Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect Virus

Started by sjacobso , Nov 07 2011 08:08 PM

  • This topic is locked This topic is locked

#1
sjacobso
Posted 07 November 2011 - 08:08 PM

sjacobso

    Member

  • Member
  • PipPip
  • 10 posts
Hi. I seem to have a redirect virus (get a bunch of ad when a search is placed). I used Malware Bytes and it found something and it seemed to work then later started doing the same thing. Now malware bytes doesn't detect anything. Here is my OTL log:

OTL logfile created on: 11/7/2011 5:57:31 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\sjacobso\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 55.94% Memory free
6.20 Gb Paging File | 5.04 Gb Available in Paging File | 81.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1863.01 Gb Total Space | 1555.95 Gb Free Space | 83.52% Space Free | Partition Type: NTFS
Drive D: | 595.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 318.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SJACOBSO-PC | User Name: sjacobso | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 17:40:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\sjacobso\Desktop\OTL.exe
PRC - [2011/11/03 11:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 11:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/11/01 21:46:49 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/21 01:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2010/05/05 23:51:00 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2010/05/05 23:46:10 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/10/05 12:30:46 | 000,099,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldoserv.exe
PRC - [2007/10/05 05:30:34 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldocoms.exe
PRC - [2007/07/31 18:02:22 | 000,151,552 | ---- | M] (Dell, Inc) -- C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
PRC - [2007/06/27 09:18:40 | 000,215,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007/06/27 09:18:20 | 000,293,080 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007/06/27 09:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007/06/27 09:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007/06/27 09:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007/06/27 09:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007/06/27 09:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007/06/27 09:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007/06/27 09:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/06/27 09:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007/05/09 00:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM05Mon.exe
PRC - [2007/02/12 10:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 19:12:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 19:12:51 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/12 18:35:10 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 18:34:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/03 11:19:42 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2007/09/14 21:04:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/08/07 14:49:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007/07/31 18:02:36 | 000,006,656 | ---- | M] () -- C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkDPS.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/03 11:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/17 11:14:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/16 13:08:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/11/11 12:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 12:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 12:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/05 12:30:46 | 000,099,568 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 05:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/06/27 09:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 09:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 09:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 09:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 09:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 09:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 09:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 09:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/02/12 10:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 11:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 11:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/22 19:06:54 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2010/05/06 01:36:12 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/06 01:36:02 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/06 01:35:54 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/06 01:35:46 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/06 01:31:40 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/06 01:31:22 | 000,528,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/05/06 01:31:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/06 01:27:06 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2010/05/06 01:27:06 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/06 01:26:58 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2010/05/06 01:26:58 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/06 01:26:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2010/05/06 01:26:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/04/10 20:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2007/09/14 21:16:22 | 003,151,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/20 00:00:00 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/06/29 16:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/27 09:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/06/20 10:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/08 00:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/03/05 17:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/02/18 19:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/01 23:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\sjacobso\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/01 21:46:58 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: We-Care Reminder = C:\Users\sjacobso\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.15_0\
CHR - Extension: We-Care Reminder = C:\Users\sjacobso\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.15_0\.bak

O1 HOSTS File: ([2009/08/20 12:46:40 | 000,001,200 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAVNIQDRR] C:\Users\sjacobso\AppData\Roaming\bcrypts.dll ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15050955-7C14-4504-A72D-396E4AF3707C}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A7080C7-6A85-4F38-A635-586139119F92}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sjacobso\Desktop\mark and matt&fish.jpg
O24 - Desktop BackupWallPaper: C:\Users\sjacobso\Desktop\mark and matt&fish.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/05/28 21:55:38 | 000,086,016 | R--- | M] (Knowledge Adventure) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2005/12/14 06:31:05 | 000,005,721 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [1999/09/02 10:48:08 | 000,000,914 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b22fb37f-9d3c-11e0-bd03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b22fb37f-9d3c-11e0-bd03-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2001/05/28 21:55:38 | 000,086,016 | R--- | M] (Knowledge Adventure)
O33 - MountPoints2\{b22fb37f-9d3c-11e0-bd03-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{b22fb37f-9d3c-11e0-bd03-806e6f6e6963}\Shell\Setup\command - "" = D:\INSTALL.EXE -- [2000/10/02 13:45:16 | 000,061,440 | R--- | M] (Knowledge Adventure)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\aoesetup.exe -- [2000/09/27 11:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [1999/01/08 12:10:00 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\dplay\command - "" = E:\DIRECTX\DPLAY61A.EXE -- [1999/06/18 09:35:30 | 000,485,600 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\dxdiag\command - "" = E:\GOODIES\AR40ENG.EXE -- [1999/05/27 12:01:48 | 005,455,526 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\dxinfo\command - "" = E:\GOODIES\DIRECTX\DXINFO.EXE -- [1997/07/14 18:00:00 | 000,299,520 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\dxtest\command - "" = E:\DIRECTX\DXDIAG.EXE -- [1999/01/08 12:10:00 | 001,253,648 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\dxtool\command - "" = E:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997/07/14 18:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\log\command - "" = E:\goodies\machine\machine.exe -- [1999/08/17 07:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\machine\command - "" = E:\GOODIES\MACHINE\MACHINE.EXE -- [1999/08/17 07:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\setup\command - "" = E:\aoesetup.exe -- [2000/09/27 11:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b22fb380-9d3c-11e0-bd03-806e6f6e6963}\Shell\zone\command - "" = E:\GOODIES\MSZONE\ZONEA600.EXE -- [1999/09/01 09:16:04 | 006,753,985 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 17:51:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\sjacobso\Desktop\aswMBR.exe
[2011/11/07 17:41:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\sjacobso\Desktop\OTL.exe
[2011/11/06 08:51:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/05 13:42:42 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\sjacobso\Desktop\FixTDSS.exe
[2011/11/05 13:38:06 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\sjacobso\Desktop\killer.com
[2011/11/04 19:34:05 | 000,000,000 | ---D | C] -- C:\Users\sjacobso\AppData\Local\adaware
[2011/11/04 19:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/11/04 19:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/01 21:47:09 | 000,000,000 | ---D | C] -- C:\Users\sjacobso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2011/11/01 21:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/11/01 21:46:50 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/11/01 21:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/11/01 21:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\vGrabber
[2011/11/01 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/11/01 21:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/11/01 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\sjacobso\Desktop\Music
[2011/10/28 16:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2011/10/21 11:35:40 | 000,000,000 | ---D | C] -- C:\Users\sjacobso\AppData\Local\Unity
[2011/10/13 20:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 20:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 20:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 20:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/26 17:18:45 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2011/06/26 17:18:45 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2011/06/26 17:18:45 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2011/06/26 17:18:44 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2011/06/26 17:18:44 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2011/06/26 17:18:44 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2011/06/26 17:18:44 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2011/06/26 17:18:44 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2011/06/26 17:18:43 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2011/06/26 17:18:43 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldoih.exe
[2011/06/26 17:18:42 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldocoms.exe
[2011/06/26 17:18:41 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2011/06/26 17:18:41 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldocfg.exe
[2011/06/26 17:18:41 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[2010/05/05 23:53:34 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/05/05 23:32:20 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 17:52:36 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/07 17:52:36 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/07 17:52:14 | 000,000,512 | ---- | M] () -- C:\Users\sjacobso\Desktop\MBR.dat
[2011/11/07 17:47:46 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\sjacobso\Desktop\aswMBR.exe
[2011/11/07 17:40:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\sjacobso\Desktop\OTL.exe
[2011/11/07 16:56:25 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 16:56:25 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 18:15:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 11:15:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/06 08:56:40 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/06 08:56:05 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/06 08:55:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/06 08:54:10 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/06 08:54:10 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/06 08:54:10 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/05 17:47:17 | 000,008,099 | ---- | M] () -- C:\ProgramData\dldo
[2011/11/05 13:58:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/05 13:42:04 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\sjacobso\Desktop\FixTDSS.exe
[2011/11/05 13:35:14 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\sjacobso\Desktop\killer.com
[2011/11/05 09:16:25 | 000,000,311 | ---- | M] () -- C:\Windows\KA.INI
[2011/11/04 19:33:44 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/04 05:30:54 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/11/04 05:30:54 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/11/03 11:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/11/01 21:47:09 | 000,001,673 | ---- | M] () -- C:\Users\sjacobso\Desktop\vGrabber YouTube Download.lnk
[2011/11/01 21:47:07 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/11/01 21:46:50 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/10/28 14:33:59 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/10/28 14:33:59 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/10/28 14:33:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/26 21:03:28 | 000,000,162 | ---- | M] () -- C:\Users\sjacobso\Desktop\__er_Review_for_Marie__by_Mark_.rtf1.rtf
[2011/10/26 20:55:04 | 000,042,014 | ---- | M] () -- C:\Users\sjacobso\Desktop\Peer_Review for Marie (by Mark).rtf
[2011/10/26 20:14:59 | 000,041,819 | ---- | M] () -- C:\Users\sjacobso\Desktop\Peer_Review for Lori (by Mark).rtf
[2011/10/26 18:21:17 | 000,045,943 | ---- | M] () -- C:\Users\sjacobso\Desktop\peer review of Corinne.rtf
[2011/10/23 13:34:50 | 000,025,037 | ---- | M] () -- C:\Users\sjacobso\Desktop\Corinne_Anglin
[2011/10/23 13:28:46 | 000,079,269 | ---- | M] () -- C:\Users\sjacobso\Desktop\Mark_Jacobson-Football
[2011/10/21 11:14:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/10/20 05:36:15 | 000,001,776 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/10/13 20:40:26 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/13 20:40:26 | 000,001,854 | ---- | M] () -- C:\Users\sjacobso\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/13 20:38:37 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/12 18:32:40 | 002,202,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/11 19:06:49 | 000,069,120 | RHS- | M] () -- C:\Users\sjacobso\AppData\Roaming\bcrypts.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 17:52:14 | 000,000,512 | ---- | C] () -- C:\Users\sjacobso\Desktop\MBR.dat
[2011/11/06 08:22:40 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/01 21:47:09 | 000,001,673 | ---- | C] () -- C:\Users\sjacobso\Desktop\vGrabber YouTube Download.lnk
[2011/11/01 21:47:07 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/28 14:33:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/26 21:03:27 | 000,000,162 | ---- | C] () -- C:\Users\sjacobso\Desktop\__er_Review_for_Marie__by_Mark_.rtf1.rtf
[2011/10/26 20:55:04 | 000,042,014 | ---- | C] () -- C:\Users\sjacobso\Desktop\Peer_Review for Marie (by Mark).rtf
[2011/10/26 20:14:59 | 000,041,819 | ---- | C] () -- C:\Users\sjacobso\Desktop\Peer_Review for Lori (by Mark).rtf
[2011/10/26 18:21:17 | 000,045,943 | ---- | C] () -- C:\Users\sjacobso\Desktop\peer review of Corinne.rtf
[2011/10/23 13:34:50 | 000,025,037 | ---- | C] () -- C:\Users\sjacobso\Desktop\Corinne_Anglin
[2011/10/23 13:28:46 | 000,079,269 | ---- | C] () -- C:\Users\sjacobso\Desktop\Mark_Jacobson-Football
[2011/10/21 11:14:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/10/13 20:40:26 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/13 20:38:37 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 19:06:49 | 000,069,120 | RHS- | C] () -- C:\Users\sjacobso\AppData\Roaming\bcrypts.dll
[2011/09/20 17:59:27 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/09/20 17:59:27 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/09/17 19:21:50 | 000,006,005 | ---- | C] () -- C:\Users\sjacobso\AppData\Roaming\Cabos.plist
[2011/09/16 07:06:14 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/07/16 13:08:22 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011/07/16 13:08:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011/07/05 11:35:18 | 000,008,099 | ---- | C] () -- C:\ProgramData\dldo
[2011/06/29 14:23:29 | 000,005,632 | ---- | C] () -- C:\Users\sjacobso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 17:22:07 | 001,377,872 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2011/06/26 17:20:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2011/06/26 17:20:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2011/06/26 17:20:27 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2011/06/26 17:20:27 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2011/06/26 17:18:46 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2011/06/26 17:18:45 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2011/06/26 17:18:43 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2011/06/26 17:18:43 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2011/06/26 17:18:43 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2011/06/26 17:18:43 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2011/06/26 17:18:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2011/06/26 17:18:42 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2011/06/26 17:18:42 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2011/06/26 17:18:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2011/06/26 17:18:40 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2011/06/25 07:23:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/25 07:23:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/25 07:22:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/24 15:35:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/23 18:46:16 | 000,000,311 | ---- | C] () -- C:\Windows\KA.INI
[2011/06/23 07:26:19 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011/06/22 19:28:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/22 19:23:53 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011/06/22 19:23:53 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/06/22 19:23:52 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/22 19:23:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011/06/22 19:23:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011/06/22 19:19:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011/06/22 19:19:32 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2011/06/22 18:11:23 | 000,001,356 | ---- | C] () -- C:\Users\sjacobso\AppData\Local\d3d9caps.dat
[2010/05/06 00:34:18 | 000,027,039 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/05/06 00:34:16 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/05/05 23:51:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2010/05/05 23:35:32 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/05/05 23:32:24 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/06/03 11:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/03 11:04:50 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/03 11:04:50 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/05/26 09:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2007/09/06 18:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll
[2007/08/31 16:51:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll
[2007/08/03 16:08:52 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2007/06/14 18:45:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll
[2006/11/02 19:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 04:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:46:27 | 002,202,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/01 04:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2006/06/23 09:09:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[1997/06/13 17:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/07/03 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\sjacobso\AppData\Roaming\968 Series
[2011/09/17 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\sjacobso\AppData\Roaming\Cabos
[2011/09/21 05:38:16 | 000,000,000 | ---D | M] -- C:\Users\sjacobso\AppData\Roaming\FrostWire
[2011/09/20 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\sjacobso\AppData\Roaming\Shareaza
[2011/11/06 08:56:40 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/11/06 08:53:49 | 000,028,752 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\sjacobso\Downloads:Shareaza.GUID

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 13 November 2011 - 09:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay could you run a fresh OTL scan for me please

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Only one log will be produced

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
sjacobso
Posted 14 November 2011 - 10:00 PM

sjacobso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you but I kept messing with it and downloaded something called avast anti virus (free). It found the problem and so far it has been working. I'll let you know if it stops.

Thanks
  • 0

#4
Essexboy
Posted 15 November 2011 - 12:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the log please for aswMBR and OTL as there may still be remnants
  • 0

#5
Essexboy
Posted 19 November 2011 - 08:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP