I am using Chrome, and when ever I search for something in the address bar I get redirected to hXXp://search.certified-toolbar.com. So far I have run Malwarebytes Anti-Malware and SUPERAntiSpyware Free Edition and they have found and removed some stuff but the virus is still there.
Here is my OTL log.
Thanks in advance.
Chris
OTL logfile created on: 01/11/2012 21:27:23 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator.LCI\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.51% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 34.40 Gb Free Space | 46.16% Space Free | Partition Type: NTFS
Drive D: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: PDAVIS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/01 19:37:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.LCI\My Documents\Downloads\OTL.exe
PRC - [2012/10/30 18:14:45 | 001,252,888 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/10/08 04:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/20 08:07:32 | 000,385,024 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\JMRaidTool.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/30 18:14:42 | 000,459,800 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\ppgooglenaclpluginchrome.dll
MOD - [2012/10/30 18:14:41 | 012,456,984 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\PepperFlash\pepflashplayer.dll
MOD - [2012/10/30 18:14:39 | 004,012,056 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\pdf.dll
MOD - [2012/10/30 18:13:19 | 000,597,528 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\libglesv2.dll
MOD - [2012/10/30 18:13:18 | 000,123,928 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\libegl.dll
MOD - [2012/10/30 18:13:15 | 001,552,408 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\ffmpegsumo.dll
MOD - [2006/02/28 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DM9102.dll -- (gbpoll)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/01/24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV - [2011/10/08 04:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/13 15:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/05/04 08:13:52 | 004,271,616 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/04/20 08:02:44 | 000,042,368 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/02/26 21:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/07 11:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://companyweb
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-837310289-879497696-1013717309-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2012/04/12 07:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: http://search.certif...e=true&tid=2938
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://search.certif...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.certif...e=true&tid=2938
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.1\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKU\S-1-5-21-837310289-879497696-1013717309-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-759657905-2212592364-2257267456-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-837310289-879497696-1013717309-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://10.0.0.1/Conn...uter/nshelp.dll (NSHelp Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1173367481442 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LCI.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D2FB16-FD21-4077-8EF8-22C1C277DDCC}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/05 09:13:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/04 15:12:12 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2005/01/07 13:19:58 | 000,643,072 | R--- | M] (Blue Byte Software, Inc.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005/01/13 11:36:06 | 000,000,083 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/01 19:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LCI\Application Data\SUPERAntiSpyware.com
[2012/11/01 19:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/11/01 19:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/11/01 19:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/11/01 08:26:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LCI\Recent
[2012/10/30 21:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LCI\Desktop\Robot Arm
[2012/10/30 19:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/30 19:19:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/30 19:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/30 13:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/10/30 13:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/10/29 20:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LCI\Application Data\WinRAR
[2012/10/29 20:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/01 21:17:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-837310289-879497696-1013717309-500UA.job
[2012/11/01 21:15:04 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Desktop\Shortcut to OTL.lnk
[2012/11/01 21:11:19 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/01 21:11:17 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/01 21:11:09 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2012/11/01 21:10:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/01 21:10:01 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/11/01 21:08:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/01 19:54:21 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task f9c1ad30-891e-491a-b828-c9116edd0f99.job
[2012/11/01 19:54:20 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 997bdcb9-6d0a-470d-a1df-2efdb0977c33.job
[2012/11/01 19:54:10 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/01 18:17:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-837310289-879497696-1013717309-500Core.job
[2012/10/31 08:29:08 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/30 22:35:30 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/30 19:19:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/30 19:17:57 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/30 19:07:09 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/10/29 20:43:56 | 000,000,014 | ---- | M] () -- C:\end
[2012/10/29 08:00:22 | 000,000,040 | ---- | M] () -- C:\biosinfo
[2012/10/28 10:51:12 | 000,444,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/28 10:51:12 | 000,072,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/05 20:45:25 | 000,055,680 | ---- | M] () -- C:\Documents and Settings\Administrator.LCI\Desktop\spicanflowchart.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/01 21:15:04 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator.LCI\Desktop\Shortcut to OTL.lnk
[2012/11/01 19:54:20 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task f9c1ad30-891e-491a-b828-c9116edd0f99.job
[2012/11/01 19:54:20 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 997bdcb9-6d0a-470d-a1df-2efdb0977c33.job
[2012/11/01 19:54:10 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/30 22:35:30 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/30 19:19:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/30 13:47:42 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/10/29 20:40:33 | 000,015,432 | ---- | C] () -- C:\WINDOWS\Launcher.exe
[2012/10/29 20:38:52 | 000,000,014 | ---- | C] () -- C:\end
[2012/10/13 14:41:41 | 000,025,927 | ---- | C] () -- C:\Documents and Settings\Administrator.LCI\Desktop\I sense.pdf
[2012/10/05 20:45:22 | 000,055,680 | ---- | C] () -- C:\Documents and Settings\Administrator.LCI\Desktop\spicanflowchart.jpg
[2012/07/13 20:18:00 | 004,389,441 | ---- | C] () -- C:\WINDOWS\System32\USBAccessLink.dll
[2012/07/13 20:18:00 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SerialAccessLink.dll
[2012/06/05 10:10:39 | 000,136,507 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2012/06/05 10:10:39 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2012/04/27 19:26:41 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator.LCI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/19 13:58:58 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2012/04/16 10:34:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2012/02/14 12:18:01 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2012/01/28 19:36:20 | 000,286,052 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/28 19:36:20 | 000,286,052 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/28 19:36:20 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/28 19:35:47 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/28 19:18:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/02 14:12:06 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\eST3snm.dll
[2007/03/09 09:46:54 | 000,004,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
========== ZeroAccess Check ==========
[2007/03/08 15:53:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007/01/04 14:05:30 | 001,498,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 10:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2006/02/28 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/04/27 19:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\.mplab_ide
[2012/07/13 20:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\.wireless_development_studio
[2012/08/18 14:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\CadSoft
[2012/10/06 22:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\DAEMON Tools Pro
[2012/02/07 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\DraftSight
[2008/04/24 16:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\IMSIDesign
[2012/08/17 21:19:18 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\Microchip
[2012/08/22 18:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\OpenCandy
[2012/08/29 13:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\Unity
[2012/09/29 20:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LCI\Application Data\Visan
[2012/06/02 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/08/22 18:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2012/02/07 21:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2012/08/29 20:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DipTrace
[2012/06/02 22:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/03/09 10:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus for Windows Workstations
[2012/10/02 18:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/06/20 10:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pegasus
[2012/10/29 20:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/07/20 16:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/22 07:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2012/09/29 20:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
========== Purity Check ==========
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB59785$] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ==========
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
< End of report >
Edited by Dakeyras, 01 November 2012 - 03:47 PM.
Disabled malicious URL for safety reasons.