Jump to content

bobalu4u

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Everything posted by bobalu4u

  1. Hi Kevin, Okay here it is! Hopefully it's gone because I do have my homepages back again. Many thanks. Should I install Google chrome on Firefox? Because it seems that a few of those pup's had something to do with Google ad-ons. C:\AdwCleaner\Quarantine\C\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Documents and Settings\bob\My Documents\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\bob\My Documents\Downloads 2\kbsetup Typing.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined C:\Documents and Settings\bob\My Documents\SE TUP EXE\ccsetup313.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined C:\Documents and Settings\bob\My Documents\SE TUP EXE\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined C:\Documents and Settings\bob\My Documents\SE TUP EXE\RapidTyping_Setup_3.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined C:\Documents and Settings\bob\My Documents\SE TUP EXE\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\bob\My Documents\Security info\Downloads\kbsetup Typing.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined C:\Program Files\COMODO\Firewall\s1.tmp a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined C:\Program Files\Final Draft 7\Patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2187\A1261678.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2187\A1261695.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263015.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263026.exe a variant of Win32/AdWare.SpeedingUpMyPC.D application cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263029.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263033.exe a variant of Win32/SpeedingUpMyPC application deleted - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263034.dll probably a variant of Win32/SProtector.E potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2190\A1263201.dll a variant of Win32/AdWare.MultiPlug.N application cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2190\A1263203.dll a variant of Win64/Adware.MultiPlug.A application cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2194\A1266134.exe a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2194\A1266139.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2194\A1266144.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\zoek_backup\C_DOCUME~1_ALLUSE~1_APPLIC~1_InstallMate\{37E3D31F-83B3-4341-A1AA-CB91EC00F1E9}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined C:\zoek_backup\C_DOCUME~1_ALLUSE~1_APPLIC~1_InstallMate\{DC3B5126-78C7-4B0B-A9E0-30E507D873D0}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined C:\zoek_backup\C_Program Files_Uninstaller\Uninstall.exe a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined
  2. zoek-results.log Here it is, Kevin... thanks again.
  3. No I did put it in this box..it still says error too short. I'm thinking it could be too long. Can I send it to you anyother way, like as an atachment?
  4. Kevin, It won't send. Keeps saying post is too short. Is there another way I can send this log? Thanx
  5. Kevin, I'm sending you the log for Zoek. I think we got it! No more hijacked browsers. Thank you so much! Let me know if there's anything in the log that shows I need more fixing. One question: when I open Firfox it asks if I want to install Google Chrome for faster browsing...should I? I'm moving away from IE 8 because it's no longer supported by MS. I'm not sure which browser to use as my regular browser..Firefox or Google? Thanks again. FYI I've tried to send the post and the log together and I get an error that my post is too short! Odd because if anything it's too long. I'll send it again.
  6. Kevin, I unzipped all three Zoek instances and F Secure, my AV automatically ran a scan and either removed or quarrantined 2 of them. The only one remaining is the EXE file. I'm new to FSecure so I didn't disable it, but I hadn't run the Zoek yet. Should I extract the 2 other instances and put them on the desktop again. F secure calls it a trojan. Or do I just close down F Secure and only run the Zoek EXE.?ythanks
  7. Hey Kevin, here it is. No items found and I still have key find.com as the hijacker of all my browser homepages. What now? Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.15.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 bob :: BOBALU [administrator] 4/15/2014 4:42:30 PM mbam-log-2014-04-15 (16-42-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 303043 Time elapsed: 9 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. Hi Kevin, Okay I hope I got this right. Here are the OTL and MBam logs. All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! Use Chrome's Settings page to change the HomePage. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AD9E6088-E00B-42f9-9F0C-8480525D234E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD9E6088-E00B-42f9-9F0C-8480525D234E}\ not found. C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. Unable to delete ADS C:\WINDOWS\System32\sqlsodbc.chm:SummaryInformation . ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\bob\My Documents\SECURITY\cmd.bat deleted successfully. C:\Documents and Settings\bob\My Documents\SECURITY\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: bob ->Temp folder emptied: 3314 bytes ->Temporary Internet Files folder emptied: 1229202 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3992767 bytes ->Google Chrome cache emptied: 7234614 bytes ->Flash cache emptied: 506 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Guest User: HelpAssistant User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: marie ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 1274736 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: SUPPORT_388945a0 %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5400 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15227 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 13.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04142014_175400 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot.. ----------------------------------- . Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.15.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 bob :: BOBALU [administrator] 4/14/2014 6:08:04 PM MBAM-log-2014-04-14 (18-19-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 302916 Time elapsed: 9 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc (PUP.Optional.uTorrentTB.A) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc (PUP.Optional.uTorrentTB.A) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Clients\StartMenuInternet\Chrome.EXE\shell\open\command| (PUP.Optional.KeyFind.A) -> Bad: ("C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.key-find.com/?type=sc&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568) Good: (Chrome.exe) -> No action taken. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (PUP.Optional.KeyFind.A) -> Bad: ("C:\Program Files\Mozilla Firefox\firefox.exe" http://www.key-find.com/?type=sc&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568) Good: (firefox.exe) -> No action taken. HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command| (PUP.Optional.KeyFind.A) -> Bad: ("C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.key-find.com/?type=sc&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568) Good: (Chrome.exe) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. Hi, Okay I ran the programs as directed. Here are the log files. Hope you can help. # AdwCleaner v3.023 - Report created 13/04/2014 at 17:22:28 # Updated 01/04/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : bob - BOBALU # Running from : C:\Documents and Settings\bob\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\SNT Folder Deleted : C:\Documents and Settings\All Users\Application Data\WbSvCouponApp Folder Deleted : C:\Program Files\uniblue Folder Deleted : C:\Documents and Settings\bob\Local Settings\Application Data\eSupport.com Folder Deleted : C:\Documents and Settings\bob\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\bob\Application Data\EZDownloader Folder Deleted : C:\Documents and Settings\bob\My Documents\Optimizer Pro Folder Deleted : C:\Documents and Settings\marie\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\quick_start@gmail.com Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\coa_r@ppviyoo-.net Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\iiyy6_uaia@hlao-.edu Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\jmyb_zb@uqwaey.com Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\ssltdr8a@zrbme-o.org File Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\searchplugins\WebSearch.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422892226} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466896626} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}] Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\installedbrowserextensions Key Deleted : HKLM\Software\TENCENT Key Deleted : HKLM\Software\Uniblue ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Line Deleted : user_pref("browser.search.order.1", "WebSearch"); Line Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Line Deleted : user_pref("extensions.FtH84dJHBFd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\[...] Line Deleted : user_pref("extensions.Vgz3RchNb45T.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf([...] Line Deleted : user_pref("extensions.crossrider.bic", "1455cebbe97312692b38c0244138a088"); Line Deleted : user_pref("extensions.kPDsEmHjE6O.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\[...] Line Deleted : user_pref("extensions.mwYpqP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumo[...] -\\ Google Chrome v33.0.1750.154 [ File : C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7884 octets] - [13/04/2014 17:21:01] AdwCleaner[s0].txt - [7527 octets] - [13/04/2014 17:22:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7587 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by bob on Sun 04/13/2014 at 17:39:04.17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Documents and Settings\bob\Application Data\mozilla\firefox\profiles\h7nl2mbh.default-1384217108078\prefs.js ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 04/13/2014 at 17:50:00.43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OTL logfile created on: 4/13/2014 5:56:20 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\bob\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.50% Memory free 3.85 Gb Paging File | 3.62 Gb Available in Paging File | 94.16% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 227.87 Gb Total Space | 198.91 Gb Free Space | 87.29% Space Free | Partition Type: NTFS Computer Name: BOBALU | User Name: bob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (All) ========== PRC - [2014/04/13 17:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bob\Desktop\OTL.exe PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/03/26 18:13:08 | 000,196,624 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe PRC - [2010/09/13 21:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe PRC - [2010/08/17 06:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2010/06/10 17:50:42 | 001,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe PRC - [2010/06/10 17:50:42 | 000,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe PRC - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008/04/13 17:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [imgSVC] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008/04/13 17:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe PRC - [2008/04/13 17:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe PRC - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008/01/26 22:38:16 | 000,316,728 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2006/12/12 10:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe PRC - [2005/06/16 17:25:28 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe PRC - [2005/02/09 00:06:40 | 000,356,352 | ---- | M] (jiiSoft) -- C:\Program Files\IE New Window Maximizer\iemaximizer.exe PRC - [2003/09/03 19:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe PRC - [2002/07/15 20:43:52 | 000,028,672 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe ========== Modules (No Company Name) ========== MOD - [2010/06/10 17:50:42 | 001,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe MOD - [2010/06/10 17:50:42 | 000,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe MOD - [2005/06/07 22:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - File not found [Auto | Stopped] -- LxrSII1s.exe -- (LxrSII1s) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2014/04/02 13:30:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/03/12 11:17:54 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/03/26 18:13:08 | 000,196,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe -- (NitroReaderDriverReadSpool3) SRV - [2012/02/29 17:40:12 | 000,008,704 | ---- | M] (Microsoft) [Disabled | Stopped] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/09/13 21:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean) SRV - [2010/06/10 17:50:42 | 000,519,936 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent) SRV - [2010/06/10 17:46:21 | 001,023,488 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files\COMODO\BackUp\CmdBkSvc.exe -- (ComodoBackupService) SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/10/31 21:12:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008/08/26 16:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [File_System | Auto | Stopped] -- system32\dla\tfsnifs.sys -- (tfsnifs) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\bob\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\bob\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM) DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\bob\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\LxrSII1d.sys -- (LxrSII1d) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci) DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010/06/10 17:50:42 | 000,087,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2010/06/10 17:50:42 | 000,079,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2010/06/10 17:50:42 | 000,024,208 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009/10/07 01:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2009/10/07 01:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2009/10/07 01:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008/07/26 08:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/10/04 23:19:13 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000) DRV - [2007/06/18 03:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) DRV - [2006/12/19 08:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k) DRV - [2006/12/19 08:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006/12/19 08:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2006/12/19 08:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2006/12/19 08:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006/12/19 08:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2006/08/17 11:23:00 | 000,340,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2006/06/11 18:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/12/15 19:22:00 | 000,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB) DRV - [2002/04/11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter) DRV - [2001/08/17 14:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX) DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dslextreme.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: File not found FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/27 20:51:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/13 23:00:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2013/03/06 17:18:02 | 000,000,000 | ---D | M] [2008/09/02 19:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bob\Application Data\Mozilla\Extensions [2014/04/13 17:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\extensions [2013/11/14 16:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014/04/02 13:30:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/04/01 17:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions [2014/04/01 17:15:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\BOB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H7NL2MBH.DEFAULT-1384217108078\EXTENSIONS\16EEDE48-12E9-4C79-BD54-C82622138533@630D8A34-73AF-4E03-9664-9082492EB220.COM [2009/06/26 17:27:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.key-find.com/?type=hp&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568 CHR - plugin: Error reading preferences file CHR - Extension: Google Docs = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Docs = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Google Drive = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: SNT = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhgmfbibbkpcemffabbgeiekhgbilhni\2.1\ CHR - Extension: saevee neT = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkhjmjgfaaackhmiacfahpfachcnkljk\5.14\ CHR - Extension: YouTube = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Search = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: YoutubeAdblocker = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emdmhpfnbblemkmhbbnngddbjohibheh\1.0\ CHR - Extension: WbSvCouponApp = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjddabmonjjfijfangeckeodfachapic\3.18\ CHR - Extension: Easy Surf = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj\115\ CHR - Extension: Google Wallet = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: Google Wallet = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Google Wallet = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\ CHR - Extension: Google Wallet = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Gmail = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/09/03 18:19:54 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems) O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe () O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKCU..\Run: [iE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe (jiiSoft) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe (Siber Systems) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra 'Tools' menuitem : Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: bankofamerica.com ([sitekey] https in Local intranet) O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: dailynews.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: deadline.com ([www] https in Local intranet) O15 - HKCU\..Trusted Domains: drudgereport.com ([www] http in Local intranet) O15 - HKCU\..Trusted Domains: drudgereport.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: dslextreme.com ([www] http in Local intranet) O15 - HKCU\..Trusted Domains: dslextreme.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: dslreports.com ([www] http in Local intranet) O15 - HKCU\..Trusted Domains: dslreports.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites) O15 - HKCU\..Trusted Domains: mlb.com ([losangeles.dodgers] http in Local intranet) O15 - HKCU\..Trusted Domains: mlb.com ([losangeles.dodgers] https in Trusted sites) O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1351542115015 (MUCatalogWebControl Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351498381057 (MUWebControl Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37CBB603-8C91-41A5-9BB6-27AE01755D02}: DhcpNameServer = 10.0.1.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - () - File not found O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (pgdfgsvc C 1) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/04/13 17:20:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/04/13 17:19:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bob\Desktop\OTL.exe [2014/04/13 17:18:46 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\bob\Desktop\JRT.exe [2014/04/13 15:17:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2014/04/13 15:07:02 | 000,000,000 | --SD | C] -- C:\ComboFix [2014/04/13 15:06:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2014/04/13 14:57:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bob\Recent [2014/04/13 13:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/04/11 20:24:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2014/04/11 20:24:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2014/04/11 20:24:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2014/04/11 20:24:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2014/04/11 13:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\X86 [2014/04/11 13:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AMD64 [2014/04/11 13:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SuperbApp [2014/04/11 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\savE nnet [2014/04/11 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bob\AppData [2014/04/11 13:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\b1e5ef0f861617bd [2014/04/11 13:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2014/04/09 14:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bob\Desktop\Bitdefender [2014/04/09 14:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dumps [2014/04/07 21:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2014/04/04 21:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bob\My Documents\Cyberlink [2014/04/04 16:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DiskCheckup [2006/11/01 14:07:34 | 003,623,736 | ---- | C] (Sysinternals) -- C:\Program Files\procexp.exe [2006/02/15 05:34:08 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\bob\MSSSerif120.fon ========== Files - Modified Within 30 Days ========== [2014/04/13 17:24:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/04/13 17:24:05 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys [2014/04/13 17:24:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2014/04/13 17:24:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2014/04/13 17:23:27 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx [2014/04/13 17:23:27 | 000,055,252 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx [2014/04/13 17:23:27 | 000,055,252 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx [2014/04/13 17:23:27 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2014/04/13 17:23:27 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2014/04/13 17:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bob\Desktop\OTL.exe [2014/04/13 17:18:50 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\bob\Desktop\JRT.exe [2014/04/13 17:17:23 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\bob\Desktop\AdwCleaner.exe [2014/04/13 17:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014/04/13 13:14:03 | 000,002,035 | ---- | M] () -- C:\Documents and Settings\bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/04/13 13:14:03 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/04/13 13:14:03 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to firefox.exe.lnk [2014/04/13 12:26:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/04/11 17:19:17 | 000,286,986 | ---- | M] () -- C:\Documents and Settings\bob\Local Settings\Application Data\census.cache [2014/04/11 17:19:16 | 000,194,015 | ---- | M] () -- C:\Documents and Settings\bob\Local Settings\Application Data\ars.cache [2014/04/10 22:45:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2014/04/07 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2014/04/07 20:19:10 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2014/04/03 12:13:27 | 000,025,824 | ---- | M] () -- C:\Documents and Settings\bob\Desktop\Criteria for Instructors Template Sheet1.pdf [2014/04/02 12:36:19 | 000,330,131 | ---- | M] () -- C:\Documents and Settings\bob\My Documents\2014 prop tax.pdf [2014/03/20 23:38:13 | 019,136,512 | ---- | M] () -- C:\Documents and Settings\bob\NTUSER.bak ========== Files Created - No Company Name ========== [2014/04/13 17:17:06 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\bob\Desktop\AdwCleaner.exe [2014/04/11 20:24:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2014/04/11 20:24:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2014/04/11 20:24:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2014/04/11 20:24:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2014/04/11 20:24:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2014/04/02 12:36:18 | 000,330,131 | ---- | C] () -- C:\Documents and Settings\bob\My Documents\2014 prop tax.pdf [2014/03/22 17:23:05 | 000,025,824 | ---- | C] () -- C:\Documents and Settings\bob\Desktop\Criteria for Instructors Template Sheet1.pdf [2012/09/26 21:43:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2012/04/14 23:54:10 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\.backup.dm [2011/12/31 02:14:25 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini [2011/08/11 17:08:17 | 000,286,986 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\census.cache [2011/08/11 17:08:06 | 000,194,015 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\ars.cache [2011/05/08 14:49:27 | 000,319,646 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1182905458-139579374-4073466077-1005-0.dat [2011/05/08 14:49:26 | 000,127,350 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010/10/02 10:56:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\housecall.guid.cache [2009/11/12 23:50:56 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\setup_ldm.iss [2009/03/31 14:51:42 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\usb.dat [2008/08/08 18:46:11 | 001,854,464 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3938.msi [2008/08/07 18:44:58 | 001,855,488 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3900.msi [2008/04/13 10:16:58 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/12/30 13:10:15 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\bob\GoToAssistDownloadHelper.exe [2006/08/16 16:39:10 | 000,072,056 | ---- | C] () -- C:\Program Files\procexp.chm [2006/05/09 10:09:50 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\bob\~gep2~ [2006/04/15 18:17:48 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\Final Draft Tagger Preferences [2006/04/14 02:43:29 | 000,000,025 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176 [2006/04/14 02:32:53 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105 [2006/03/06 23:07:35 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/02/18 13:58:33 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini [2006/02/15 06:07:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\PFP120JPR.{PB [2006/02/15 06:07:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\PFP120JCM.{PB [2006/02/15 03:01:15 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\fusioncache.dat [2006/02/15 03:01:12 | 019,136,512 | ---- | C] () -- C:\Documents and Settings\bob\NTUSER.bak [2004/02/25 10:45:00 | 002,226,922 | ---- | C] () -- C:\Program Files\jv16pt_setup1.3.0.195.exe ========== ZeroAccess Check ========== [2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2014/04/11 13:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\b1e5ef0f861617bd [2008/10/31 21:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/04/14 23:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk [2010/10/19 19:09:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2008/10/18 01:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX [2014/04/09 14:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dumps [2013/03/21 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen [2006/04/14 02:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft [2012/03/02 03:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake [2007/08/24 02:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2014/04/11 13:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2011/12/28 23:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/10/19 18:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/08/20 00:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2013/03/21 00:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro [2011/06/17 02:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF [2012/11/05 16:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2012/02/09 16:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2011/04/02 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping [2006/04/27 00:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm [2014/04/11 16:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\savE nnet [2014/04/11 13:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperbApp [2014/04/11 17:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2014/04/13 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/03/27 02:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010/10/14 13:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/13 10:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/14 17:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/04/27 00:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Auslogics [2013/07/21 15:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Downloaded Installations [2014/04/07 22:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Dropbox [2013/11/11 13:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\ElevatedDiagnostics [2011/04/05 20:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\enchant [2013/03/21 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\FileOpen [2006/04/14 02:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Final Draft [2006/02/15 05:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Leadertech [2013/03/21 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Nitro [2014/04/11 16:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Nitro PDF [2013/06/21 01:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Oracle [2012/02/09 16:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\PCDr [2011/04/02 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\RapidTyping [2012/09/26 21:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Research In Motion [2012/07/16 06:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\SanDisk [2012/10/15 16:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\uTorrent [2008/01/13 12:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Webshots [2006/07/10 00:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Windows Live Safety Center [2008/07/31 11:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Windows Search [2008/02/16 03:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\WinPatrol [2009/05/17 14:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\WordWeb ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:SummaryInformation < End of report >
  10. My homepages on IE8, Mozilla firfox and Google have all been hijacked by Key Find. I ran the latest Malwarebytes and removed 247 items but now these homepages are hijacked. I have XP can someone help me?? Thanks.
  11. Hi Maurice, Well, it seems I've finally gotten rid of the "dosearches' browser hijacker. Thank you for your patience.
  12. I just ran HijackThis and the log is below. When I click anylize this on the first 5 registry items it indicates that there is still a problem even though dosearches is named in the registry items. What should I do? Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:49:03 PM, on 11/26/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe C:\Program Files\IE New Window Maximizer\iemaximizer.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dslextreme.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [intelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe O4 - HKCU\..\Run: [iE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra button: (no name) - {96538116-AB8C-4879-9F21-BD2BFE22A414} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1351542115015 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351498381057 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: GoToAssist - Invalid registry found O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe -- End of file - 9165 bytes
  13. Maurice, Here is the log from OTL. Unfortunately, IE8 and Chrome still have dosearches as my homepage. Should I run hijack This? All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. File E:\setup.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: bob ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: marie ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 3188 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9601 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 103760 bytes Total Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator User: All Users User: bob ->Flash cache emptied: 0 bytes User: Default User User: LocalService ->Flash cache emptied: 0 bytes User: marie User: NetworkService Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator User: All Users User: bob ->Java cache emptied: 0 bytes User: Default User User: LocalService User: marie User: NetworkService Total Java Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11262013_135957 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  14. Maurice, Disregard the prior post. I've gotten clipboard. Will follow your directions.
  15. Maurice, Well this is interesting. I don't have clipboard anymore on my system. It used to be in accessories, but it's gone. I did a "search" and it doesn't show up. Could that be the reason I can't paste?
  16. Hi Maurice, Well that works. Thank you. I noticed that "dosearches" is still in my IE 8 browser also saw a registry key in Firefox call "Great Arcade" that was removed by MBAM an earlier time. I assume that shouldn't be there either. I'm guessing there are other items that need to go as well. Thanks again for your patience..it's been a bit of an ordeal. Look forward to hearing from you. Bobalu mbam-log-2013-11-24 (17-19-01).txt OTL.Txt
  17. Hello Maurice, I did the Mbam and got rid of the pups. I ran OTL and there are do searches on it. I wanted you to check out the log and tell me which ones I should remove, HOWEVER, what makes this so damn difficult is that no matter how many different ways I try to copy/paste the logs into my replies - and no matter which browser I use - it doesn't work! As I said before, it's strange because I can copy/paste within my OS. Is there a way I can send the logs to you as an attachment? Or better yet if you have a solution to my paste problem with notepad..Thanx for your patience.
  18. Hurrah! I finally got the paste to work on firefox. So here it is. Thanks. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.08.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 bob :: BOBALU [administrator] 11/8/2013 6:06:07 PM MBAM-log-2013-11-08 (18-20-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 256161 Time elapsed: 8 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 10 HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken. HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> No action taken. HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> No action taken. HKLM\SOFTWARE\dosearchesSoftware (PUP.Optional.DoSearches.A) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> No action taken. Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Data: exéבäAœÐ%«WLè -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Data: -> No action taken. Registry Data Items Detected: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&ts=1383945983) Good: (http://www.google.com) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&ts=1383945983) Good: (http://www.google.com) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&ts=1383945983) Good: (http://www.google.com) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> No action taken. Folders Detected: 2 C:\Documents and Settings\bob\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken. Files Detected: 13 C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\RECYCLER\S-1-5-21-1182905458-139579374-4073466077-1005\Dc1.exe (PUP.Optional.BundleInstaller.A) -> No action taken. C:\Documents and Settings\bob\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Program Files\Mozilla Firefox\browser\searchplugins\dosearches.xml (PUP.Optional.DoSearches.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> No action taken. C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> No action taken. (end) -------------------------------------------------- MiniToolBox by Farbar Version: 13-07-2013 Ran by bob (administrator) on 19-11-2013 at 13:12:33 Running from "C:\Documents and Settings\bob\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost 127.0.0.1 babe.the-killer.bz 127.0.0.1 www.babe.the-killer.bz 127.0.0.1 babe.k-lined.com 127.0.0.1 www.babe.k-lined.com 127.0.0.1 did.i-used.cc 127.0.0.1 www.did.i-used.cc 127.0.0.1 coolwwwsearch.com 127.0.0.1 www.coolwwwsearch.com 127.0.0.1 coolwebsearch.com 127.0.0.1 www.coolwebsearch.com 127.0.0.1 hi.studioaperto.net 127.0.0.1 www.hi.studioaperto.net 127.0.0.1 wazzupnet.com 127.0.0.1 www.wazzupnet.com 127.0.0.1 gueb.com 127.0.0.1 www.gueb.com 127.0.0.1 kabex.com 127.0.0.1 www.kabex.com There are 15058 more lines starting with "127.0.0.1" ========================= IP Configuration: ================================ Intel® PRO/100 VE Network Connection = Local Area Connection (Connected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Local Area Connection" set address name="Local Area Connection" source=dhcp set dns name="Local Area Connection" source=dhcp register=NONE set wins name="Local Area Connection" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : bobalu Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : dslextreme.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : dslextreme.com Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-12-3F-BC-83-01 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.0.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.1.1 DHCP Server . . . . . . . . . . . : 10.0.1.1 DNS Servers . . . . . . . . . . . : 10.0.1.1 Lease Obtained. . . . . . . . . . : Tuesday, November 19, 2013 12:49:29 PM Lease Expires . . . . . . . . . . : Wednesday, November 20, 2013 12:49:29 PM Server: UnKnown Address: 10.0.1.1 Name: google.com Addresses: 74.125.224.78, 74.125.224.64, 74.125.224.65, 74.125.224.66 74.125.224.67, 74.125.224.68, 74.125.224.69, 74.125.224.70, 74.125.224.71 74.125.224.72, 74.125.224.73 Pinging google.com [74.125.224.78] with 32 bytes of data: Reply from 74.125.224.78: bytes=32 time=47ms TTL=58 Reply from 74.125.224.78: bytes=32 time=11ms TTL=58 Ping statistics for 74.125.224.78: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 11ms, Maximum = 47ms, Average = 29ms Server: UnKnown Address: 10.0.1.1 Name: yahoo.com Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=121ms TTL=50 Reply from 206.190.36.45: bytes=32 time=171ms TTL=50 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 121ms, Maximum = 171ms, Average = 146ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x10003 ...00 12 3f bc 83 01 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.0.1.1 10.0.1.2 30 10.0.1.0 255.255.255.0 10.0.1.2 10.0.1.2 30 10.0.1.2 255.255.255.255 127.0.0.1 127.0.0.1 30 10.255.255.255 255.255.255.255 10.0.1.2 10.0.1.2 30 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 224.0.0.0 240.0.0.0 10.0.1.2 10.0.1.2 30 255.255.255.255 255.255.255.255 10.0.1.2 10.0.1.2 1 Default Gateway: 10.0.1.1 =========================================================================== Persistent Routes: None ========================= Event log errors: =============================== Application errors: ================== System errors: ============= Error: (11/19/2013 01:00:31 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.161.2244.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (11/19/2013 01:00:31 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.161.2244.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: ) Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290 Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: ) Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290 Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: ) Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290 Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2013 00:49:42 PM) (Source: Service Control Manager) (User: ) Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290 Error: (11/19/2013 00:49:42 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL Microsoft Office Sessions: ========================= =========================== Installed Programs ============================ 32 Bit HP CIO Components Installer (Version: 7.1.8) ACDSee Classic Adobe Flash Player 11 ActiveX (Version: 11.9.900.152) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Shockwave Player 11.6 (Version: 11.6.8.638) AI RoboForm AirPort (Version: 5.5.3.2) Apple Application Support (Version: 2.3) Apple Mobile Device Support (Version: 3.3.0.69) Apple Software Update (Version: 2.1.3.127) ATI - Software Uninstall Utility (Version: 6.14.10.1014) ATI Control Panel (Version: 6.14.10.5183) ATI Display Driver (Version: 8.23-060209a1-030546C-Dell) AusLogics Disk Defrag (Version: version 1.4) Belarc Advisor 7.2 Bonjour (Version: 2.0.5.0) Bonjour Print Services (Version: 2.0.2.0) CCleaner (Version: 3.27) Comodo BackUp (Version: 1.0.4.337) COMODO Firewall Pro (Version: 3.0.25.378) Corel Business Applications Corel Photo Album 6 (Version: 6.31) Creative Audio Console Creative MediaSource (Version: 3.00) Critical Update for Windows Media Player 11 (KB959772) Dell Driver Download Manager (Version: 3.0.0.0) Dell Driver Reset Tool (Version: 1.02.0000) Dell Support 3.2.1 (Version: 5.5.2094) Dell Support Center (Support Software) (Version: 2.2.08100) Dell System Restore (Version: 2.00.0000) DellConnect (Version: 1.00.522) DeviceDiscovery (Version: 120.0.194.000) DFX for Windows Media Player (Version: 8.501.0.0) DMUninstaller Dropbox (Version: 2.0.22) ELIcon (Version: 1.00.0000) EMET (Tech Preview) (Version: 3.5.0) ERUNT 1.1j Final Draft 5 Final Draft 7 (Version: 7.1.1.19) Google Chrome (Version: 24.0.1312.57) Google Update Helper (Version: 1.3.21.123) GoToAssist 8.0.0.514 GPBaseService2 (Version: 130.0.371.000) HD Tune 2.54 Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) High Definition Audio Driver Package - KB835221 (Version: 20040219.000000) HiJackThis (Version: 1.0.0) HP FWUpdateEDO2 (Version: 1.2.0.0) HP Photo Creations (Version: 1.0.0.5192) HP Photosmart 5510 series Basic Device Software (Version: 25.0.621.0) HP Photosmart 5510 series Help (Version: 140.0.2.2) HP Photosmart 5510 series Product Improvement Study (Version: 25.0.621.0) HP Product Detection (Version: 11.14.0001) HP Update (Version: 5.003.001.001) HPDiagnosticAlert (Version: 1.00.0000) HPProductAssistant (Version: 130.0.371.000) HPSSupply (Version: 120.0.194.000) IE New Window Maximizer 2.4 Image Resizer Powertoy for Windows XP (Version: 1.00.0001) Intel® 537EP V9x DF PCI Modem Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections (Version: 9.20.0000) Internet Explorer (Enable DEP) iPhone Configuration Utility (Version: 2.1.0.163) iTunes (Version: 10.1.1.4) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) jv16 PowerTools 1.3 Logitech Updater (Version: 1.70) Logitech Vid (Version: 1.10.1009) Logitech Webcam Software (Version: 12.10.1113) Logitech Webcam Software Driver Package (Version: 12.10.1110) MarketResearch (Version: 120.0.226.000) Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Security Update (KB2698035) Microsoft .NET Framework 1.0 Security Update (KB2742607) Microsoft .NET Framework 1.0 Security Update (KB2833951) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Automated Troubleshooting Services Shim Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Baseline Security Analyzer 2.0 (Version: 2.0.5029.2) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Fix it Center (Version: 1.0.0090) Microsoft IntelliPoint 4.1 (Version: 4.10.0851) Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Text-to-Speech Engine 4.0 (English) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Windows XP Video Decoder Checkup Utility MobileMe Control Panel (Version: 2.6.0.29) Modem Event Monitor Modem Helper (Version: 2.40) Modem On Hold (Version: 1.12) Move Networks Media Player for Internet Explorer Movie Magic Screenwriter Demo (Version: 4.6.05) Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1) Mozilla Maintenance Service (Version: 25.0.1) MSN MSVCSetup (Version: 1.00.0000) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0) Nitro Reader 3 (Version: 3.5.2.10) NTREGOPT 1.1j Octoshape add-in for Adobe Flash Player Olympus Digital Wave Player overland (Version: 2.1.5) PDF Download for Internet Explorer (Version: 3.0.0) Photo Loader 2.3E PowerDVD 5.9 Qualxserve Service Agreement (Version: 1.11.0000) QuickTime (Version: 7.73.80.64) Recuva (remove only) RegSupreme 1.3 Revo Uninstaller 1.89 (Version: 1.89) SanDiskSecureAccess_Manager.exe (Version: 1.1.19269) Skype™ 5.8 (Version: 5.8.156) SmartWebPrinting (Version: 140.0.186.000) SolutionCenter (Version: 130.0.373.000) Sonic Audio module (Version: 2.0.0.1) Sonic DLA (Version: 4.98) Sonic Encoders (Version: 1.00) Sonic RecordNow Data (Version: 2.0.0.1) Sonic RecordNow! (Version: 7.3) Sound Blaster for Media Center Sound Blaster X-Fi (Version: 1.0) SpeedFan (remove only) Spybot - Search & Destroy (Version: 1.6.2) Status (Version: 120.0.194.000) swMSM (Version: 12.0.0.1) System Requirements Lab for Intel (Version: 4.3.13.0) TrayApp (Version: 120.0.194.000) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB2362765) (Version: 1) Update for Windows Internet Explorer 8 (KB2447568) (Version: 1) Update for Windows Internet Explorer 8 (KB2598845) (Version: 1) Update for Windows Internet Explorer 8 (KB2632503) (Version: 1) Update for Windows Internet Explorer 8 (KB973874) (Version: 1) Update for Windows Internet Explorer 8 (KB975364) (Version: 1) Update for Windows Internet Explorer 8 (KB976662) (Version: 1) Update for Windows Internet Explorer 8 (KB976749) (Version: 1) Update for Windows Internet Explorer 8 (KB978506) (Version: 1) Update for Windows Internet Explorer 8 (KB980182) (Version: 1) Update for Windows Internet Explorer 8 (KB980302) (Version: 1) Update for Windows Internet Explorer 8 (KB982632) (Version: 1) Update for Windows Internet Explorer 8 (KB982664) (Version: 1) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows XP (KB2141007) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2492386) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2607712) (Version: 1) Update for Windows XP (KB2616676-v2) (Version: 2) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB2863058) (Version: 1) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) (Version: 2) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB955839) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) Update Rollup 2 for Windows XP Media Center Edition 2005 User Profile Hive Cleanup Service (Version: 1.6.36) Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01) VoptXP v7.22 WebCyberCoach 3.2 Dell WebFldrs XP (Version: 9.50.7523) Webshots Desktop Windows 7 Upgrade Advisor (Version: 2.0.5000.0) Windows Backup Utility (Version: 5.1) Windows Defender Signatures (Version: 1.20.0.0) Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0) Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Imaging Component (Version: 3.0.0.0) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 10 (Version: 9.00.3636) Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows Presentation Foundation (Version: 3.0.6920.0) Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95) Windows Rights Management Client with Service Pack 2 (Version: 5.2.95) Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 (Version: 20080414.031525) WinPatrol 2007 (Version: 14.0.2007.1) WinPcap 4.1.2 (Version: 4.1.0.2001) WinZip (Version: 9.0 SR-1 (6224)) WordWeb (Version: 6) XML Paper Specification Shared Components Pack 1.0 Yahoo! Toolbar ========================= Memory info: =================================== Percentage of memory in use: 25% Total physical RAM: 2046.07 MB Available physical RAM: 1521.59 MB Total Pagefile: 3938.81 MB Available Pagefile: 3486.4 MB Total Virtual: 2047.88 MB Available Virtual: 1973.65 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:227.87 GB) (Free:202.09 GB) NTFS ========================= Users: ======================================== User accounts for \\BOBALU Administrator bob Guest HelpAssistant marie SUPPORT_388945a0 ========================= Minidump Files ================================== No minidump file found **** End of log ****
  19. Maurice, I've lost the ability to copy & paste anything into this website. Is it possible that whatever is infecting my system is doing that? I'll try running firefox and see if it works with that, but I doubt it. This is a real problem I'm faced with.
  20. I posted on Nov 11 and haven't yet received any help with my problem. Can someone help me, please! Thank you.
  21. Okay, I followed your directions on the other two browsers, chrome and firefox. I ran the antimalware scan which I'm pasting below. The first scan I ran yesterday quarantined 10 pups, today's shows nothing. That's the good news. The bad is that when I open any of the three browsers my homepages are still hijacked by "do searches." What do I do next? Thanx again.
  22. I have followed your directions in IE 8 and didn't on Chrome and Firefox because I figured if it didn't work on IE it wouldn't on my other two browsers, but yes, they are all hijacked. What should the next step be? Thanks.
  23. Hi, II ran malwarebytes- antimalware and I have a log of it as well as hijackthis log. I followed the directions and ran dds.text and attach.text. It's below. If you need the ant imalwarebytes or hijack this log I'll send it on. I sincerely hope someone can help me. Thanks. Bob . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/15/2006 2:00:13 AM System Uptime: 11/9/2013 5:48:39 PM (1 hours ago) . Motherboard: Dell Inc. | | 0WG261 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 228 GiB total, 200.085 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP2005: 9/28/2013 10:09:10 PM - Software Distribution Service 3.0 RP2006: 9/30/2013 12:10:07 PM - Software Distribution Service 3.0 RP2007: 10/1/2013 2:35:33 PM - Software Distribution Service 3.0 RP2008: 10/2/2013 11:08:04 PM - Software Distribution Service 3.0 RP2009: 10/4/2013 12:07:16 AM - Software Distribution Service 3.0 RP2010: 10/5/2013 1:17:23 AM - Software Distribution Service 3.0 RP2011: 10/5/2013 2:16:58 AM - Installed Nitro Reader 3 RP2012: 10/5/2013 2:34:18 AM - Revo Uninstaller's restore point - DriverAgent by eSupport.com RP2013: 10/5/2013 2:50:42 AM - Revo Uninstaller's restore point - McAfee Security Scan Plus RP2014: 10/6/2013 3:58:51 PM - Software Distribution Service 3.0 RP2015: 10/8/2013 12:18:50 AM - Software Distribution Service 3.0 RP2016: 10/9/2013 12:24:22 PM - Software Distribution Service 3.0 RP2017: 10/10/2013 12:47:17 AM - Software Distribution Service 3.0 RP2018: 10/10/2013 3:33:07 PM - Software Distribution Service 3.0 RP2019: 10/12/2013 4:15:00 PM - Software Distribution Service 3.0 RP2020: 10/13/2013 1:47:31 PM - Software Distribution Service 3.0 RP2021: 10/14/2013 1:20:03 PM - Software Distribution Service 3.0 RP2022: 10/15/2013 10:15:21 PM - Software Distribution Service 3.0 RP2023: 10/15/2013 10:26:51 PM - Software Distribution Service 3.0 RP2024: 10/17/2013 7:04:55 AM - Software Distribution Service 3.0 RP2025: 10/18/2013 4:27:42 PM - Software Distribution Service 3.0 RP2026: 10/19/2013 4:48:04 PM - Software Distribution Service 3.0 RP2027: 10/21/2013 6:17:49 PM - Software Distribution Service 3.0 RP2028: 10/22/2013 10:42:59 PM - Software Distribution Service 3.0 RP2029: 10/24/2013 11:48:58 AM - Software Distribution Service 3.0 RP2030: 10/25/2013 9:31:23 PM - Software Distribution Service 3.0 RP2031: 10/27/2013 9:59:59 PM - Software Distribution Service 3.0 RP2032: 10/30/2013 9:49:37 PM - Software Distribution Service 3.0 RP2033: 11/1/2013 7:33:32 PM - Software Distribution Service 3.0 RP2034: 11/2/2013 11:54:15 PM - Software Distribution Service 3.0 RP2035: 11/4/2013 3:42:40 PM - Software Distribution Service 3.0 RP2036: 11/5/2013 5:37:07 PM - Software Distribution Service 3.0 RP2037: 11/6/2013 8:59:50 PM - Software Distribution Service 3.0 RP2038: 11/7/2013 11:23:58 PM - Software Distribution Service 3.0 RP2039: 11/8/2013 1:52:47 PM - Revo Uninstaller's restore point - VideoPlayer v2.0.6 RP2040: 11/8/2013 4:36:25 PM - Installed HiJackThis RP2041: 11/9/2013 1:35:18 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer ACDSee Classic Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11.6 AI RoboForm AirPort Apple Application Support Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AusLogics Disk Defrag Belarc Advisor 7.2 Bonjour Bonjour Print Services CCleaner Comodo BackUp COMODO Firewall Pro Corel Business Applications Corel Photo Album 6 Creative Audio Console Creative MediaSource Critical Update for Windows Media Player 11 (KB959772) Dell Driver Download Manager Dell Driver Reset Tool Dell Support 3.2.1 Dell Support Center (Support Software) Dell System Restore DellConnect DeviceDiscovery DFX for Windows Media Player Dropbox ELIcon EMET (Tech Preview) ERUNT 1.1j Final Draft 5 Final Draft 7 Google Chrome Google Update Helper GoToAssist 8.0.0.514 GPBaseService2 HD Tune 2.54 Hewlett-Packard ACLM.NET v1.1.0.0 High Definition Audio Driver Package - KB835221 HiJackThis Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP FWUpdateEDO2 HP Photo Creations HP Photosmart 5510 series Basic Device Software HP Photosmart 5510 series Help HP Photosmart 5510 series Product Improvement Study HP Product Detection HP Update HPDiagnosticAlert HPProductAssistant HPSSupply IE New Window Maximizer 2.4 Image Resizer Powertoy for Windows XP Intel® 537EP V9x DF PCI Modem Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections Internet Explorer (Enable DEP) iPhone Configuration Utility iTunes Java 7 Update 40 Java Auto Updater jv16 PowerTools 1.3 Logitech Updater Logitech Vid Logitech Webcam Software Logitech Webcam Software Driver Package Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Security Update (KB2698035) Microsoft .NET Framework 1.0 Security Update (KB2742607) Microsoft .NET Framework 1.0 Security Update (KB2833951) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Automated Troubleshooting Services Shim Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Baseline Security Analyzer 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Fix it Center Microsoft IntelliPoint 4.1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Text-to-Speech Engine 4.0 (English) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows XP Video Decoder Checkup Utility MobileMe Control Panel Modem Event Monitor Modem Helper Modem On Hold Move Networks Media Player for Internet Explorer Movie Magic Screenwriter Demo Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MSN MSVCSetup MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Nitro Reader 3 NTREGOPT 1.1j Octoshape add-in for Adobe Flash Player Olympus Digital Wave Player overland PDF Download for Internet Explorer Photo Loader 2.3E PowerDVD 5.9 Qualxserve Service Agreement QuickTime Recuva (remove only) RegSupreme 1.3 Revo Uninstaller 1.89 SanDiskSecureAccess_Manager.exe Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype™ 5.8 SmartWebPrinting SolutionCenter Sonic Audio module Sonic DLA Sonic Encoders Sonic RecordNow Data Sonic RecordNow! Sound Blaster for Media Center Sound Blaster X-Fi SpeedFan (remove only) Status swMSM System Requirements Lab for Intel TrayApp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB2362765) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB980302) Update for Windows Internet Explorer 8 (KB982632) Update for Windows Internet Explorer 8 (KB982664) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 User Profile Hive Cleanup Service Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VoptXP v7.22 WebCyberCoach 3.2 Dell WebFldrs XP Webshots Desktop Windows 7 Upgrade Advisor Windows Backup Utility Windows Defender Signatures Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows Media Player 11 Windows Presentation Foundation Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinPatrol 2007 WinPcap 4.1.2 WinZip WordWeb XML Paper Specification Shared Components Pack 1.0 Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 11/9/2013 1:24:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL 11/9/2013 1:24:09 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified. 11/9/2013 1:24:09 AM, error: Service Control Manager [7000] - The Secure II Driver service failed to start due to the following error: The system cannot find the file specified. 11/9/2013 1:24:09 AM, error: Service Control Manager [7000] - The Lexar Secure II service failed to start due to the following error: The system cannot find the file specified. 11/9/2013 1:24:09 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.40.2 Run by bob at 18:07:55 on 2013-11-09 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1474 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: COMODO Firewall Pro *Disabled* . ============== Running Processes ================ . c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe C:\WINDOWS\system32\locator.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe C:\Program Files\IE New Window Maximizer\iemaximizer.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: NitroPDFBHO Class: {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\RoboForm.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned> EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned> uRun: [RoboForm] c:\program files\siber systems\ai roboform\RoboFormWatcher.exe uRun: [iE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [intelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Save Page As PDF ... - c:\program files\nitro pdf\pdf download\nitroweb.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99} - <orphaned> IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - c:\program files\nitro pdf\pdf download\NitroPDF.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 10.0.1.1 TCP: Interfaces\{37CBB603-8C91-41A5-9BB6-27AE01755D02} : DHCPNameServer = 10.0.1.1 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned> Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: GoToAssist - <no file> AppInit_DLLs= c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\7cf71jjz.default\ FF - prefs.js: browser.startup.homepage - about:home FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\program files\nitro\reader 3\npdf.dll FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 211560] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-6-10 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-10 24208] R2 cmdAgent;COMODO Firewall Pro Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2010-6-10 519936] R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-3-26 196624] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\bob\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\bob\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\bob\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\bob\locals~1\temp\sas_selfextract\SASKUTIL.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\drivers\lxrsii1d.sys --> c:\windows\system32\drivers\LxrSII1d.sys [?] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568] S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S3 SASENUM;SASENUM;\??\c:\docume~1\bob\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\bob\locals~1\temp\sas_selfextract\SASENUM.SYS [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 ComodoBackupService;ComodoBackupService;c:\program files\comodo\backup\CmdBkSvc.exe [2010-6-10 1023488] S4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2012-3-2 8704] . =============== Created Last 30 ================ . 2013-11-09 09:35:25 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8373f820-680e-4844-9fe7-aa773ab5b2fc}\mpengine.dll 2013-11-09 01:59:30 -------- d-----w- c:\documents and settings\bob\application data\Malwarebytes 2013-11-09 01:58:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-11-09 00:36:30 388096 ----a-r- c:\documents and settings\bob\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2013-11-09 00:36:27 -------- d-----w- c:\program files\Trend Micro 2013-11-08 21:26:45 -------- d-----w- c:\program files\Uninstaller 2013-11-08 07:24:03 7796464 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll . ==================== Find3M ==================== . 2013-10-09 21:10:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-09 21:10:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec 2013-09-11 00:25:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-09-11 00:25:20 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-09-11 00:25:19 868264 -c--a-w- c:\windows\system32\npdeployJava1.dll 2013-09-11 00:25:19 790440 -c--a-w- c:\windows\system32\deployJava1.dll 2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys 2006-11-01 21:07:34 3623736 -c--a-w- c:\program files\procexp.exe 2004-02-25 17:45:00 2226922 -c--a-w- c:\program files\jv16pt_setup1.3.0.195.exe . ============= FINISH: 18:09:54.46 ===============
  24. Hi, I have winXP with IE 8, Chrome and Firefox. All three have been hijacked by dosearches.com. When I open any of those browsers the dosearches page comes up. I've gone into each browser and re-enstated the home page but it doesn't work. I downloaded and ran malwarebytes/antimalware and it came up with 10 pups which I thought I removed. (I have the log) On examing it further it says "No action taken." So I'm not surprised that I still have the same problem. I ran Hijackthis and have the log for that as well. I could use help in removing this. I'm attaching both the maleware bytes and Hijackthis logs. Thanks. MBAM-log-2013-11-08 (18-20-38).txt hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.