21:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
PRC - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe
PRC - [2007/02/18 10:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2005/11/20 16:40:41 | 000,151,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe
PRC - [2005/06/03 01:30:58 | 000,015,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTHELPER.EXE
PRC - [2003/09/17 17:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE


========== Modules (No Company Name) ==========

MOD - [2005/07/06 22:36:20 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\storutil.dll
MOD - [2003/11/19 23:44:18 | 000,057,455 | ---- | M] () -- C:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\net.dll
MOD - [2003/11/19 23:36:42 | 000,053,364 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\zip.dll
MOD - [2003/11/19 23:35:48 | 000,102,515 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\java.dll
MOD - [2003/11/19 23:31:48 | 000,057,453 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\verify.dll
MOD - [2003/11/19 23:31:30 | 001,212,546 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\client\jvm.dll
MOD - [2003/11/19 23:31:18 | 000,028,791 | ---- | M] () -- c:\Program Files (x86)\Dell\RAID Storage Manager\jre\bin\hpi.dll


========== Services (SafeList) ==========

SRV:64bit: - [2005/01/07 10:48:30 | 000,157,696 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2012/11/10 14:07:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/15 08:21:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/15 08:20:51 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/12/15 08:20:36 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec AntiVirus\SNAC64.EXE -- (SNAC)
SRV - [2010/12/15 08:20:32 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/12/24 21:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2005/07/06 22:55:02 | 000,053,248 | ---- | M] (Dell) [Auto | Running] -- c:\Program Files (x86)\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent)
SRV - [1999/12/13 22:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2012/11/02 07:12:58 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\ex64.sys -- (NAVEX15)
DRV - [2012/11/02 07:12:50 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20121101.002\eng64.sys -- (NAVENG)
DRV - [2012/08/15 13:51:30 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 07:18:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/15 08:21:45 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/12/15 08:21:45 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/12/15 08:21:45 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\srtspx64.sys -- (SRTSPX)
DRV - [2005/03/25 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/03/25 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.xpt ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.7.2197: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: RealPlayer Enterprise™ LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\jjacobs\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/

Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AsioThk32Reg] C:\WINDOWS\SysWOW64\CTASIO.DLL (Creative Technology Ltd)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk = C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130079827814 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1269476613658 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\InstFred.ocx (InstaFred)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files (x86)\Autodesk Architectural Desktop 3\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tai.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9EFE698-81D6-419A-89D2-AAE048036FCF}: DhcpNameServer = 192.168.1.100 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jjacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/01 21:46:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/11/07 10:31:13 | 000,000,000 | ---D | M] - Z:\Autohaus Acquisitions -- [ NTFS ]
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78249d89-f29b-11e1-a4b0-000f1f8a4c8d}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


Drivers32:64bit: midi - File not found
Drivers32:64bit: midi1 - File not found
Drivers32:64bit: midimapper - File not found
Drivers32:64bit: mixer - File not found
Drivers32:64bit: mixer1 - File not found
Drivers32:64bit: msacm.imaadpcm - File not found
Drivers32:64bit: msacm.msadpcm - File not found
Drivers32:64bit: msacm.msg711 - File not found
Drivers32:64bit: msacm.msgsm610 - File not found
Drivers32:64bit: msacm.trspch - File not found
Drivers32:64bit: vidc.i420 - File not found
Drivers32:64bit: vidc.iv31 - File not found
Drivers32:64bit: vidc.iv32 - File not found
Drivers32:64bit: vidc.iv41 - File not found
Drivers32:64bit: vidc.iv50 - File not found
Drivers32:64bit: vidc.iyuv - File not found
Drivers32:64bit: vidc.mrle - File not found
Drivers32:64bit: vidc.msvc - File not found
Drivers32:64bit: vidc.uyvy - File not found
Drivers32:64bit: vidc.yuy2 - File not found
Drivers32:64bit: vidc.yvu9 - File not found
Drivers32:64bit: vidc.yvyu - File not found
Drivers32:64bit: wave - File not found
Drivers32:64bit: wave1 - File not found
Drivers32:64bit: wavemapper - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 07:41:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/11 14:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/11/11 14:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Start Menu\Programs\Sophos
[2012/11/11 14:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/11/11 14:48:42 | 079,645,432 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.exe
[2012/11/11 11:39:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
[2012/11/11 07:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\Sun
[2012/11/10 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/10 22:57:01 | 002,215,000 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe
[2012/11/10 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/10 14:07:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/11/10 14:07:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/11/10 14:07:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/11/10 14:07:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/11/10 14:07:21 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2012/11/10 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/11/10 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/10 14:02:15 | 031,160,808 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe
[2012/11/10 14:02:14 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe
[2012/11/10 13:29:38 | 004,998,937 | ---- | C] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe
[2012/11/10 09:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\f-secure
[2012/11/10 09:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/11/10 09:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jjacobs\Application Data\QuickScan
[2012/11/09 22:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

========== Files - Modified Within 30 Days ==========

[2012/11/12 20:05:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/11/12 20:05:25 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/12 20:05:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/12 20:04:58 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/12 20:01:59 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.CDF
[2012/11/12 20:01:59 | 004,931,928 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.BAK
[2012/11/12 19:50:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/11 16:57:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/11/11 14:50:16 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.lnk
[2012/11/11 14:47:55 | 079,645,432 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.exe
[2012/11/11 11:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jjacobs\Desktop\OTL.exe
[2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/10 14:07:12 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2012/11/10 14:07:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/11/10 14:07:11 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2012/11/10 14:07:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/11/10 14:07:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/11/10 14:07:11 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/11/10 14:01:56 | 031,160,808 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-i586.exe
[2012/11/10 13:57:55 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\jjacobs\Desktop\jre-7u9-windows-x64.exe
[2012/11/10 13:44:59 | 004,998,937 | ---- | M] (Swearware) -- C:\Documents and Settings\jjacobs\Desktop\ComboFix.exe
[2012/11/09 17:36:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 17:32:21 | 002,195,988 | ---- | M] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip
[2012/11/09 14:29:28 | 000,658,298 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/11/08 08:54:22 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/05 11:45:09 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\SysWow64\KGyGaAvL.sys
[2012/10/30 13:39:20 | 002,215,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jjacobs\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2012/11/11 16:57:13 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/11/11 16:57:13 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/11/11 14:50:16 | 000,002,090 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\Sophos Virus Removal Tool.lnk
[2012/11/10 23:08:53 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/10 09:18:10 | 1071,808,512 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/09 17:36:15 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 17:32:19 | 002,195,988 | ---- | C] () -- C:\Documents and Settings\jjacobs\Desktop\tdsskiller-2-8-14-0.zip
[2011/08/05 15:00:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2008/04/03 07:05:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\jjacobs\Local Settings\Application Data\fusioncache.dat
[2006/10/05 08:01:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JPR.{PB
[2006/10/05 08:01:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\jjacobs\Application Data\PFP120JCM.{PB
[2005/11/29 12:17:53 | 000,006,332 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2005/04/01 21:52:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2009/05/14 03:28:58 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/11/10 11:29:05 | 000,002,060 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/11/10 13:33:02 | 000,001,986 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2005/04/01 21:46:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/10/22 09:39:20 | 000,000,213 | RHS- | M] () -- C:\boot.ini
[2005/04/01 21:46:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/10/01 04:13:12 | 000,004,733 | RH-- | M] () -- C:\dell.sdr
[2012/11/12 20:04:58 | 1071,808,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 14:40:58 | 000,000,201 | ---- | M] () -- C:\inferno.log
[2005/04/01 21:46:44 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/04/01 21:46:44 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2005/03/25 12:00:00 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM
[2007/11/16 08:11:55 | 000,297,072 | RHS- | M] () -- C:\ntldr
[2012/03/06 18:57:00 | 000,000,512 | ---- | M] () -- C:\osmbr.bak
[2012/11/12 20:04:53 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2001/08/29 15:00:44 | 000,019,200 | ---- | M] (Microsoft Corporation) -- C:\Posusb.sys
[2012/11/10 23:45:02 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2001/08/29 15:00:44 | 000,002,858 | ---- | M] () -- C:\TalonGPS.inf
[2012/11/09 17:32:41 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_17.32.35_log.txt
[2012/11/09 19:27:18 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_19.26.37_log.txt
[2012/11/09 22:23:26 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_09.11.2012_22.23.22_log.txt
[2012/11/10 22:57:07 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.14.0_10.11.2012_22.57.03_log.txt
[2012/11/09 17:34:04 | 000,090,100 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_17.33.22_log.txt
[2012/11/09 19:29:00 | 000,090,078 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_19.27.54_log.txt
[2012/11/09 22:24:41 | 000,090,100 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_22.23.39_log.txt
[2012/11/10 23:01:43 | 000,027,776 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_10.11.2012_22.57.32_log.txt
[2012/03/06 18:57:26 | 222,083,584 | ---- | M] () -- C:\virtpart.dat
[2012/03/06 18:57:00 | 000,000,291 | ---- | M] () -- C:\virtpart.vmdk

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 3
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

#24 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 12 November 2012 - 09:12 PM

I still see the apparent Winsock error in the log, but as you are connected fine, I'd leave it alone at this point.

Let's get rid of a few of the items that you have been using for cleanup.

You can delete the following programs (most would have been saved to your Desktop) and any logs from them:
AdwCleaner.exe
C:\AdwCleaner[S1].txt
C:\AdwCleaner[R1].txt
ComboFix.exe
TDSSKiller.exe
Log from TDSSKiller.exe in C:\ (in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.tx"t)
OTL.exe and any of the OTL.Txt and Extras.Txt log files
Sophos Virus Removal Tool.exe (and if present uninstall from Control Panel > Add or Remove Programs)
ESET Online Scanner can be uninstalled from Control Panel > Add or Remove Programs

To help keep malware off your system:
  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector scan to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...2002/hosts.htm.
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools.../products.html.
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955
Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#25 Quercus

Quercus

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 November 2012 - 04:33 PM

Software all removed and everything's still good with the Google searches. Thanks for the anti-malware tips. Frustrating that some of the more expensive antivirus packages don't do a better job.

FYI - Apparently there's no Windows XP Service Pack 3 for 64bit machines, only Service Pack 2.

Thanks again.

Quercus.

#26 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 14 November 2012 - 08:38 PM

Frustrating that some of the more expensive antivirus packages don't do a better job.

One of the problems is that generally an antivirus can't remove something it has no signatures to detect, and they can't get that signature until they receive samples after an infection is already out there, and there are more and more each and every day.

FYI - Apparently there's no Windows XP Service Pack 3 for 64bit machines, only Service Pack 2.

You're absolutely correct, I just checked after you mentioned that, and found the same thing. Sorry if I sent you on a wild goose chase looking for a non-existant Service Pack.

Software all removed and everything's still good with the Google searches.

That's very good to hear. :)

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#27 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,259 posts

Posted 23 November 2012 - 10:28 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button