Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Won't Load in Any Browser [Solved]

Started by haytil , Jan 21 2013 09:44 PM

  • This topic is locked This topic is locked

#1
haytil
Posted 21 January 2013 - 09:44 PM

haytil

    New Member

  • Member
  • Pip
  • 9 posts
I am having a problem with my Windows XP laptop (Service Pack 3, I believe - definitely up to date). It no longer opens google.com, from any browser.

-I have tried both Internet Explorer and Firefox. The browser complains that the connection times out.
-The google search bar also has the same issue when I try to search using google.
-A simple ping from my command line also times out on www.google.com.
-The issue occurs no matter which network I am connected to - it is not unique to my network.
-The problem is unique to this laptop - my other laptop (Windows 7) works fine.
-Any other website works fine. Additionally, other search engines work in my search bar (so if I switch to yahoo in my search bar, it works fine).
-Malware scans report no problems.
-The problem is quite old, probably dating back to sometime early last year. However, I did not investigate or resolve the issue as this laptop is my backup laptop (which I'm now relying on as my main Windows 7 laptop is currently having hardware issues). On the plus side, though the issue is old, at least this means the computer has been used relatively little since the problem began. However, I am not sure if this means I should modify the "file age" parameter in an OTL scan.
-My searches for a solution turned up this thread (http://www.geekstogo...om-any-browser/), which seems to describe the exact same problem I'm having.

Here is the result of the OTL quick-scan:

OTL logfile created on: 1/21/2013 9:39:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Zaid\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.36% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 15.02 Gb Free Space | 13.75% Space Free | Partition Type: NTFS

Computer Name: ROUTERV | User Name: Zaid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/21 21:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zaid\Desktop\OTL.exe
PRC - [2013/01/21 21:11:09 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Firefox\firefox.exe
PRC - [2013/01/21 21:11:06 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Firefox\plugin-container.exe
PRC - [2012/01/18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/07/12 06:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 18:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/11/14 20:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\McAfee\Common Framework\Mctray.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/03 11:39:58 | 000,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/21 21:11:08 | 002,397,152 | ---- | M] () -- C:\Firefox\mozjs.dll
MOD - [2012/12/02 21:30:10 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2009/07/02 07:02:56 | 000,289,792 | ---- | M] () -- C:\Program Files\Antbar\Ant.com Toolbar\tbu02012\AntPlugin.dll
MOD - [2009/06/02 08:51:20 | 002,695,168 | ---- | M] () -- C:\Program Files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll
MOD - [2009/02/17 10:59:00 | 000,288,256 | ---- | M] () -- C:\Program Files\Antbar\Ant.com Toolbar\AntPlugin.dll
MOD - [2009/01/16 10:04:30 | 002,596,864 | ---- | M] () -- C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll
MOD - [2007/03/16 03:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/12/11 15:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/17 13:41:22 | 000,120,384 | ---- | M] () -- C:\McAfee\Common Framework\naXML71.dll
MOD - [2006/11/17 13:39:10 | 000,071,232 | ---- | M] () -- C:\McAfee\Common Framework\naisign.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/21 21:30:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/21 21:11:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/19 13:04:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/20 14:37:29 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/11/14 20:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MRVW245.sys -- (MRVW245)
DRV - File not found [Kernel | Auto | Stopped] -- C:\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Zaid\LOCALS~1\Temp\jgameenp.sys -- (jgameenp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\usr\bin\ioperm.sys -- (ioperm)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Zaid\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a8b1lodn)
DRV - [2011/07/06 15:32:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/11/08 17:15:06 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/23 21:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/23 21:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/23 21:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/30 22:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/30 22:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/22 19:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/22 19:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/22 19:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/22 19:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/16 03:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/30 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/04/09 23:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071106
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071106
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {833E99C5-7FBC-4223-BBDB-889F1197012C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{833E99C5-7FBC-4223-BBDB-889F1197012C}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=2: C:\Documents and Settings\Zaid\Local Settings\Application Data\Google\Update\1.2.121.9\npGoogleOneClick.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Firefox\components [2013/01/21 21:11:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Firefox\plugins [2012/09/29 00:35:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Veoh\Plugins\noreg\VideoFinder4 [2008/05/15 00:37:24 | 000,000,000 | ---D | M]

[2008/08/06 00:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zaid\Application Data\Mozilla\Extensions
[2012/12/02 20:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zaid\Application Data\Mozilla\Firefox\Profiles\fm6y07nj.default\extensions
[2010/04/27 07:54:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Zaid\Application Data\Mozilla\Firefox\Profiles\fm6y07nj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/20 09:21:16 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Zaid\Application Data\Mozilla\Firefox\Profiles\fm6y07nj.default\extensions\[email protected]

O1 HOSTS File: ([2012/02/25 22:46:19 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll ()
O2 - BHO: (TBSB00982 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll ()
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [ShStatEXE] C:\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Zaid\Start Menu\Programs\Startup\AutorunsDisabled [2008/09/04 12:27:54 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.h...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1354518980703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70FA97BF-F9BD-41AC-A372-B8F109EB0ED7}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d49d7c0e-7a24-11df-bc24-001c26dde9db}\Shell - "" = AutoRun
O33 - MountPoints2\{d49d7c0e-7a24-11df-bc24-001c26dde9db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d49d7c0e-7a24-11df-bc24-001c26dde9db}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 21:17:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/01/21 21:17:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zaid\Desktop\OTL.exe
[2009/10/16 07:28:24 | 000,442,368 | ---- | C] (Sierra On-Line, Inc.) -- C:\Documents and Settings\Zaid\PB2DEMO.EXE
[2009/10/16 07:28:23 | 000,143,388 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Zaid\DSOUND.DLL
[5 C:\Documents and Settings\Zaid\My Documents\*.tmp files -> C:\Documents and Settings\Zaid\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/21 21:30:33 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/21 21:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zaid\Desktop\OTL.exe
[2013/01/21 21:12:16 | 000,445,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/21 21:12:16 | 000,073,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/21 21:08:58 | 000,302,952 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/21 21:08:14 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/01/21 21:07:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/21 21:07:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/21 21:07:48 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[5 C:\Documents and Settings\Zaid\My Documents\*.tmp files -> C:\Documents and Settings\Zaid\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/25 21:27:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/15 13:04:19 | 000,000,597 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/06/01 05:48:37 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Zaid\.appletviewer
[2010/03/07 20:50:30 | 000,012,000 | -HS- | C] () -- C:\Documents and Settings\Zaid\Local Settings\Application Data\ksY41JP0et2Ke
[2010/02/22 17:23:55 | 000,014,370 | -HS- | C] () -- C:\Documents and Settings\Zaid\Local Settings\Application Data\e1wnOl
[2010/02/14 02:49:07 | 000,001,490 | ---- | C] () -- C:\Documents and Settings\Zaid\.recently-used.xbel
[2009/12/20 14:37:22 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Zaid\GoToAssistDownloadHelper.exe
[2009/10/23 12:01:11 | 000,027,488 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.inc
[2009/10/16 07:28:23 | 004,347,972 | ---- | C] () -- C:\Documents and Settings\Zaid\RESOURCE.001
[2009/10/16 07:28:23 | 000,040,425 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1000.MID
[2009/10/16 07:28:23 | 000,025,462 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1008.MID
[2009/10/16 07:28:23 | 000,025,354 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1005.MID
[2009/10/16 07:28:23 | 000,024,744 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1004.MID
[2009/10/16 07:28:23 | 000,019,978 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1003.MID
[2009/10/16 07:28:23 | 000,018,257 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1001.MID
[2009/10/16 07:28:23 | 000,018,114 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1009.MID
[2009/10/16 07:28:23 | 000,017,173 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1006.MID
[2009/10/16 07:28:23 | 000,014,485 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1002.MID
[2009/10/16 07:28:23 | 000,012,783 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1007.MID
[2009/10/16 07:28:23 | 000,002,552 | ---- | C] () -- C:\Documents and Settings\Zaid\DSOUND.INI
[2009/10/16 07:28:23 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\Zaid\README.WRI
[2009/10/16 07:28:23 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Zaid\RESOURCE.MAP
[2009/04/28 00:20:39 | 000,008,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mwmmgr.inc
[2008/06/28 18:44:28 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\Zaid\Application Data\wklnhst.dat
[2008/04/12 14:52:14 | 000,007,169 | ---- | C] () -- C:\Documents and Settings\Zaid\.root_hist
[2008/02/04 02:17:40 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Zaid\Application Data\PodUtil Preferences
[2008/01/21 16:05:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zaid\.gtk-bookmarks
[2007/11/25 08:00:57 | 000,002,161 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/10 16:26:43 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Zaid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/08 17:21:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Zaid\PUTTY.RND

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/18 21:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2008/10/01 22:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2008/01/21 19:44:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/02 14:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/09/05 00:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2009/09/04 23:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HicEst
[2008/02/04 17:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/07/25 19:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/08/19 10:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/12 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Startup Manager
[2008/04/05 02:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/09/17 23:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/12 10:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/22 21:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/25 12:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\.minecraft
[2008/08/08 20:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\Aim
[2008/01/21 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\Canon
[2010/10/01 20:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\Dropbox
[2010/06/02 14:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\ElevatedDiagnostics
[2009/09/05 00:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\FileOpen
[2010/07/28 16:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\fltk.org
[2008/05/19 22:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\GeoVid
[2010/05/19 23:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\GetRightToGo
[2011/08/11 10:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\GoPanda
[2010/02/14 02:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\gtk-2.0
[2010/08/19 12:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\id Software
[2008/05/23 20:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\ImgBurn
[2009/08/06 22:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\Moyea
[2008/02/04 17:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\NCH Swift Sound
[2009/05/21 15:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\Subversion
[2009/09/20 15:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\SystemRequirementsLab
[2008/06/28 18:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\Template
[2009/06/16 21:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\Unity
[2012/07/25 10:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\uTorrent
[2008/06/20 11:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\WildPackets
[2009/04/20 11:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zaid\Application Data\Xerox

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
@Alternate Data Stream - 480 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >



EDIT: I just saw that OTL also opened a text file called "Extras.txt." I can post the contents of that file here as well if you wish.

Thank you for your time.

Edited by haytil, 21 January 2013 - 09:50 PM.

  • 0

Advertisements

#2
gringo_pr
Posted 21 January 2013 - 10:24 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
haytil
Posted 21 January 2013 - 11:37 PM

haytil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is the results of running "Security Check:"

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee VirusScan Enterprise
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 2.0.2
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 17.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
VirusScan Enterprise Mcshield.exe
VirusScan Enterprise VsTskMgr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````






I am now going to run AdwCleaner.
  • 0

#4
haytil
Posted 21 January 2013 - 11:45 PM

haytil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is the results of running "AdwCleaner":

# AdwCleaner v2.107 - Logfile created 01/21/2013 at 23:38:58
# Updated 21/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Zaid - ROUTERV
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Zaid\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\TBSB00982
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\OpenCandy

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Zaid\Application Data\Mozilla\Firefox\Profiles\fm6y07nj.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1972 octets] - [21/01/2013 23:38:58]

########## EOF - C:\AdwCleaner[S1].txt - [2032 octets] ##########




I am now going to run RogueKiller.
  • 0

#5
haytil
Posted 21 January 2013 - 11:48 PM

haytil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is the results of running "RogueKiller":

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Zaid [Admin rights]
Mode : Remove -- Date : 01/21/2013 23:46:58

¤¤¤ Bad processes : 1 ¤¤¤
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : nvHotkey.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9120822AS +++++
--- User ---
[MBR] 2923e83d417b995c6346f1e3dd359946
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 86 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 176715 | Size: 111827 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 229199355 | Size: 2557 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01212013_02d2346.txt >>
RKreport[1]_S_01212013_02d2346.txt ; RKreport[2]_D_01212013_02d2346.txt



I have now performed the three steps as requested. However, the symptoms still remain: www.google.com still does not open in my browser.
  • 0

#6
gringo_pr
Posted 22 January 2013 - 01:51 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
haytil
Posted 22 January 2013 - 02:37 AM

haytil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran "combofix" and everything seemed to run fine. I don't believe the computer restarted, but the program ran without any apparent problems and a log file was generated.

This is the log file:

ComboFix 13-01-21.04 - Zaid 01/22/2013 2:23.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1544 [GMT -6:00]
Running from: c:\documents and settings\Zaid\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Zaid\GoToAssistDownloadHelper.exe
c:\documents and settings\Zaid\Local Settings\Temporary Internet Files\8Ax4B.jpg
c:\documents and settings\Zaid\Local Settings\Temporary Internet Files\j0Am1.jpg
c:\documents and settings\Zaid\Local Settings\Temporary Internet Files\N0B81o5A0.jpg
c:\documents and settings\Zaid\Local Settings\Temporary Internet Files\onxX7N3.jpg
c:\documents and settings\Zaid\My Documents\~WRL0004.tmp
c:\documents and settings\Zaid\My Documents\~WRL0498.tmp
c:\documents and settings\Zaid\My Documents\~WRL1616.tmp
c:\documents and settings\Zaid\My Documents\~WRL1793.tmp
c:\documents and settings\Zaid\My Documents\~WRL3622.tmp
c:\documents and settings\Zaid\PB2DEMO.EXE
c:\documents and settings\Zaid\WINDOWS
C:\install.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))
.
.
2013-01-22 04:38 . 2013-01-22 04:38 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 04:38 . 2012-05-16 04:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-22 04:38 . 2011-05-26 05:49 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- c:\program files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll" [2009-06-02 2695168]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll" [2009-06-02 2695168]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Zaid\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Zaid\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Zaid\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ShStatEXE"="c:\mcafee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\mcafee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="NvMCTray.dll" [2009-11-21 110184]
"Adobe Reader Speed Launcher"="c:\adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Zaid\Start Menu\Programs\Startup\AutorunsDisabled
YouTube Uploader.lnk - c:\documents and settings\Zaid\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-12-20 20:37 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 21:32 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 20:53 141608 ----a-w- c:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 22:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\AIM95\\aim.exe"=
"c:\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Veoh\\VeohClient.exe"=
"c:\\Firefox\\firefox.exe"=
"c:\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Mathematica 7.0\\Mathematica.exe"=
"c:\\Mathematica 7.0\\MathKernel.exe"=
"c:\\Mathematica 7.0\\math.exe"=
"c:\\DXSDK\\Bin\\DXUtils\\D3DSpy.exe"=
"c:\\Documents and Settings\\Zaid\\My Documents\\Visual Studio 2005\\Projects\\TestFull\\TestFull\\TestFull.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Zaid\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Steam\\Steam.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/8/2007 5:15 PM 685816]
S2 ioperm;ioperm support for Cygwin driver;\??\c:\usr\bin\ioperm.sys --> c:\usr\bin\ioperm.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\logmein\x86\RaInfo.sys --> c:\logmein\x86\RaInfo.sys [?]
S3 jgameenp;jgameenp;\??\c:\docume~1\Zaid\LOCALS~1\Temp\jgameenp.sys --> c:\docume~1\Zaid\LOCALS~1\Temp\jgameenp.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 04:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071106
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Zaid\Application Data\Mozilla\Firefox\Profiles\fm6y07nj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-LogMeIn GUI - c:\logmein\x86\LogMeInSystray.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Return of Arcade - c:\return of arcade\setup\setup.exe
AddRemove-WinGimp-2.0_is1 - c:\gimp-2.0\setup\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\divx\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-22 02:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2013-01-22 02:32:55
ComboFix-quarantined-files.txt 2013-01-22 08:32
ComboFix2.txt 2010-02-15 15:37
.
Pre-Run: 18,467,495,936 bytes free
Post-Run: 23,148,707,840 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 51C9E58A212877E96258F3E0CA5F36DC




The computer still suffers from the same symptoms - I cannot access google.com from Firefox or Internet Explorer, nor can I use google from the search bar.
  • 0

#8
gringo_pr
Posted 22 January 2013 - 11:51 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#9
haytil
Posted 22 January 2013 - 12:26 PM

haytil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is the results of running "OTL" with the settings you requested:

OTL logfile created on: 1/22/2013 12:02:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Zaid\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.29% Memory free
3.85 Gb Paging File | 3.22 Gb Available in Paging File | 83.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 21.43 Gb Free Space | 19.62% Space Free | Partition Type: NTFS

Computer Name: ROUTERV | User Name: Zaid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Zaid\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\SoftwareDistribution\Download\eefa014207b7b4796362cf0ca0ff56a9\update\update.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)


========== Modules (No Company Name) ==========

MOD - C:\Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\McAfee\VirusScan Enterprise\VsEvntUI.DLL ()
MOD - C:\McAfee\Common Framework\naXML71.dll ()
MOD - C:\McAfee\Common Framework\naisign.dll ()


========== Services (SafeList) ==========

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (McShield) -- C:\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRVW245) -- system32\DRIVERS\MRVW245.sys File not found
DRV - (LMIInfo) -- C:\LogMeIn\x86\RaInfo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (jgameenp) -- C:\DOCUME~1\Zaid\LOCALS~1\Temp\jgameenp.sys File not found
DRV - (ioperm) -- C:\usr\bin\ioperm.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Zaid\LOCALS~1\Temp\catchme.sys File not found
DRV - (awnv2hbq) -- File not found
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (ACPI) -- C:\WINDOWS\system32\drivers\acpi.sys ()
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (DXEC02) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071106
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071106
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071106
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071106
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\..\SearchScopes,DefaultScope = {833E99C5-7FBC-4223-BBDB-889F1197012C}
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\..\SearchScopes\{833E99C5-7FBC-4223-BBDB-889F1197012C}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=2: C:\Documents and Settings\Zaid\Local Settings\Application Data\Google\Update\1.2.121.9\npGoogleOneClick.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Firefox\components [2013/01/21 23:43:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Firefox\plugins [2012/09/29 00:35:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Veoh\Plugins\noreg\VideoFinder4 [2008/05/15 00:37:24 | 000,000,000 | ---D | M]

[2008/08/06 00:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zaid\Application Data\Mozilla\Extensions
[2012/12/02 20:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zaid\Application Data\Mozilla\Firefox\Profiles\fm6y07nj.default\extensions
[2010/04/27 07:54:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Zaid\Application Data\Mozilla\Firefox\Profiles\fm6y07nj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/20 09:21:16 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Zaid\Application Data\Mozilla\Firefox\Profiles\fm6y07nj.default\extensions\[email protected]

O1 HOSTS File: ([2013/01/22 02:30:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll ()
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Zaid\Start Menu\Programs\Startup\AutorunsDisabled [2008/09/04 12:27:54 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1193609137-2379920324-2453101854-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.h...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1354518980703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70FA97BF-F9BD-41AC-A372-B8F109EB0ED7}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 12:06:54 | 000,000,000 | ---D | C] -- C:\71e85754e4d9e333e470
[2013/01/22 12:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/01/22 12:01:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zaid\Desktop\OTL(1).exe
[2013/01/22 02:47:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/22 02:18:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/22 02:06:34 | 005,025,054 | R--- | C] (Swearware) -- C:\Documents and Settings\Zaid\Desktop\ComboFix.exe
[2013/01/21 23:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zaid\Desktop\RK_Quarantine
[2013/01/21 22:38:05 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/01/21 21:17:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zaid\Desktop\OTL.exe
[2009/10/16 07:28:23 | 000,143,388 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Zaid\DSOUND.DLL
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/22 12:01:39 | 000,445,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/22 12:01:39 | 000,073,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/22 12:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zaid\Desktop\OTL(1).exe
[2013/01/22 12:00:29 | 000,302,952 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/22 02:54:19 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/01/22 02:53:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/22 02:53:55 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/22 02:30:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/22 02:18:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/01/22 02:08:29 | 005,025,054 | R--- | M] (Swearware) -- C:\Documents and Settings\Zaid\Desktop\ComboFix.exe
[2013/01/22 01:29:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/21 23:34:55 | 000,766,464 | ---- | M] () -- C:\Documents and Settings\Zaid\Desktop\RogueKiller.exe
[2013/01/21 23:34:06 | 000,574,315 | ---- | M] () -- C:\Documents and Settings\Zaid\Desktop\adwcleaner.exe
[2013/01/21 23:33:39 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Zaid\Desktop\SecurityCheck.exe
[2013/01/21 22:38:09 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/21 22:38:09 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/21 22:38:06 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/01/21 21:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zaid\Desktop\OTL.exe
[2013/01/21 21:07:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/21 23:34:13 | 000,766,464 | ---- | C] () -- C:\Documents and Settings\Zaid\Desktop\RogueKiller.exe
[2013/01/21 23:33:49 | 000,574,315 | ---- | C] () -- C:\Documents and Settings\Zaid\Desktop\adwcleaner.exe
[2013/01/21 23:33:14 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Zaid\Desktop\SecurityCheck.exe
[2012/02/25 21:27:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/15 13:04:19 | 000,000,597 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/06/01 05:48:37 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Zaid\.appletviewer
[2010/03/07 20:50:30 | 000,012,000 | -HS- | C] () -- C:\Documents and Settings\Zaid\Local Settings\Application Data\ksY41JP0et2Ke
[2010/02/22 17:23:55 | 000,014,370 | -HS- | C] () -- C:\Documents and Settings\Zaid\Local Settings\Application Data\e1wnOl
[2010/02/14 02:49:07 | 000,001,490 | ---- | C] () -- C:\Documents and Settings\Zaid\.recently-used.xbel
[2009/10/23 12:01:11 | 000,027,488 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.inc
[2009/10/16 07:28:23 | 004,347,972 | ---- | C] () -- C:\Documents and Settings\Zaid\RESOURCE.001
[2009/10/16 07:28:23 | 000,040,425 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1000.MID
[2009/10/16 07:28:23 | 000,025,462 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1008.MID
[2009/10/16 07:28:23 | 000,025,354 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1005.MID
[2009/10/16 07:28:23 | 000,024,744 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1004.MID
[2009/10/16 07:28:23 | 000,019,978 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1003.MID
[2009/10/16 07:28:23 | 000,018,257 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1001.MID
[2009/10/16 07:28:23 | 000,018,114 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1009.MID
[2009/10/16 07:28:23 | 000,017,173 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1006.MID
[2009/10/16 07:28:23 | 000,014,485 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1002.MID
[2009/10/16 07:28:23 | 000,012,783 | ---- | C] () -- C:\Documents and Settings\Zaid\SX_1007.MID
[2009/10/16 07:28:23 | 000,002,552 | ---- | C] () -- C:\Documents and Settings\Zaid\DSOUND.INI
[2009/10/16 07:28:23 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\Zaid\README.WRI
[2009/10/16 07:28:23 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Zaid\RESOURCE.MAP
[2009/04/28 00:20:39 | 000,008,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mwmmgr.inc
[2008/06/28 18:44:28 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\Zaid\Application Data\wklnhst.dat
[2008/04/12 14:52:14 | 000,007,169 | ---- | C] () -- C:\Documents and Settings\Zaid\.root_hist
[2008/02/04 02:17:40 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Zaid\Application Data\PodUtil Preferences
[2008/01/21 16:05:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zaid\.gtk-bookmarks
[2007/11/25 08:00:57 | 000,002,161 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/10 16:26:43 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Zaid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/08 17:21:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Zaid\PUTTY.RND

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#10
gringo_pr
Posted 22 January 2013 - 01:38 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

#11
haytil
Posted 22 January 2013 - 02:48 PM

haytil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran "MiniToolBox." There is no option to check "List last 10 Event Viewer log," however there is an option to check "List last 10 Event Viewer Errors," so I checked that. These are the results:

MiniToolBox by Farbar Version:10-01-2013
Ran by Zaid (administrator) on 22-01-2013 at 14:46:59
Running from "C:\Documents and Settings\Zaid\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1505 Draft 802.11n WLAN Mini-Card = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)
Bluetooth LAN Access Server Driver = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ROUTERV

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-1D-09-C4-9C-0E



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLAN Mini-Card

Physical Address. . . . . . . . . : 00-1C-26-C8-3B-0E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Tuesday, January 22, 2013 2:25:00 PM

Lease Expires . . . . . . . . . . : Wednesday, January 23, 2013 2:25:00 PM



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-1C-26-DD-E9-DB

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 87.125.87.103, 87.125.87.103, 87.125.87.103, 87.125.87.103
87.125.87.103, 87.125.87.103, 87.125.87.103, 87.125.87.103, 87.125.87.103
87.125.87.103, 87.125.87.103



Pinging google.com [87.125.87.103] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 87.125.87.103:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=229ms TTL=48

Reply from 206.190.36.45: bytes=32 time=118ms TTL=48



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 118ms, Maximum = 229ms, Average = 173ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 c4 9c 0e ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 1c 26 c8 3b 0e ...... Dell Wireless 1505 Draft 802.11n WLAN Mini-Card - Packet Scheduler Miniport
0x10005 ...00 1c 26 dd e9 db ...... Bluetooth LAN Access Server Driver - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.102 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 25
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 25
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 25
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
255.255.255.255 255.255.255.255 192.168.1.102 2 1
255.255.255.255 255.255.255.255 192.168.1.102 10005 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/22/2013 00:55:13 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.7680

Error: (01/22/2013 00:55:12 PM) (Source: MsiInstaller) (User: ROUTERV)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Zaid\LOCALS~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (01/22/2013 00:55:11 PM) (Source: MsiInstaller) (User: ROUTERV)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (01/22/2013 00:50:58 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.7680

Error: (01/22/2013 00:50:58 PM) (Source: MsiInstaller) (User: ROUTERV)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Zaid\LOCALS~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (01/22/2013 00:50:57 PM) (Source: MsiInstaller) (User: ROUTERV)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (01/22/2013 00:15:42 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.7680

Error: (01/22/2013 00:15:40 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (01/22/2013 00:15:39 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (01/21/2013 11:55:21 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (01/22/2013 00:55:34 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error: (01/22/2013 00:51:04 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error: (01/22/2013 00:34:25 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (01/22/2013 00:32:15 PM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service failed to start due to the following error:
%%2

Error: (01/22/2013 00:32:15 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (01/22/2013 00:32:15 PM) (Source: Service Control Manager) (User: )
Description: The ioperm support for Cygwin driver service failed to start due to the following error:
%%3

Error: (01/22/2013 00:15:48 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error: (01/22/2013 02:54:13 AM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service failed to start due to the following error:
%%2

Error: (01/22/2013 02:54:13 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (01/22/2013 02:54:13 AM) (Source: Service Control Manager) (User: )
Description: The ioperm support for Cygwin driver service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (03/31/2010 09:18:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 1.8.2)
µTorrent (Version: 3.1.3)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
AOL Instant Messenger (SM)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
Audacity 1.2.6
Bonjour (Version: 2.0.2.0)
Broadcom Management Programs (Version: 10.15.03)
Browser Address Error Redirector (Version: 1.00.0000)
Canon MP Navigator EX 1.0
Canon MP470 series
Canon My Printer
CDisplay 1.8
CGoban 3
Conexant HDA D330 MDC V.92 Modem
CSDiff (Version: 5.0)
Defraggler (Version: 1.21)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Touchpad (Version: 9.1.18.6)
Dell Wireless WLAN Card (Version: 4.100.15.8)
DellSupport (Version: 6.0.3075)
Digital Line Detect (Version: 1.21)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 1.0.2.23)
DivX Version Checker (Version: 7.1.0.9)
Dropbox (Version: 0.7.110)
FileOpen Client Installer (Version: 3.0.6.878)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
Folder Size for Windows (Version: 2.4)
Fraps
Free WMA to MP3 Converter 1.16
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HijackThis 2.0.2 (Version: 2.0.2)
Igneous
ImgBurn (Version: 2.4.1.0)
IntelliSonic Speech Enhancement (Version: 2.1.37)
iTunes (Version: 9.2.1.5)
Jasc Paint Shop Pro 8 (Version: 8.00.0000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Lizardtech DjVu Control
Malwarebytes' Anti-Malware
Managed DirectX (0900) (Version: 4.09.00.0900)
McAfee VirusScan Enterprise (Version: 8.6.0)
MediaDirect (Version: 4.7)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Automated Troubleshooting Services Shim
Microsoft DirectX 9.0 SDK (Version: 9.00.0900)
Microsoft DirectX SDK (June 2010) (Version: 9.29.1962.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Managed DirectX (1126) (Version: 9.00.1126)
Microsoft MSDN 2005 Express Edition - ENU
Microsoft MSDN 2005 Express Edition - ENU (Version: 1.16.50727.42)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Platform SDK (R2) (3790.2075) (Version: 5.2.3790.2075)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Express Edition - ENU (Version: 8.0.50728)
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748) (Version: 1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 08.05.0818)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MiKTeX 2.7 (Version: 2.7)
Modem Diagnostic Tool (Version: 1.0.20.0)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MS Access 97 SP2
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
NetWaiting (Version: 2.5.44)
Norton Security Scan (Version: 1.4.0)
NVIDIA Drivers (Version: 1.10)
NVIDIA GAME System Software 2.8.1 (Version: 2.8.1)
NVIDIA nView Desktop Manager (Version: 6.14.10.00)
NVIDIA PhysX (Version: 9.09.0814)
OpenAL
Opti Drive Control 1.48
OutlookAddinSetup (Version: 1.0.0)
PDF Settings (Version: 1.0)
Pinnacle Instant DVD Recorder (Version: 2.5.0.092)
PowerDVD 5.5
PrimoPDF (Version: 3.1)
PrimoPDF Redistribution Package (Version: 1.0.0.0)
Project64 1.6 (Version: 1.6)
Python 2.7.1 (Version: 2.7.1150)
QFolder (Version: 1.00.0000)
QuickSet (Version: 8.1.12)
QuickTime (Version: 7.66.73.0)
RAD Video Tools
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
SDFormatter
SearchAssist
SimCity 3000 Unlimited
SnagIt 8 (Version: 8.2.3)
Sonic Activation Module (Version: 1.0)
Startup Manager 2.4.2 (Version: 2.4.2)
Steam (Version: 1.0.0.0)
STOP-IT
System Requirements Lab
TBS WMP Plug-in (Version: 1.00.676)
Team Fortress 2
Unity Web Player (Version: 2.5.0f5_21627)
Unlocker 1.8.8 (Version: 1.8.8)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VeohTV BETA (Version: 3.9.1)
VLC media player 2.0.2 (Version: 2.0.2)
WAV to MP3 Encoder (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.1.0.3400)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinMerge 2.12.4 (Version: 2.12.4)
WinRAR archiver
WinSCP 4.0.5 (Version: 4.0.5)
Wolfram Mathematica 7 for Students (M-WIN-G 7.0.1 1213989) (Version: 7.0.1)
Wolfram Notebook Indexer 2.0 (Version: 2.18.34059)
Xvid Video Codec (Version: 1.3.1)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2045.97 MB
Available physical RAM: 1392.93 MB
Total Pagefile: 3937.71 MB
Available Pagefile: 3475.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.6 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:109.21 GB) (Free:20.86 GB) NTFS

========================= Users: ========================================

User accounts for \\ROUTERV

Administrator Guest HelpAssistant
SUPPORT_388945a0 Zaid

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini021010-01.dmp
C:\WINDOWS\Minidump\Mini092010-01.dmp
C:\WINDOWS\Minidump\Mini092010-02.dmp
C:\WINDOWS\Minidump\Mini092010-03.dmp
C:\WINDOWS\Minidump\Mini092110-01.dmp
C:\WINDOWS\Minidump\Mini092309-01.dmp
C:\WINDOWS\Minidump\Mini092509-01.dmp
C:\WINDOWS\Minidump\Mini100110-01.dmp
C:\WINDOWS\Minidump\Mini100110-02.dmp
C:\WINDOWS\Minidump\Mini121209-01.dmp
C:\WINDOWS\Minidump\Mini123109-01.dmp

**** End of log ****
  • 0

#12
haytil
Posted 28 January 2013 - 04:07 AM

haytil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Finally found a solution online. Downloaded and ran a program called "Winsockfixe.exe" and everything seems to work fine now.

Thanks anyway.
  • 0

#13
gringo_pr
Posted 29 January 2013 - 02:19 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
thank you for letting me know
  • 0

#14
gringo_pr
Posted 01 February 2013 - 09:06 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP