Twohands108

November 26, 2012

I think because my chrome is a later version the settings for search providers is a little different, but I found where to change it. Settings > Search > I changed Google to default and deleted dts. This appears to have worked! Thanks very much MrC!!!!. I'll monitor over next few days and let you know if any problems.

Should I be worried about any data protection or keylogging as I have put in passwords and bank details before i realised the problem.

November 25, 2012

Hi, I can't be sure but it seems to be just chrome. I think it is this search results, it does a dts search results and then goes to an ask page.

OTL file below.

OTL logfile created on: 25/11/2012 20:54:33 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ray Hall\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 61.83% Memory free

7.20 Gb Paging File | 5.39 Gb Available in Paging File | 74.87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.92 Gb Total Space | 226.11 Gb Free Space | 79.92% Space Free | Partition Type: NTFS

Computer Name: RAYHALL-PC | User Name: Ray Hall | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/22 20:06:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe

PRC - [2012/10/31 22:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2012/10/24 11:46:14 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012/08/06 13:58:26 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe

PRC - [2012/07/31 19:19:17 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

PRC - [2011/11/29 10:17:38 | 000,251,200 | ---- | M] (Compete, Inc.) -- C:\Program Files (x86)\Consumer Input\dca-ua.exe

PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/07/19 15:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/31 22:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll

MOD - [2012/10/31 22:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

MOD - [2012/10/31 22:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll

MOD - [2012/10/31 22:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll

MOD - [2012/10/31 22:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll

MOD - [2012/10/31 22:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll

MOD - [2012/10/31 22:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll

MOD - [2012/10/31 22:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll

MOD - [2012/10/24 11:46:13 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/10/24 11:46:10 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/10/24 11:46:10 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/10/24 11:46:10 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/10/24 11:46:10 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:64bit: - [2011/06/10 04:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2011/06/08 05:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/05/17 22:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/10/20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/10/24 11:46:14 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/07/31 19:19:17 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/07/19 15:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2011/07/12 01:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/06/08 06:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/06/08 05:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/14 20:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/02/09 03:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/01/05 09:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/11 20:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/11/05 15:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/11/05 15:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/10/08 19:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/09/27 23:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2009/07/31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 23:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/07 17:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {5A59D1C6-486E-42BC-8E80-EB0BC6750DBF}

IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKCU\..\SearchScopes\{5A59D1C6-486E-42BC-8E80-EB0BC6750DBF}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enGB469

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ray Hall\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/26 21:28:30 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1411461434014194&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ray Hall\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Skype Click to Call = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/23 21:07:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe (Compete, Inc.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45BCF574-D48F-4F44-861B-C416806822FA}: DhcpNameServer = 192.168.0.1

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 21:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/11/24 13:10:34 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\PCCUStubInstaller

[2012/11/24 01:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant

[2012/11/24 01:01:35 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Local\Conexant

[2012/11/23 21:19:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/23 21:11:59 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/11/23 20:54:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/11/23 20:54:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/11/23 20:54:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/11/23 20:54:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/23 20:54:06 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012/11/23 20:50:02 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\Ray Hall\Desktop\ComboFix.exe

[2012/11/23 20:47:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/11/23 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Local\MFAData

[2012/11/23 20:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/11/23 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Local\Avg2013

[2012/11/23 20:46:51 | 004,424,392 | ---- | C] (AVG Technologies) -- C:\Users\Ray Hall\Desktop\avg_avct_stb_all_2013_2793_ppc2.exe

[2012/11/23 19:43:29 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/11/22 20:06:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe

[2012/11/21 23:36:40 | 000,000,000 | ---D | C] -- C:\windows\ERUNT

[2012/11/21 23:35:59 | 000,000,000 | ---D | C] -- C:\JRT

[2012/11/21 20:53:51 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\Malwarebytes

[2012/11/21 20:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/21 20:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/21 20:52:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/11/21 20:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/16 00:17:28 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys

[2012/11/16 00:17:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll

[2012/11/16 00:06:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/11/16 00:06:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/11/16 00:06:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/11/16 00:06:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/11/16 00:06:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/11/16 00:06:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/11/16 00:06:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/11/16 00:06:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/11/16 00:06:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/11/16 00:06:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/11/16 00:06:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/11/16 00:06:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2012/11/16 00:06:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/11/16 00:06:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/11/16 00:06:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2012/11/16 00:05:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll

[2012/11/16 00:05:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll

[2012/11/16 00:05:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll

[2012/11/16 00:05:04 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe

[2012/11/15 11:04:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll

[2012/11/15 11:04:51 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll

[2012/11/15 11:04:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll

[2012/11/15 11:04:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll

[2012/11/15 11:04:43 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll

[2012/11/15 11:04:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll

[2012/11/15 11:04:42 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll

[2012/11/15 11:04:42 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll

[2012/11/15 11:04:42 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll

[2012/11/15 11:04:22 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll

[2012/11/15 11:04:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll

[2012/06/22 18:07:10 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Ray Hall\AppData\Local\log4cxx.dll

========== Files - Modified Within 30 Days ==========

[2012/11/25 20:58:01 | 000,000,938 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000UA.job

[2012/11/25 20:58:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000Core.job

[2012/11/25 20:39:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/25 19:15:43 | 005,537,234 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/11/25 19:15:43 | 002,606,654 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/11/25 19:15:43 | 000,006,442 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/11/25 19:12:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/11/25 16:54:45 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/25 16:54:45 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/25 16:47:11 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/25 16:46:54 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/24 21:33:15 | 000,002,300 | ---- | M] () -- C:\Users\Ray Hall\Desktop\Google Chrome.lnk

[2012/11/23 21:07:35 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/11/23 20:49:40 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\Ray Hall\Desktop\ComboFix.exe

[2012/11/23 20:44:27 | 004,424,392 | ---- | M] (AVG Technologies) -- C:\Users\Ray Hall\Desktop\avg_avct_stb_all_2013_2793_ppc2.exe

[2012/11/22 20:06:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe

[2012/11/21 22:00:44 | 000,543,531 | ---- | M] () -- C:\Users\Ray Hall\Desktop\adwcleaner.exe

[2012/11/21 20:52:59 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/16 10:40:12 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/11/10 22:02:46 | 000,000,454 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Ray Hall.job

[2012/11/04 16:00:43 | 001,699,299 | ---- | M] () -- C:\Users\Ray Hall\Desktop\IMG-20121104-00273.jpg

[2012/10/29 21:03:22 | 000,002,378 | ---- | M] () -- C:\Users\Ray Hall\Desktop\Sky Go Desktop.lnk

========== Files Created - No Company Name ==========

[2012/11/24 21:33:15 | 000,002,300 | ---- | C] () -- C:\Users\Ray Hall\Desktop\Google Chrome.lnk

[2012/11/23 22:30:55 | 000,543,531 | ---- | C] () -- C:\Users\Ray Hall\Desktop\adwcleaner.exe

[2012/11/23 20:54:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/11/23 20:54:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/11/23 20:54:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/11/23 20:54:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/11/23 20:54:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/11/21 20:52:59 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/16 11:07:20 | 001,771,942 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10968 - Copy.JPG

[2012/11/16 10:43:41 | 001,845,667 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10969.JPG

[2012/11/16 10:43:30 | 001,771,942 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10968.JPG

[2012/11/16 00:17:31 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/16 00:05:03 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/04 07:59:50 | 001,699,299 | ---- | C] () -- C:\Users\Ray Hall\Desktop\IMG-20121104-00273.jpg

[2012/10/29 21:03:22 | 000,002,408 | ---- | C] () -- C:\Users\Ray Hall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Go Desktop.lnk

[2012/10/29 21:03:22 | 000,002,378 | ---- | C] () -- C:\Users\Ray Hall\Desktop\Sky Go Desktop.lnk

[2012/06/22 14:00:08 | 000,788,548 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/12/08 02:29:31 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

[2011/12/08 02:15:49 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011/12/08 02:12:18 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

November 24, 2012

Hi, I followed those instructions including uninstalling Google Chrome and then re-installing and the problem persists

November 24, 2012

Done but no change.

November 24, 2012

Hi, I'm getting the same sort of results as the first time you asked me to run these. Adwcleaner is detecting the DTS Search and saying it has deleted it, but the problem remains.

I also noticed a problem with sound yesterday. I tried to adjust the sound and it was gone from tray app, it didn't return even when i selected it too. I was then getting a box come up called Smart Audio which also appears to be a virus. Please Help

# AdwCleaner v2.008 - Logfile created 11/24/2012 at 11:44:23

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ray Hall - RAYHALL-PC

# Boot Mode : Normal

# Running from : C:\Users\Ray Hall\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.40] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid[...]

*************************

AdwCleaner[R1].txt - [4351 octets] - [21/11/2012 22:02:12]

AdwCleaner[R2].txt - [4411 octets] - [21/11/2012 22:06:01]

AdwCleaner[R3].txt - [4471 octets] - [21/11/2012 22:29:51]

AdwCleaner[R4].txt - [1212 octets] - [23/11/2012 22:31:15]

AdwCleaner[R5].txt - [1272 octets] - [23/11/2012 23:26:03]

AdwCleaner[R6].txt - [1392 octets] - [24/11/2012 11:44:04]

AdwCleaner[s1].txt - [4434 octets] - [21/11/2012 22:30:29]

AdwCleaner[s2].txt - [1264 octets] - [23/11/2012 23:26:43]

AdwCleaner[s3].txt - [1255 octets] - [24/11/2012 11:44:23]

########## EOF - C:\AdwCleaner[s3].txt - [1315 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.4.1 (11.21.2012)

OS: Windows 7 Home Premium x64

Ran by Ray Hall on 24/11/2012 at 11:48:33.52

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ray Hall\AppData\Roaming\pccustubinstaller"

Failed to delete: [Folder] "C:\Program Files (x86)\consumer input"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24/11/2012 at 11:59:57.76

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

November 23, 2012

# AdwCleaner v2.008 - Logfile created 11/23/2012 at 22:31:15

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ray Hall - RAYHALL-PC

# Boot Mode : Normal

# Running from : C:\Users\Ray Hall\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.40] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1411461434014194&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [4351 octets] - [21/11/2012 22:02:12]

AdwCleaner[R2].txt - [4411 octets] - [21/11/2012 22:06:01]

AdwCleaner[R3].txt - [4471 octets] - [21/11/2012 22:29:51]

AdwCleaner[R4].txt - [1023 octets] - [23/11/2012 22:31:15]

AdwCleaner[s1].txt - [4434 octets] - [21/11/2012 22:30:29]

########## EOF - C:\AdwCleaner[R4].txt - [1143 octets] ##########

November 23, 2012

ComboFix 12-11-23.02 - Ray Hall 23/11/2012 20:57:18.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3687.1968 [GMT 0:00]

Running from: c:\users\Ray Hall\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Ray Hall\AppData\Local\common_functions.dll

c:\users\Ray Hall\AppData\Local\ie_runner_app.exe

.

((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))

.

2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-23 20:47 . 2012-11-23 20:48 -------- d-----w- c:\programdata\MFAData

2012-11-23 20:47 . 2012-11-23 20:47 -------- d--h--w- c:\programdata\Common Files

2012-11-23 20:47 . 2012-11-23 20:47 -------- d-----w- c:\users\Ray Hall\AppData\Local\MFAData

2012-11-23 20:47 . 2012-11-23 20:47 -------- d-----w- c:\users\Ray Hall\AppData\Local\Avg2013

2012-11-23 20:09 . 2012-11-23 20:09 -------- d-----w- c:\users\Ray Hall\AppData\Roaming\PCCUStubInstaller

2012-11-23 19:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97B7D2F0-B435-4603-8504-0532620667BC}\mpengine.dll

2012-11-23 19:43 . 2012-11-23 19:43 -------- d-----w- C:\_OTL

2012-11-21 23:36 . 2012-11-21 23:36 -------- d-----w- c:\windows\ERUNT

2012-11-21 23:35 . 2012-11-21 23:35 -------- d-----w- C:\JRT

2012-11-21 20:53 . 2012-11-21 20:53 -------- d-----w- c:\users\Ray Hall\AppData\Roaming\Malwarebytes

2012-11-21 20:52 . 2012-11-21 20:52 -------- d-----w- c:\programdata\Malwarebytes

2012-11-21 20:52 . 2012-11-21 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-21 20:52 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-16 00:17 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 00:17 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 00:17 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 00:17 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 00:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 00:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 00:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 00:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 00:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-16 00:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 00:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-10-26 09:42 . 2012-10-26 09:43 -------- d-----w- c:\program files (x86)\The Game of Life

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-31 21:21 . 2012-07-26 19:02 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-10-31 21:20 . 2012-07-26 19:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-10-31 21:20 . 2012-08-24 22:27 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-10-26 09:21 . 2012-08-24 22:27 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-10-26 09:21 . 2012-08-24 22:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-10-26 09:21 . 2012-07-26 19:01 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-09-14 19:19 . 2012-10-10 10:30 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 10:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-06 20:46 . 2012-09-06 20:46 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll

2012-08-31 18:19 . 2012-10-10 10:31 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 10:31 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:31 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:31 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Facebook Update"="c:\users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"Consumer Input Update"="c:\program files (x86)\Consumer Input\dca-ua.exe" [2011-11-29 251200]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-07-31 123320]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 38098591

*NewlyCreated* - 46192536

*Deregistered* - 38098591

*Deregistered* - 46192536

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000Core.job

- c:\users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 19:53]

.

2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000UA.job

- c:\users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 19:53]

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-08 03:12]

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-08 03:12]

.

2012-11-10 c:\windows\Tasks\Norton Security Scan for Ray Hall.job

- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-27 09:45]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-46192536.sys

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-Consumer Input Software - c:\program files (x86)\Consumer Input\uninstall.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-23 21:11:56

ComboFix-quarantined-files.txt 2012-11-23 21:11

.

Pre-Run: 244,156,162,048 bytes free

Post-Run: 243,781,267,456 bytes free

.

- - End Of File - - A4E60A469694B35515BF9F105726EB9D

November 23, 2012

Kaspersky did not find anything. The problem still exists.

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.

File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

ADS C:\ProgramData\TEMP:BCF55336 deleted successfully.

ADS C:\ProgramData\TEMP:6764D965 deleted successfully.

ADS C:\ProgramData\TEMP:B9A18B9C deleted successfully.

ADS C:\ProgramData\TEMP:9491C9C7 deleted successfully.

ADS C:\ProgramData\TEMP:E153075C deleted successfully.

ADS C:\ProgramData\TEMP:F65A2273 deleted successfully.

ADS C:\ProgramData\TEMP:8EA1B54A deleted successfully.

ADS C:\ProgramData\TEMP:FEE00EB9 deleted successfully.

ADS C:\ProgramData\TEMP:FBD274CF deleted successfully.

ADS C:\ProgramData\TEMP:B96C57D4 deleted successfully.

ADS C:\ProgramData\TEMP:7BB584AA deleted successfully.

ADS C:\ProgramData\TEMP:B097AC8A deleted successfully.

ADS C:\ProgramData\TEMP:B65E763D deleted successfully.

ADS C:\ProgramData\TEMP:D3331ADB deleted successfully.

ADS C:\ProgramData\TEMP:0B3F95D0 deleted successfully.

ADS C:\ProgramData\TEMP:4C16B46B deleted successfully.

ADS C:\ProgramData\TEMP:85EA4795 deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Ray Hall

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: Ray Hall

->Temp folder emptied: 174736777 bytes

->Temporary Internet Files folder emptied: 497370209 bytes

->Google Chrome cache emptied: 481898680 bytes

->Flash cache emptied: 28136223 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 474037383 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 184304789 bytes

Total Files Cleaned = 1,755.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

User: Ray Hall

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11232012_194329

Files\Folders moved on Reboot...

File\Folder C:\Users\Ray Hall\AppData\Local\Temp\CVHLauncher(201211231942111190).log not found!

File\Folder C:\Users\Ray Hall\AppData\Local\Temp\etilqs_GtBn8bykFqJb4h3 not found!

File\Folder C:\Users\Ray Hall\AppData\Local\Temp\etilqs_I2WMymXcVGKD1oO not found!

File\Folder C:\Users\Ray Hall\AppData\Local\Temp\etilqs_lnnAeia6sbIs236 not found!

C:\Users\Ray Hall\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.

C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.

C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.

C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.

C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.

C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_5 moved successfully.

C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

November 22, 2012

Hi, My apologies for the length of time until my reply, I'm in the UK and it was past midnight.

Whilst the main issue is better i.e the Nu Search browser is no longer coming up, I still have a problem that when I do a search in Google Chrome address bar, rather than google search results I get a DTS search followed by an ASK page with the results. This did not happen before.

OTL logfile created on: 22/11/2012 20:08:00 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ray Hall\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.75% Memory free

7.20 Gb Paging File | 5.36 Gb Available in Paging File | 74.39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.92 Gb Total Space | 223.62 Gb Free Space | 79.04% Space Free | Partition Type: NTFS

Computer Name: RAYHALL-PC | User Name: Ray Hall | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days