search redirects

Status
Not open for further replies.
R

RonG1966

New member
I have been getting redirects when when I try to connect to sites I've searched for, mainly using Bing. A new window will open, and there will either be a page with websites pertaining to my search or a totally different site. Malwarebytes has detected Trojan.BHO a couple of times in the past ten days and Microsoft Security Essentials found Trojan:JS/Tadtruss.A a couple of times last week. Here is my dds.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dr. Gioe at 8:10:29.06 on Sat 05/07/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2497 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
c:\drivers\audio\r215959\STacSV.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Dentrix\DtxQuickLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Dr. Gioe\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249672030562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl3f3efc35;MpKsl3f3efc35;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fab654ed-7e03-4769-8a9a-6db0a7609ec2}\MpKsl3f3efc35.sys [2011-5-7 28752]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-1 113024]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-1 144128]
R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [2009-8-1 148056]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-8-1 144544]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-8-1 268992]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-8-1 160256]
S1 MpKsl310b55a1;MpKsl310b55a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{920974b3-3a24-47d7-972f-4692d66a6fa0}\mpksl310b55a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{920974b3-3a24-47d7-972f-4692d66a6fa0}\MpKsl310b55a1.sys [?]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-8-1 1656960]
.
=============== Created Last 30 ================
.
2011-05-07 12:46:44 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{fab654ed-7e03-4769-8a9a-6db0a7609ec2}\MpKsl3f3efc35.sys
2011-05-06 21:23:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-05-06 19:20:05 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{fab654ed-7e03-4769-8a9a-6db0a7609ec2}\mpengine.dll
2011-05-06 00:10:25 -------- d-----w- c:\docume~1\drf276~1.gio\applic~1\Malwarebytes
2011-05-06 00:10:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 00:10:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-06 00:10:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 00:10:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 19:00:35 -------- d-----w- c:\windows\pss
2011-05-05 16:08:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-05 16:08:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-05 14:59:39 0 ----a-w- c:\windows\Ofifowohone.bin
2011-05-05 14:59:38 -------- d-----w- c:\docume~1\drf276~1.gio\locals~1\applic~1\{742691D9-9EDD-43EC-A981-5E7680982CD1}
2011-05-05 14:58:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\cH31000FlEgA31000
2011-04-15 13:08:06 -------- d-----w- c:\windows\ServicePackFiles
2011-04-14 08:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
 
Sorry, I posted and old dds file from last year. Here is the new one.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dr. Gioe at 17:13:42 on 2012-07-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2475 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r215959\STacSV.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dentrix\DtxQuickLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PowerDVD DX] rundll32.exe "c:\documents and settings\dr. gioe\local settings\application data\secunia psi\powerdvd dx\linjr.dll",CreateInstance
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [PowerDVD DX] rundll32.exe "c:\documents and settings\dr. gioe\local settings\application data\secunia psi\powerdvd dx\linjr.dll",CreateInstance
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249672030562
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{99D6E85F-BC24-4E22-8C7B-0FD7C318C9A7} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-1 113024]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-1 144128]
R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [2009-8-1 148056]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-8-1 144544]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-8-1 268992]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-8-1 160256]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-8-1 1656960]
.
=============== Created Last 30 ================
.
2012-07-24 19:52:11 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47acff87-6e89-4722-994f-16083d1af00d}\mpengine.dll
2012-07-24 17:55:54 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-16 22:04:23 98816 ----a-w- c:\windows\sed.exe
2012-07-16 22:04:23 518144 ----a-w- c:\windows\SWREG.exe
2012-07-16 22:04:23 256000 ----a-w- c:\windows\PEV.exe
2012-07-16 22:04:23 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:29:09 1875072 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:24:46 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41:08 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 17:15:11.10 ===============
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

Sorry for the delay :red:


Most times redirects are the result of a rootkit type of infection, lets check

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png
 
ken545,

Thanks for your help. The first time that I ran aswMBR there was a hightlighted yellow line during the scan, and I got an error message saying that the program had to shutdown. I ran it again in safe mode with networking.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 07:41:56
-----------------------------
07:41:56.718 OS Version: Windows 5.1.2600 Service Pack 3
07:41:56.718 Number of processors: 2 586 0x170A
07:41:56.718 ComputerName: D991PWJ1 UserName: Dr. Gioe
07:41:57.531 Initialize success
07:42:02.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:42:02.062 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
07:42:02.093 Disk 0 MBR read successfully
07:42:02.109 Disk 0 MBR scan
07:42:02.109 Disk 0 unknown MBR code
07:42:02.125 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:42:02.140 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295204 MB offset 81920
07:42:02.171 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 604670535
07:42:02.187 Disk 0 scanning sectors +625137345
07:42:02.281 Disk 0 scanning C:\WINDOWS\system32\drivers
07:42:08.468 Service scanning
07:42:25.625 Modules scanning
07:42:29.375 Disk 0 trace - called modules:
07:42:29.421 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
07:42:29.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a13a030]
07:42:29.468 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a15a028]
07:42:29.500 Scan finished successfully
07:42:54.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dr. Gioe\Desktop\MBR.dat"
07:42:54.546 The log file has been saved successfully to "C:\Documents and Settings\Dr. Gioe\Desktop\aswMBR.txt"
 
Lets check your Master Boot Record

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.


Also run Malwarebytes and lets see what it comes up with

Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xB9F23000 dmio.sys
0xBA328000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9E53000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E33000 fltMgr.sys
0xB9E21000 sr.sys
0xB9DF9000 MpFilter.sys
0xBA0F8000 PxHelp20.sys
0xB9DE2000 KSecDD.sys
0xB9D55000 Ntfs.sys
0xB9D28000 NDIS.sys
0xB9D0E000 Mup.sys
0xB89FE000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB89EA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB89C6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB899E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB884A000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB8803000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB87D0000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8755000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA428000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA308000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8732000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA438000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA574000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA578000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA318000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA73D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA118000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB871B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA128000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA138000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB870A000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA148000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA448000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA450000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB86DA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA158000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB867C000 \SystemRoot\system32\DRIVERS\update.sys
0xB8FD3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA268000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA278000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA628000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA5BE8000 \SystemRoot\system32\drivers\sthda.sys
0xA5BC4000 \SystemRoot\system32\drivers\portcls.sys
0xA7DF1000 \SystemRoot\system32\drivers\drmk.sys
0xA5BA8000 \SystemRoot\system32\drivers\AESTAud.sys
0xA5B85000 \??\C:\WINDOWS\system32\Drivers\OA009Afx.sys
0xA6B48000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA66A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA5D6C000 \SystemRoot\System32\Drivers\Null.SYS
0xBA66C000 \SystemRoot\System32\Drivers\Beep.SYS
0xA7363000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA735B000 \SystemRoot\System32\drivers\vga.sys
0xBA66E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5AE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA7353000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA734B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA6B40000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA518B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA5132000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA510A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA50E4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA6B30000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA50C2000 \SystemRoot\System32\drivers\afd.sys
0xA616F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5097000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA615F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA5027000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5B6B000 \SystemRoot\System32\Drivers\Fips.SYS
0xA5F7B000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0x9F477000 \SystemRoot\System32\Drivers\RTS5121.sys
0xA2291000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x96F25000 \SystemRoot\system32\DRIVERS\OA009Vid.sys
0x96F01000 \SystemRoot\system32\DRIVERS\OA009Ufd.sys
0x96EDD000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x986FB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x96E0D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x984BC000 \SystemRoot\System32\drivers\Dxapi.sys
0x98ED6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9814D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF297000 \SystemRoot\System32\igxpdx32.DLL
0xBF5E4000 \SystemRoot\System32\ATMFD.DLL
0xBA208000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xBA218000 \SystemRoot\system32\DRIVERS\atmarpc.sys
0xB9CCA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96D90000 \SystemRoot\system32\drivers\wdmaud.sys
0x986DB000 \SystemRoot\system32\drivers\sysaudio.sys
0x96B76000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x96A9E000 \SystemRoot\system32\DRIVERS\srv.sys
0x96145000 \SystemRoot\System32\Drivers\HTTP.sys
0x93B94000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
816 C:\WINDOWS\system32\smss.exe
864 csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
932 C:\WINDOWS\system32\services.exe
944 C:\WINDOWS\system32\lsass.exe
1096 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1216 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1252 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1424 svchost.exe
1680 C:\WINDOWS\system32\WLTRYSVC.EXE
1692 C:\WINDOWS\system32\BCMWLTRY.EXE
1740 C:\WINDOWS\system32\spoolsv.exe
1808 C:\drivers\audio\R215959\stacsv.exe
388 svchost.exe
480 C:\Program Files\Bonjour\mDNSResponder.exe
520 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
560 C:\Program Files\Java\jre6\bin\jqs.exe
652 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
764 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1452 C:\WINDOWS\explorer.exe
1464 C:\WINDOWS\system32\svchost.exe
1544 C:\WINDOWS\system32\rundll32.exe
2112 C:\WINDOWS\system32\searchindexer.exe
2784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2812 C:\WINDOWS\system32\igfxpers.exe
2820 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
2828 C:\Program Files\Microsoft Security Client\msseces.exe
2852 C:\Program Files\iTunes\iTunesHelper.exe
2876 C:\WINDOWS\system32\igfxsrvc.exe
2904 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2936 C:\WINDOWS\system32\hkcmd.exe
2972 C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
3060 C:\Program Files\Dell\QuickSet\quickset.exe
3256 wmiprvse.exe
3300 C:\WINDOWS\system32\WLTRAY.EXE
3320 C:\Program Files\DellTPad\Apoint.exe
3364 C:\Program Files\DellTPad\ApMsgFwd.exe
3372 C:\Program Files\Dentrix\DtxQuickLaunch.exe
3380 C:\WINDOWS\system32\ctfmon.exe
3388 C:\WINDOWS\system32\rundll32.exe
3420 C:\Program Files\DellTPad\hidfind.exe
3428 C:\Program Files\DellTPad\ApntEx.exe
3504 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
3528 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3824 C:\Program Files\iPod\bin\iPodService.exe
3912 alg.exe
912 C:\Program Files\Internet Explorer\iexplore.exe
3252 C:\Program Files\Internet Explorer\iexplore.exe
3024 C:\WINDOWS\system32\wscntfy.exe
2452 C:\WINDOWS\system32\searchprotocolhost.exe
3296 searchfilterhost.exe
2240 C:\Documents and Settings\Dr. Gioe\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: FEA788F8B8DE9383212521CD72B531C4A4BD3942


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Malwarebytes found three problems and advised me to urgently restart after it fixed the problems.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dr. Gioe :: D991PWJ1 [administrator]

7/30/2012 11:21:42 AM
mbam-log-2012-07-30 (11-21-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231268
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Dr. Gioe\Local Settings\temp\0.13455140202614135 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr. Gioe\Local Settings\temp\0.28489533335452755 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr. Gioe\Local Settings\temp\0.6889053770138498 (Trojan.BHO) -> Quarantined and deleted successfully.

(end)
 
This doesn't necessarily mean its infected, we will try a few other things and if they don't work then we will address the MBR

Looks like we crossed posts

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
Last edited:
OK, thanks, it looks fine

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
OTL Extras logfile created on: 7/30/2012 12:41:09 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Dr. Gioe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 82.44% Memory free
4.80 Gb Paging File | 4.38 Gb Available in Paging File | 91.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.29 Gb Total Space | 268.35 Gb Free Space | 93.09% Space Free | Partition Type: NTFS

Computer Name: D991PWJ1 | User Name: Dr. Gioe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DB57446-B8FE-46E5-98D4-396F50C490BA}" = Dentrix 11.0
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{91F46910-E6C9-44E1-8FA2-8D314BD2592C}" = Dentrix Practice Assistant
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AF32C7FA-C218-406A-A520-536A8C148830}" = Appointment Book
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.01.01.1007)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{4DB57446-B8FE-46E5-98D4-396F50C490BA}" = Dentrix 11.0
"InstallShield_{91F46910-E6C9-44E1-8FA2-8D314BD2592C}" = Dentrix Practice Assistant
"InstallShield_{AF32C7FA-C218-406A-A520-536A8C148830}" = Appointment Book
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2012 11:21:05 AM | Computer Name = D991PWJ1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/27/2012 11:21:05 AM | Computer Name = D991PWJ1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/30/2012 8:24:41 AM | Computer Name = D991PWJ1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/30/2012 8:24:41 AM | Computer Name = D991PWJ1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/30/2012 8:24:41 AM | Computer Name = D991PWJ1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/30/2012 8:31:29 AM | Computer Name = D991PWJ1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/30/2012 8:31:29 AM | Computer Name = D991PWJ1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/30/2012 8:31:29 AM | Computer Name = D991PWJ1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/30/2012 8:36:57 AM | Computer Name = D991PWJ1 | Source = Application Error | ID = 1000
Description = Faulting application aswmbr.exe, version 0.9.9.1665, faulting module
aswmbr.exe, version 0.9.9.1665, fault address 0x00049128.

Error - 7/30/2012 8:38:18 AM | Computer Name = D991PWJ1 | Source = Application Error | ID = 1000
Description = Faulting application aswmbr.exe, version 0.9.9.1665, faulting module
aswmbr.exe, version 0.9.9.1665, fault address 0x00005b96.

[ System Events ]
Error - 7/26/2012 3:10:49 PM | Computer Name = D991PWJ1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft TV/Video Connection service failed to start due to the
following error: %%1058

Error - 7/26/2012 3:18:48 PM | Computer Name = D991PWJ1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft TV/Video Connection service failed to start due to the
following error: %%1058

Error - 7/27/2012 8:26:26 AM | Computer Name = D991PWJ1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft TV/Video Connection service failed to start due to the
following error: %%1058

Error - 7/30/2012 8:16:22 AM | Computer Name = D991PWJ1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft TV/Video Connection service failed to start due to the
following error: %%1058

Error - 7/30/2012 8:41:51 AM | Computer Name = D991PWJ1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Fips intelppm MpFilter

Error - 7/30/2012 8:41:58 AM | Computer Name = D991PWJ1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/30/2012 8:42:50 AM | Computer Name = D991PWJ1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/30/2012 8:43:10 AM | Computer Name = D991PWJ1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/30/2012 8:43:55 AM | Computer Name = D991PWJ1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft TV/Video Connection service failed to start due to the
following error: %%1058

Error - 7/30/2012 12:32:32 PM | Computer Name = D991PWJ1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft TV/Video Connection service failed to start due to the
following error: %%1058


< End of report >
 
OTL logfile created on: 7/30/2012 12:41:09 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Dr. Gioe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 82.44% Memory free
4.80 Gb Paging File | 4.38 Gb Available in Paging File | 91.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.29 Gb Total Space | 268.35 Gb Free Space | 93.09% Space Free | Partition Type: NTFS

Computer Name: D991PWJ1 | User Name: Dr. Gioe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dr. Gioe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - c:\drivers\audio\R215959\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dentrix\DtxQuickLaunch.exe ( )


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0644e203\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f8595151\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2c6d171e\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f4091cf8\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\Dell\QuickSet\preflibcl.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (STacSV) -- c:\drivers\audio\R215959\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\DRF276~1.GIO\LOCALS~1\Temp\catchme.sys File not found
DRV - (MpKsl3724a2c6) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFF5785-3BE7-45DC-9684-2B561B187DD9}\MpKsl3724a2c6.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (MonFilt) -- C:\WINDOWS\system32\drivers\MonFilt.sys (Creative Technology Ltd.)
DRV - (AMBFilt) -- C:\WINDOWS\system32\drivers\AMBFilt.sys (Creative)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (CtClsFlt) -- C:\WINDOWS\system32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (OA009Ufd) -- C:\WINDOWS\system32\drivers\OA009Ufd.sys (Creative Technology Ltd.)
DRV - (OA009Vid) -- C:\WINDOWS\system32\drivers\OA009Vid.sys (Creative Technology Ltd.)
DRV - (OA009Afx) -- C:\WINDOWS\system32\drivers\OA009Afx.sys (Creative Technology Ltd.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\..\SearchScopes\{8458547F-A473-47B6-8A52-02C95BA4C3E4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dr. Gioe\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dr. Gioe\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Dr. Gioe\Application Data\Move Networks [2010/01/31 20:36:32 | 000,000,000 | ---D | M]

[2011/05/05 19:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/07/19 11:38:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\.DEFAULT..\Run: [PowerDVD DX] C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [PowerDVD DX] C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005..\Run: [DtxQuickLaunch.exe] C:\Program Files\Dentrix\DtxQuickLaunch.exe ( )
O4 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005..\Run: [PowerDVD DX] C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249672030562 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99D6E85F-BC24-4E22-8C7B-0FD7C318C9A7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 12:38:36 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gioe\Desktop\OTL.exe
[2012/07/30 07:35:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dr. Gioe\Desktop\aswMBR.exe
[2012/07/25 20:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/07/24 14:49:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr. Gioe\Desktop\dds.scr
[2012/07/24 13:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dr. Gioe\Desktop\TDSSKiller.exe
[2012/07/20 14:09:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/16 17:04:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/16 17:04:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/16 17:04:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/16 17:04:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/16 17:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 17:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gioe\Desktop\tdsskiller
[2012/07/16 17:01:56 | 004,582,475 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr. Gioe\Desktop\ComboFix.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/30 12:38:43 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gioe\Desktop\OTL.exe
[2012/07/30 12:32:44 | 000,003,359 | ---- | M] () -- C:\WINDOWS\dentrix.ini
[2012/07/30 12:30:42 | 000,033,038 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_30.07.2012_11.49.12_log.zip
[2012/07/30 11:48:43 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dr. Gioe\Desktop\TDSSKiller.exe
[2012/07/30 11:47:37 | 002,117,108 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\Desktop\tdsskiller.zip
[2012/07/30 11:42:31 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/30 11:32:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/30 11:32:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/30 11:32:25 | 3181,756,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 11:15:09 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\Desktop\MBRCheck.exe
[2012/07/30 07:42:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\Desktop\MBR.dat
[2012/07/30 07:35:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dr. Gioe\Desktop\aswMBR.exe
[2012/07/27 10:20:45 | 000,004,123 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\940-2q2012.pdf
[2012/07/25 20:02:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/24 17:19:47 | 000,004,095 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\Desktop\attach.zip
[2012/07/24 15:04:11 | 000,004,769 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\Attach.zip
[2012/07/24 14:49:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr. Gioe\Desktop\dds.scr
[2012/07/23 15:37:07 | 000,572,654 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\dcc-2650.pdf
[2012/07/19 11:38:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/19 11:31:34 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr. Gioe\Desktop\ComboFix.exe
[2012/07/18 08:45:21 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\941nov2011.lnk
[2012/07/16 16:40:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/13 10:26:06 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 15:42:49 | 000,004,115 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\941june2012.pdf
[2012/07/12 07:24:55 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 16:21:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 12:47:59 | 000,421,276 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\867.pdf
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/30 12:30:42 | 000,033,038 | ---- | C] () -- C:\TDSSKiller.2.7.48.0_30.07.2012_11.49.12_log.zip
[2012/07/30 11:47:35 | 002,117,108 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Desktop\tdsskiller.zip
[2012/07/30 11:14:37 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Desktop\MBRCheck.exe
[2012/07/30 07:43:46 | 3181,756,416 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/30 07:42:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Desktop\MBR.dat
[2012/07/27 10:20:45 | 000,004,123 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\My Documents\940-2q2012.pdf
[2012/07/24 17:19:47 | 000,004,095 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Desktop\attach.zip
[2012/07/23 15:37:07 | 000,572,654 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\My Documents\dcc-2650.pdf
[2012/07/16 17:04:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/16 17:04:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/16 17:04:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/16 17:04:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/16 17:04:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/16 16:37:26 | 000,002,111 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/07/16 16:37:26 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/07/16 16:37:26 | 000,001,727 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/07/12 15:42:49 | 000,004,115 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\My Documents\941june2012.pdf
[2012/07/11 12:47:59 | 000,421,276 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\My Documents\867.pdf
[2012/05/09 16:51:37 | 000,739,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/24 09:02:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DocCenter.INI
[2012/02/15 08:26:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/06 18:35:45 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\settings.dat
[2011/05/06 08:04:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/05 19:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 09:59:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bkaduyokuyepe.dat
[2010/02/17 13:47:29 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Application Data\wklnhst.dat
[2009/09/10 15:38:10 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/07 08:32:05 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2009/08/01 06:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/02/24 10:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/06 19:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/05/06 16:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/23 14:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/18 12:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/02/15 13:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pFcFcAe08200
[2010/05/23 14:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2009/08/01 06:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/01/05 08:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/01 06:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Windows Desktop Search
[2012/07/20 14:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Windows Search
[2009/08/01 06:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2010/12/17 08:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Gioe\Application Data\PCDr
[2010/02/17 13:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Gioe\Application Data\Template
[2009/08/01 06:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Gioe\Application Data\Windows Desktop Search
[2009/08/06 18:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Gioe\Application Data\Windows Search

========== Purity Check ==========



< End of report >
 
Nothing out of the ordinary on your log, lets run this script that will restore your hosts file to Microsoft default and flush out your DNS Cache


Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dr. Gioe\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dr. Gioe\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 321 bytes

User: All Users

User: Cheri
->Temp folder emptied: 180148 bytes
->Temporary Internet Files folder emptied: 15863152 bytes
->Flash cache emptied: 57028 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56787 bytes

User: Dr. Gioe
->Temp folder emptied: 245317 bytes
->Temporary Internet Files folder emptied: 108144551 bytes
->Java cache emptied: 9382354 bytes
->Flash cache emptied: 57262 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1425542 bytes
->Flash cache emptied: 3927 bytes

User: NetworkService
->Temp folder emptied: 70802 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 11869 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 804663 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 12646554 bytes

Total Files Cleaned = 142.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07302012_130153

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
OTL logfile created on: 7/30/2012 1:07:12 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Dr. Gioe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 82.45% Memory free
4.80 Gb Paging File | 4.37 Gb Available in Paging File | 90.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.29 Gb Total Space | 268.51 Gb Free Space | 93.14% Space Free | Partition Type: NTFS

Computer Name: D991PWJ1 | User Name: Dr. Gioe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dr. Gioe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - c:\drivers\audio\R215959\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dentrix\DtxQuickLaunch.exe ( )


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0644e203\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f8595151\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2c6d171e\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f4091cf8\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\Dell\QuickSet\preflibcl.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (STacSV) -- c:\drivers\audio\R215959\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\DRF276~1.GIO\LOCALS~1\Temp\catchme.sys File not found
DRV - (MpKsl3724a2c6) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFF5785-3BE7-45DC-9684-2B561B187DD9}\MpKsl3724a2c6.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (MonFilt) -- C:\WINDOWS\system32\drivers\MonFilt.sys (Creative Technology Ltd.)
DRV - (AMBFilt) -- C:\WINDOWS\system32\drivers\AMBFilt.sys (Creative)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (CtClsFlt) -- C:\WINDOWS\system32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (OA009Ufd) -- C:\WINDOWS\system32\drivers\OA009Ufd.sys (Creative Technology Ltd.)
DRV - (OA009Vid) -- C:\WINDOWS\system32\drivers\OA009Vid.sys (Creative Technology Ltd.)
DRV - (OA009Afx) -- C:\WINDOWS\system32\drivers\OA009Afx.sys (Creative Technology Ltd.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\..\SearchScopes\{8458547F-A473-47B6-8A52-02C95BA4C3E4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dr. Gioe\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dr. Gioe\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Dr. Gioe\Application Data\Move Networks [2010/01/31 20:36:32 | 000,000,000 | ---D | M]

[2011/05/05 19:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/07/30 13:01:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\.DEFAULT..\Run: [PowerDVD DX] C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [PowerDVD DX] C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005..\Run: [DtxQuickLaunch.exe] C:\Program Files\Dentrix\DtxQuickLaunch.exe ( )
O4 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005..\Run: [PowerDVD DX] C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Secunia PSI\PowerDVD DX\linjr.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3055671925-3798977919-3203595821-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249672030562 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99D6E85F-BC24-4E22-8C7B-0FD7C318C9A7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 13:01:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/30 12:38:36 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gioe\Desktop\OTL.exe
[2012/07/30 07:35:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dr. Gioe\Desktop\aswMBR.exe
[2012/07/25 20:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/07/24 14:49:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr. Gioe\Desktop\dds.scr
[2012/07/24 13:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dr. Gioe\Desktop\TDSSKiller.exe
[2012/07/20 14:09:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/16 17:04:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/16 17:04:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/16 17:04:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/16 17:04:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/16 17:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 17:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Gioe\Desktop\tdsskiller
[2012/07/16 17:01:56 | 004,582,475 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr. Gioe\Desktop\ComboFix.exe

========== Files - Modified Within 30 Days ==========

[2012/07/30 13:04:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/30 13:04:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/30 13:04:01 | 3181,756,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 13:01:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/30 12:58:30 | 000,003,359 | ---- | M] () -- C:\WINDOWS\dentrix.ini
[2012/07/30 12:38:43 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Gioe\Desktop\OTL.exe
[2012/07/30 12:30:42 | 000,033,038 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_30.07.2012_11.49.12_log.zip
[2012/07/30 11:48:43 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dr. Gioe\Desktop\TDSSKiller.exe
[2012/07/30 11:47:37 | 002,117,108 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\Desktop\tdsskiller.zip
[2012/07/30 11:42:31 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/30 11:15:09 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\Desktop\MBRCheck.exe
[2012/07/30 07:42:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\Desktop\MBR.dat
[2012/07/30 07:35:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dr. Gioe\Desktop\aswMBR.exe
[2012/07/27 10:20:45 | 000,004,123 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\940-2q2012.pdf
[2012/07/25 20:02:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/24 17:19:47 | 000,004,095 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\Desktop\attach.zip
[2012/07/24 15:04:11 | 000,004,769 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\Attach.zip
[2012/07/24 14:49:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr. Gioe\Desktop\dds.scr
[2012/07/23 15:37:07 | 000,572,654 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\dcc-2650.pdf
[2012/07/19 11:31:34 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr. Gioe\Desktop\ComboFix.exe
[2012/07/18 08:45:21 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\941nov2011.lnk
[2012/07/16 16:40:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/13 10:26:06 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 15:42:49 | 000,004,115 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\941june2012.pdf
[2012/07/12 07:24:55 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 16:21:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 12:47:59 | 000,421,276 | ---- | M] () -- C:\Documents and Settings\Dr. Gioe\My Documents\867.pdf
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/30 12:30:42 | 000,033,038 | ---- | C] () -- C:\TDSSKiller.2.7.48.0_30.07.2012_11.49.12_log.zip
[2012/07/30 11:47:35 | 002,117,108 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Desktop\tdsskiller.zip
[2012/07/30 11:14:37 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Desktop\MBRCheck.exe
[2012/07/30 07:43:46 | 3181,756,416 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/30 07:42:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Desktop\MBR.dat
[2012/07/27 10:20:45 | 000,004,123 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\My Documents\940-2q2012.pdf
[2012/07/24 17:19:47 | 000,004,095 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Desktop\attach.zip
[2012/07/23 15:37:07 | 000,572,654 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\My Documents\dcc-2650.pdf
[2012/07/16 17:04:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/16 17:04:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/16 17:04:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/16 17:04:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/16 17:04:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/16 16:37:26 | 000,002,111 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/07/16 16:37:26 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/07/16 16:37:26 | 000,001,727 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/07/12 15:42:49 | 000,004,115 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\My Documents\941june2012.pdf
[2012/07/11 12:47:59 | 000,421,276 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\My Documents\867.pdf
[2012/05/09 16:51:37 | 000,739,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/24 09:02:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DocCenter.INI
[2012/02/15 08:26:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/06 18:35:45 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\settings.dat
[2011/05/06 08:04:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/05 19:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 09:59:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bkaduyokuyepe.dat
[2010/02/17 13:47:29 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Application Data\wklnhst.dat
[2009/09/10 15:38:10 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/07 08:32:05 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Dr. Gioe\Local Settings\Application Data\fusioncache.dat

< End of report >
 
Yes, I still get redirected and Microsoft Security Essentials found the same trojan (tadtruss?) that it has been finding for the last two weeks. This might not be related, but when closing windows run32dll.exe can't close.
 
This may be related to your Java, it looks like you have run Combofix before, go to C:\ComboFix.txt and copy and paste the log for me to see
 
Status
Not open for further replies.
Back
Top