Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirects Issue [Closed]

Started by John Foot , Oct 28 2013 07:46 AM

This topic is locked

#1
John Foot

Posted 28 October 2013 - 07:46 AM

Member

Member
22 posts

I am experiencing the google redirects issue. Also, clicking on a link from a website (not a google search) causes the webpage to be "recovered". Below is the OTL Log:

OTL logfile created on: 10/28/2013 9:31:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\weaverr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.06% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 78.95 Gb Free Space | 53.00% Space Free | Partition Type: NTFS

Computer Name: D95KH0G1 | User Name: weaverr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/28 09:28:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\weaverr\Desktop\OTL.exe
PRC - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/08/12 10:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/12/10 10:15:26 | 000,116,608 | ---- | M] (Algorithmic Research Ltd.) -- C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
PRC - [2010/04/08 16:07:26 | 000,972,120 | ---- | M] (GTCO CalComp, Inc.) -- C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe
PRC - [2009/05/29 15:19:52 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/03 10:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2007/12/03 10:03:54 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/10/09 08:09:06 | 000,100,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/26 19:03:44 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/29 22:37:20 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/29 22:35:42 | 001,396,820 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/12 13:21:40 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2200dad0\mscorlib.dll
MOD - [2013/07/12 13:21:39 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7009d05c\system.drawing.dll
MOD - [2013/07/12 13:21:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cd703cc9\system.xml.dll
MOD - [2013/07/12 13:21:26 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_09098dc4\system.windows.forms.dll
MOD - [2013/07/12 13:21:16 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_99dee2ec\system.dll
MOD - [2013/07/12 13:21:06 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/07/12 13:21:06 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/07/12 13:21:05 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/07/12 13:21:04 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2013/02/07 09:10:40 | 000,865,632 | ---- | M] () -- C:\Program Files\ARX\ARX CoSign Client\ProxyLogon.dll
MOD - [2013/02/07 09:10:38 | 000,123,232 | ---- | M] () -- C:\WINDOWS\system32\ArMonitor.dll
MOD - [2013/02/07 09:10:12 | 001,912,160 | ---- | M] () -- C:\Program Files\ARX\ARX CoSign Client\cosign.dll
MOD - [2011/08/30 12:55:00 | 002,469,888 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/01/19 16:22:04 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\DWFPortMon3.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2004/08/11 18:23:24 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2004/08/11 18:23:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/11 18:23:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2002/05/03 16:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe Start=service -- (GoToMyPC)
SRV - [2013/10/09 10:09:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/07/01 08:32:36 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2012/12/10 10:15:26 | 000,116,608 | ---- | M] (Algorithmic Research Ltd.) [Auto | Running] -- C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe -- (ARcltsrv)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/05 16:55:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/29 15:19:52 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2008/04/22 13:44:42 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/12/03 10:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/06/20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\weaverr\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/10/28 09:18:53 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62B29390-7769-4EA0-9D85-F5177FC2E552}\MpKsl9cc8f048.sys -- (MpKsl9cc8f048)
DRV - [2009/07/02 14:42:14 | 000,025,728 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/06/12 20:07:44 | 000,020,742 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2009/05/13 09:56:28 | 000,034,080 | ---- | M] (Glance Networks, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\glancedrv.sys -- (glancedrv)
DRV - [2008/03/27 18:50:00 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/10/09 08:09:02 | 000,032,280 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/10/09 08:09:00 | 000,032,152 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/10/07 16:29:16 | 002,455,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/24 20:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/07/25 21:55:36 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/07/23 15:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/06/20 14:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/12/03 23:33:00 | 000,863,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/12/03 23:33:00 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/12/03 23:33:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/12/03 23:33:00 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/03 23:33:00 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/12/03 23:33:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080405
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080405
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = http://slirsredirect...hromesbox-en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@glance.net/GlanceClient: C:\Program Files\Glance26\npglance.dll (Glance Networks, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\weaverr\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\weaverr\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\weaverr\Application Data\Move Networks [2010/03/11 13:52:07 | 000,000,000 | ---D | M]

[2010/07/16 09:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\weaverr\Application Data\Mozilla\Extensions
[2013/10/23 12:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\extensions
[2010/07/22 12:04:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/06 16:14:00 | 000,000,000 | ---D | M] (VyprÃ¡zdnit vyrovnÃ¡vacÃ pamÄ›Å¥) -- C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/08/09 08:24:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/03/29 12:52:00 | 000,005,341 | ---- | M] () (No name found) -- C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\extensions\[email protected]
[2010/08/24 09:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 15:27:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/03/11 13:52:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\WEAVERR\APPLICATION DATA\MOVE NETWORKS
[2010/05/12 12:59:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2013/10/28 09:11:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll (IBM Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Autodesk DWF) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll (Autodesk, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TabletWorks] C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe (GTCO CalComp, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Apple] C:\Documents and Settings\weaverr\Local Settings\Application Data\Symantec\Apple\jacg.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.co...ic/SimCityX.cab (SimCityX Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} http://simcity.ea.co...yScapeTeleX.cab (MaxisSimCityScapeTeleX Control)
O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} http://aolsvc.aol.co...nger2Loader.cab (AstroAvengerLoader Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.20.5 10.3.20.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.wthumphrey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78FA3B40-C9B3-4DB0-ACF9-F2CF1455EBA5}: DhcpNameServer = 10.3.20.5 10.3.20.6
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL (Logitech Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\weaverr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/05 16:26:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/28 09:28:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\weaverr\Desktop\OTL.exe
[2013/10/28 09:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaverr\Desktop\tdsskiller1
[2013/10/28 09:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaverr\Desktop\GooredFix Backups
[2013/10/28 09:11:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/10/28 09:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaverr\Desktop\erunt
[2013/10/28 09:08:28 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\weaverr\Desktop\GooredFix.exe
[2013/10/28 09:07:54 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\weaverr\Desktop\OTM.exe
[2013/10/23 12:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaverr\Local Settings\Application Data\Citrix

========== Files - Modified Within 30 Days ==========

[2013/10/28 09:28:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\weaverr\Desktop\OTL.exe
[2013/10/28 09:23:06 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/10/28 09:22:45 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\weaverr\Desktop\Microsoft Office Outlook 2007.lnk
[2013/10/28 09:13:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/28 09:12:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/28 09:12:55 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/28 09:11:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/10/28 09:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/28 09:08:28 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\weaverr\Desktop\GooredFix.exe
[2013/10/28 09:08:00 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\weaverr\Desktop\OTM.exe
[2013/10/28 07:59:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 11:37:10 | 000,014,449 | ---- | M] () -- C:\Documents and Settings\weaverr\Desktop\CRTC PCO #1.pdf
[2013/10/25 10:23:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/10/24 16:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/24 09:40:41 | 000,049,997 | ---- | M] () -- C:\Documents and Settings\weaverr\Desktop\Action Insulation INSURANCE CERTIFICATE.pdf
[2013/10/24 09:40:21 | 000,630,749 | ---- | M] () -- C:\Documents and Settings\weaverr\Desktop\Action Insulation - AUTO INSURANCE COI.pdf
[2013/10/10 17:00:35 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/10/10 13:23:21 | 000,726,624 | ---- | M] () -- C:\Documents and Settings\weaverr\Local Settings\Application Data\dfl29z32.dll
[2013/10/10 07:58:36 | 000,360,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/10 07:43:15 | 000,528,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/10 07:43:15 | 000,097,078 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/10 07:40:18 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/09 10:09:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/09 10:09:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/10/25 11:37:10 | 000,014,449 | ---- | C] () -- C:\Documents and Settings\weaverr\Desktop\CRTC PCO #1.pdf
[2013/10/24 09:40:41 | 000,049,997 | ---- | C] () -- C:\Documents and Settings\weaverr\Desktop\Action Insulation INSURANCE CERTIFICATE.pdf
[2013/10/24 09:40:21 | 000,630,749 | ---- | C] () -- C:\Documents and Settings\weaverr\Desktop\Action Insulation - AUTO INSURANCE COI.pdf
[2013/10/11 07:50:16 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/10/10 13:00:49 | 000,726,624 | ---- | C] () -- C:\Documents and Settings\weaverr\Local Settings\Application Data\dfl29z32.dll
[2013/09/05 09:56:42 | 000,123,232 | ---- | C] () -- C:\WINDOWS\System32\ArMonitor.dll
[2012/08/03 13:31:47 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\weaverr\[email protected]
[2012/03/20 15:46:57 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\weaverr\g2mdlhlpx.exe
[2012/03/02 04:20:47 | 000,685,582 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-962565915-4008928493-2011925414-1438-0.dat
[2012/02/15 10:55:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/15 10:55:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/15 10:55:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/15 10:55:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/15 10:55:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/15 08:46:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/23 14:00:12 | 000,340,046 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/15 21:10:00 | 007,292,795 | ---- | C] () -- C:\Documents and Settings\weaverr\gyb.exe
[2010/12/14 12:50:57 | 000,002,968 | ---- | C] () -- C:\Documents and Settings\weaverr\.recently-used.xbel
[2010/05/11 13:30:12 | 000,038,476 | ---- | C] () -- C:\Documents and Settings\weaverr\Application Data\Comma Separated Values (Windows).ADR
[2009/11/17 09:28:55 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\weaverr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 09:59:20 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\weaverr\Local Settings\Application Data\fusioncache.dat
[2008/04/21 16:27:44 | 000,002,412 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#2
John Foot

Posted 28 October 2013 - 10:17 AM

Member

Topic Starter
Member
22 posts

Forgot to mention I have already completed the steps listed on the post "how to fix google redirects", and this was unsuccessful in resolving the redirect issue.

#3
Phel

Posted 28 October 2013 - 11:39 AM

Trusted Helper

Malware Removal
1,386 posts

Hello, John Foot and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer.
Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
Finally, enjoy the fight!

Okay, let's start. I suspect that you are infected with ZeroAccess rootkit, which could be the cause of redirects. That's why I need to run another tool. So, please, follow these steps:

Download Farbar Recovery Scan Tool x32 here to your Desktop.
When completed, launch the downloaded file.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop. Please copy and paste it to your reply.

#4
John Foot

Posted 28 October 2013 - 12:21 PM

Member

Topic Starter
Member
22 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by weaverr (administrator) on D95KH0G1 on 28-10-2013 14:19:55
Running from C:\Documents and Settings\weaverr\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\arcltsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\crypserv.exe
(Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(GTCO CalComp, Inc.) C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Logitech Inc.) C:\Program Files\SetPoint\SetPoint.exe
(Broadcom Corporation.) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe [100888 2007-10-09] (Logitech Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-07-26] (Intel Corporation)
HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-09-25] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\WINDOWS\KHALMNPR.Exe [100888 2007-10-09] (Logitech Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TabletWorks] - C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe [972120 2010-04-08] (GTCO CalComp, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL (Logitech Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Apple] - rundll32 "C:\Documents and Settings\weaverr\Local Settings\Application Data\Symantec\Apple\jacg.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - {40439b93-f815-4122-8073-d03bed94c303} URL = http://slirsredirect...hromesbox-en-us
SearchScopes: HKCU - {40439b93-f815-4122-8073-d03bed94c303} URL = http://slirsredirect...hromesbox-en-us
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll (IBM Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll (Autodesk, Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.co...ic/SimCityX.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} http://simcity.ea.co...yScapeTeleX.cab
DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} http://aolsvc.aol.co...nger2Loader.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...bex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.3.20.5 10.3.20.6

FireFox:
========
FF ProfilePath: C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @glance.net/GlanceClient - C:\Program Files\Glance26\npglance.dll (Glance Networks, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\weaverr\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\weaverr\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Clear Cache Button - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF Extension: Adblock Plus - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: ssbmnfvuqd - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\[email protected]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\weaverr\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\weaverr\Application Data\Move Networks

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ARcltsrv; C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe [116608 2012-12-10] (Algorithmic Research Ltd.)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79168 2007-06-20] (Broadcom Corporation)
R2 Crypkey License; C:\Windows\System32\crypserv.exe [126976 2009-05-29] (CrypKey (Canada) Ltd.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-12-05] (Flexera Software, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.)
R2 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [110592 2007-12-03] (Logitech Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" Start=service [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-25] (Broadcom Corporation)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2007-06-20] (Broadcom Corporation)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [329901 2006-12-03] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30459 2006-12-03] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [863402 2006-12-03] (Broadcom Corporation.)
R3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [149123 2006-12-03] (Broadcom Corporation.)
R3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [47907 2006-12-03] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [67672 2006-12-03] (Broadcom Corporation.)
R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl9cc8f048; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62B29390-7769-4EA0-9D85-F5177FC2E552}\MpKsl9cc8f048.sys [40392 2013-10-28] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [20742 2009-06-12] ()
R3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)
R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)
S3 catchme; \??\C:\DOCUME~1\weaverr\LOCALS~1\Temp\catchme.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-28 14:19 - 2013-10-28 14:19 - 01089183 _____ (Farbar) C:\Documents and Settings\weaverr\Desktop\FRST.exe
2013-10-28 14:19 - 2013-10-28 14:19 - 00000000 ____D C:\FRST
2013-10-28 09:39 - 2013-10-28 09:39 - 00050088 _____ C:\Documents and Settings\weaverr\Desktop\Extras.Txt
2013-10-28 09:38 - 2013-10-28 09:38 - 00075730 _____ C:\Documents and Settings\weaverr\Desktop\OTL.Txt
2013-10-28 09:28 - 2013-10-28 09:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\weaverr\Desktop\OTL.exe
2013-10-28 09:18 - 2013-10-28 09:18 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\tdsskiller1
2013-10-28 09:16 - 2013-10-28 09:19 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\GooredFix Backups
2013-10-28 09:11 - 2013-10-28 09:11 - 00000000 ____D C:\_OTM
2013-10-28 09:09 - 2013-10-28 09:09 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\erunt
2013-10-28 09:08 - 2013-10-28 09:08 - 00071398 _____ (jpshortstuff) C:\Documents and Settings\weaverr\Desktop\GooredFix.exe
2013-10-28 09:07 - 2013-10-28 09:08 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\weaverr\Desktop\OTM.exe
2013-10-23 12:52 - 2013-10-28 08:24 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Citrix
2013-10-21 07:36 - 2013-10-21 08:09 - 00011928 _____ C:\Documents and Settings\weaverr\My Documents\Hampton - LEED Total Material Costs.xlsx
2013-10-11 07:50 - 2013-10-28 09:23 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-10 13:04 - 2013-10-10 13:04 - 00000003 _____ C:\Documents and Settings\weaverr\Local Settings\Application Data\aaceeffc29.nls
2013-10-10 13:00 - 2013-10-10 13:23 - 00726624 _____ C:\Documents and Settings\weaverr\Local Settings\Application Data\dfl29z32.dll
2013-10-10 07:41 - 2013-10-10 07:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 07:40 - 2013-10-10 07:40 - 00128873 _____ C:\WINDOWS\KB2862335.log
2013-10-10 07:40 - 2013-10-10 07:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 07:32 - 2013-10-10 07:32 - 00010484 _____ C:\WINDOWS\KB2868038.log
2013-10-10 07:32 - 2013-10-10 07:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 07:31 - 2013-10-10 07:31 - 00011134 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-10 07:31 - 2013-10-10 07:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 07:30 - 2013-10-10 07:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 07:43 - 2013-10-10 07:41 - 00132232 _____ C:\WINDOWS\KB2847311.log

==================== One Month Modified Files and Folders =======

2013-10-28 14:19 - 2013-10-28 14:19 - 01089183 _____ (Farbar) C:\Documents and Settings\weaverr\Desktop\FRST.exe
2013-10-28 14:19 - 2013-10-28 14:19 - 00000000 ____D C:\FRST
2013-10-28 14:09 - 2012-05-01 16:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-28 14:07 - 2008-04-21 16:26 - 00000152 _____ C:\WINDOWS\system32\config\netlogon.ftl
2013-10-28 10:23 - 2009-02-05 08:58 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2013-10-28 09:39 - 2013-10-28 09:39 - 00050088 _____ C:\Documents and Settings\weaverr\Desktop\Extras.Txt
2013-10-28 09:38 - 2013-10-28 09:38 - 00075730 _____ C:\Documents and Settings\weaverr\Desktop\OTL.Txt
2013-10-28 09:28 - 2013-10-28 09:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\weaverr\Desktop\OTL.exe
2013-10-28 09:23 - 2013-10-11 07:50 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-28 09:22 - 2009-08-19 09:41 - 00002521 _____ C:\Documents and Settings\weaverr\Desktop\Microsoft Office Outlook 2007.lnk
2013-10-28 09:19 - 2013-10-28 09:16 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\GooredFix Backups
2013-10-28 09:18 - 2013-10-28 09:18 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\tdsskiller1
2013-10-28 09:15 - 2004-08-11 18:13 - 01704911 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-28 09:13 - 2012-01-13 17:50 - 00037378 _____ C:\WINDOWS\error.log
2013-10-28 09:13 - 2009-10-30 08:36 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-10-28 09:13 - 2004-08-11 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-28 09:13 - 2004-08-11 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-28 09:12 - 2012-01-16 08:46 - 00036708 _____ C:\WINDOWS\errord.log
2013-10-28 09:12 - 2009-07-06 09:59 - 00000278 ___SH C:\Documents and Settings\weaverr\ntuser.ini
2013-10-28 09:12 - 2004-08-11 18:20 - 00032520 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-28 09:11 - 2013-10-28 09:11 - 00000000 ____D C:\_OTM
2013-10-28 09:10 - 2010-08-17 09:17 - 00000000 ____D C:\WINDOWS\ERDNT
2013-10-28 09:09 - 2013-10-28 09:09 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\erunt
2013-10-28 09:08 - 2013-10-28 09:08 - 00071398 _____ (jpshortstuff) C:\Documents and Settings\weaverr\Desktop\GooredFix.exe
2013-10-28 09:08 - 2013-10-28 09:07 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\weaverr\Desktop\OTM.exe
2013-10-28 08:24 - 2013-10-23 12:52 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Citrix
2013-10-28 08:24 - 2012-12-13 04:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842$
2013-10-28 08:00 - 2010-07-16 08:32 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-28 07:59 - 2012-02-15 11:07 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-28 07:59 - 2010-07-16 08:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-28 07:59 - 2004-08-11 18:02 - 00000000 ____D C:\WINDOWS\security
2013-10-25 16:54 - 2009-07-06 09:59 - 00000000 ____D C:\Documents and Settings\weaverr
2013-10-24 16:45 - 2008-09-19 11:20 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-23 12:52 - 2009-07-06 09:59 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Symantec
2013-10-21 08:09 - 2013-10-21 07:36 - 00011928 _____ C:\Documents and Settings\weaverr\My Documents\Hampton - LEED Total Material Costs.xlsx
2013-10-15 08:57 - 2004-08-11 18:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-11 16:59 - 2008-04-04 22:44 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-10-10 17:00 - 2013-02-20 10:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-10-10 17:00 - 2013-02-20 10:19 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-10 17:00 - 2013-02-20 10:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-10 14:22 - 2009-08-17 10:19 - 00000000 ____D C:\Program Files\Windows Desktop Search
2013-10-10 14:22 - 2008-09-19 10:51 - 00000000 ____D C:\Program Files\Winamp
2013-10-10 14:22 - 2004-08-11 18:11 - 00000000 ____D C:\Program Files\Windows NT
2013-10-10 14:21 - 2010-12-02 17:48 - 00000000 ____D C:\Program Files\QuickTime
2013-10-10 14:21 - 2008-04-04 22:40 - 00000000 ____D C:\Program Files\SetPoint
2013-10-10 14:18 - 2011-08-08 08:08 - 00000000 ____D C:\Program Files\PdaNet for Android
2013-10-10 14:18 - 2004-08-11 18:12 - 00000000 ____D C:\Program Files\Outlook Express
2013-10-10 14:18 - 2004-08-11 18:12 - 00000000 ____D C:\Program Files\NetMeeting
2013-10-10 14:17 - 2004-08-11 18:12 - 00000000 ____D C:\Program Files\Movie Maker
2013-10-10 14:16 - 2010-03-18 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 14:15 - 2004-08-11 18:11 - 00000000 ____D C:\Program Files\Messenger
2013-10-10 14:13 - 2010-12-02 18:00 - 00000000 ____D C:\Program Files\iTunes
2013-10-10 14:04 - 2011-04-18 14:17 - 00000000 ____D C:\Program Files\Glance26
2013-10-10 14:03 - 2008-04-04 22:44 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2013-10-10 14:00 - 2008-04-22 13:34 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-10-10 13:57 - 2008-05-05 09:33 - 00000000 ____D C:\Program Files\Builder System
2013-10-10 13:53 - 2008-04-22 13:39 - 00000000 ____D C:\Program Files\AutoCAD 2009
2013-10-10 13:46 - 2004-08-11 17:47 - 00000000 ____D C:\i386
2013-10-10 13:38 - 2004-08-11 18:53 - 00000000 ____D C:\dell
2013-10-10 13:33 - 2011-11-09 15:39 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai
2013-10-10 13:23 - 2013-10-10 13:00 - 00726624 _____ C:\Documents and Settings\weaverr\Local Settings\Application Data\dfl29z32.dll
2013-10-10 13:16 - 2004-08-11 18:12 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-10 13:16 - 2004-08-11 18:02 - 00000000 ____D C:\WINDOWS\system32\usmt
2013-10-10 13:04 - 2013-10-10 13:04 - 00000003 _____ C:\Documents and Settings\weaverr\Local Settings\Application Data\aaceeffc29.nls
2013-10-10 07:58 - 2004-08-11 18:06 - 00360136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-10 07:43 - 2009-08-17 10:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-10 07:43 - 2004-08-11 18:07 - 00618600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-10 07:41 - 2013-10-10 07:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 07:41 - 2013-10-09 07:43 - 00132232 _____ C:\WINDOWS\KB2847311.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00565772 _____ C:\WINDOWS\iis6.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00523491 _____ C:\WINDOWS\FaxSetup.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00251260 _____ C:\WINDOWS\ocgen.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00239785 _____ C:\WINDOWS\tsoc.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00173672 _____ C:\WINDOWS\comsetup.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00159830 _____ C:\WINDOWS\msmqinst.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00105294 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00092055 _____ C:\WINDOWS\netfxocm.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00048861 _____ C:\WINDOWS\updspapi.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00036125 _____ C:\WINDOWS\MedCtrOC.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00029070 _____ C:\WINDOWS\ocmsn.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00026435 _____ C:\WINDOWS\tabletoc.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00026265 _____ C:\WINDOWS\msgsocm.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-10 07:40 - 2013-10-10 07:40 - 00128873 _____ C:\WINDOWS\KB2862335.log
2013-10-10 07:40 - 2013-10-10 07:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 07:40 - 2012-04-23 08:06 - 00103186 _____ C:\WINDOWS\setupapi.log
2013-10-10 07:40 - 2012-01-19 08:42 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-10 07:37 - 2013-07-16 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-10 07:35 - 2008-04-22 13:24 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-10 07:34 - 2012-02-24 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-10 07:32 - 2013-10-10 07:32 - 00010484 _____ C:\WINDOWS\KB2868038.log
2013-10-10 07:32 - 2013-10-10 07:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 07:31 - 2013-10-10 07:31 - 00011134 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-10 07:31 - 2013-10-10 07:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 07:31 - 2009-12-08 09:37 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-10 07:30 - 2013-10-10 07:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 10:09 - 2012-05-01 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 10:09 - 2011-05-23 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-08 10:23 - 2013-07-30 10:11 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\PM Projects
2013-10-02 14:22 - 2013-05-14 15:00 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\Kip

Files to move or delete:
====================
ZeroAccess:
C:\Documents and Settings\weaverr\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Documents and Settings\watersj\gotomypc_437.exe
C:\Documents and Settings\weaverr\gyb.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

#5
Phel

Posted 28 October 2013 - 02:08 PM

Trusted Helper

Malware Removal
1,386 posts

Warning! Your computer is infected with Backdoor.

What is Backdoor?

Backdoor is malware, which allows another person to remotely control your computer, so this infection can execute files, download files from the internet or steal your data.

How can you deal with this infection?

We can clean this infection. However, we aren't sure, that you can trust your computer even after removal of this infection. So, there is only one way to completely remove this infection - format your hard drive and reinstall Windows.

Please, read info here to learn more, why you need to reinstall Windows.

So, If you decided to format hard drive and reinstall Windows, please, let me know about it. If you didn't, please, follow these steps:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select Copy, right-click in the open notepad and select Paste).

Save it on the flashdrive as fixlist.txt.

start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Apple] - rundll32 "C:\Documents and Settings\weaverr\Local Settings\Application Data\Symantec\Apple\jacg.dll",DllRegisterServer <===== ATTENTION
FF Extension: ssbmnfvuqd - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\[email protected]
2013-10-10 13:04 - 2013-10-10 13:04 - 00000003 _____ C:\Documents and Settings\weaverr\Local Settings\Application Data\aaceeffc29.nls
2013-10-10 13:00 - 2013-10-10 13:23 - 00726624 _____ C:\Documents and Settings\weaverr\Local Settings\Application Data\dfl29z32.dll
2013-10-23 12:52 - 2009-07-06 09:59 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Symantec
C:\Documents and Settings\weaverr\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.
After that run a new FRST scan and post new FRST.txt log.

So, please, don't forget to post in your next message:

FRST.txt
Fixlog.txt

#6
John Foot

Posted 29 October 2013 - 05:55 AM

Member

Topic Starter
Member
22 posts

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by weaverr (administrator) on D95KH0G1 on 29-10-2013 07:52:21
Running from C:\Documents and Settings\weaverr\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\arcltsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\crypserv.exe
(Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(GTCO CalComp, Inc.) C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Logitech Inc.) C:\Program Files\SetPoint\SetPoint.exe
(Broadcom Corporation.) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe [100888 2007-10-09] (Logitech Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-07-26] (Intel Corporation)
HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-09-25] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\WINDOWS\KHALMNPR.Exe [100888 2007-10-09] (Logitech Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TabletWorks] - C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe [972120 2010-04-08] (GTCO CalComp, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL (Logitech Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - {40439b93-f815-4122-8073-d03bed94c303} URL = http://slirsredirect...hromesbox-en-us
SearchScopes: HKCU - {40439b93-f815-4122-8073-d03bed94c303} URL = http://slirsredirect...hromesbox-en-us
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll (IBM Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll (Autodesk, Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.co...ic/SimCityX.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} http://simcity.ea.co...yScapeTeleX.cab
DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} http://aolsvc.aol.co...nger2Loader.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...bex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.3.20.5 10.3.20.6

FireFox:
========
FF ProfilePath: C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @glance.net/GlanceClient - C:\Program Files\Glance26\npglance.dll (Glance Networks, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\weaverr\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\weaverr\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Clear Cache Button - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF Extension: Adblock Plus - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\weaverr\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\weaverr\Application Data\Move Networks

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ARcltsrv; C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe [116608 2012-12-10] (Algorithmic Research Ltd.)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79168 2007-06-20] (Broadcom Corporation)
R2 Crypkey License; C:\Windows\System32\crypserv.exe [126976 2009-05-29] (CrypKey (Canada) Ltd.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-12-05] (Flexera Software, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.)
R2 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [110592 2007-12-03] (Logitech Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" Start=service [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-25] (Broadcom Corporation)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2007-06-20] (Broadcom Corporation)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [329901 2006-12-03] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30459 2006-12-03] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [863402 2006-12-03] (Broadcom Corporation.)
R3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [149123 2006-12-03] (Broadcom Corporation.)
R3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [47907 2006-12-03] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [67672 2006-12-03] (Broadcom Corporation.)
R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl9cc8f048; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62B29390-7769-4EA0-9D85-F5177FC2E552}\MpKsl9cc8f048.sys [40392 2013-10-28] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [20742 2009-06-12] ()
R3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)
R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)
S3 catchme; \??\C:\DOCUME~1\weaverr\LOCALS~1\Temp\catchme.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-28 14:20 - 2013-10-28 14:21 - 00023681 _____ C:\Documents and Settings\weaverr\Desktop\Addition.txt
2013-10-28 14:19 - 2013-10-28 14:19 - 01089183 _____ (Farbar) C:\Documents and Settings\weaverr\Desktop\FRST.exe
2013-10-28 14:19 - 2013-10-28 14:19 - 00000000 ____D C:\FRST
2013-10-28 09:39 - 2013-10-28 09:39 - 00050088 _____ C:\Documents and Settings\weaverr\Desktop\Extras.Txt
2013-10-28 09:38 - 2013-10-28 09:38 - 00075730 _____ C:\Documents and Settings\weaverr\Desktop\OTL.Txt
2013-10-28 09:28 - 2013-10-28 09:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\weaverr\Desktop\OTL.exe
2013-10-28 09:18 - 2013-10-28 09:18 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\tdsskiller1
2013-10-28 09:16 - 2013-10-28 09:19 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\GooredFix Backups
2013-10-28 09:11 - 2013-10-28 09:11 - 00000000 ____D C:\_OTM
2013-10-28 09:09 - 2013-10-28 09:09 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\erunt
2013-10-28 09:08 - 2013-10-28 09:08 - 00071398 _____ (jpshortstuff) C:\Documents and Settings\weaverr\Desktop\GooredFix.exe
2013-10-28 09:07 - 2013-10-28 09:08 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\weaverr\Desktop\OTM.exe
2013-10-23 12:52 - 2013-10-28 08:24 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Citrix
2013-10-21 07:36 - 2013-10-21 08:09 - 00011928 _____ C:\Documents and Settings\weaverr\My Documents\Hampton - LEED Total Material Costs.xlsx
2013-10-11 07:50 - 2013-10-28 09:23 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-10 07:41 - 2013-10-10 07:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 07:40 - 2013-10-10 07:40 - 00128873 _____ C:\WINDOWS\KB2862335.log
2013-10-10 07:40 - 2013-10-10 07:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 07:32 - 2013-10-10 07:32 - 00010484 _____ C:\WINDOWS\KB2868038.log
2013-10-10 07:32 - 2013-10-10 07:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 07:31 - 2013-10-10 07:31 - 00011134 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-10 07:31 - 2013-10-10 07:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 07:30 - 2013-10-10 07:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 07:43 - 2013-10-10 07:41 - 00132232 _____ C:\WINDOWS\KB2847311.log

==================== One Month Modified Files and Folders =======

2013-10-29 07:52 - 2004-08-11 18:13 - 01718033 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-29 07:42 - 2009-08-19 09:41 - 00002521 _____ C:\Documents and Settings\weaverr\Desktop\Microsoft Office Outlook 2007.lnk
2013-10-29 07:40 - 2008-04-21 16:26 - 00000152 _____ C:\WINDOWS\system32\config\netlogon.ftl
2013-10-28 17:09 - 2012-05-01 16:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-28 14:21 - 2013-10-28 14:20 - 00023681 _____ C:\Documents and Settings\weaverr\Desktop\Addition.txt
2013-10-28 14:19 - 2013-10-28 14:19 - 01089183 _____ (Farbar) C:\Documents and Settings\weaverr\Desktop\FRST.exe
2013-10-28 14:19 - 2013-10-28 14:19 - 00000000 ____D C:\FRST
2013-10-28 10:23 - 2009-02-05 08:58 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2013-10-28 09:39 - 2013-10-28 09:39 - 00050088 _____ C:\Documents and Settings\weaverr\Desktop\Extras.Txt
2013-10-28 09:38 - 2013-10-28 09:38 - 00075730 _____ C:\Documents and Settings\weaverr\Desktop\OTL.Txt
2013-10-28 09:28 - 2013-10-28 09:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\weaverr\Desktop\OTL.exe
2013-10-28 09:23 - 2013-10-11 07:50 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-28 09:19 - 2013-10-28 09:16 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\GooredFix Backups
2013-10-28 09:18 - 2013-10-28 09:18 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\tdsskiller1
2013-10-28 09:13 - 2012-01-13 17:50 - 00037378 _____ C:\WINDOWS\error.log
2013-10-28 09:13 - 2009-10-30 08:36 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-10-28 09:13 - 2004-08-11 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-28 09:13 - 2004-08-11 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-28 09:12 - 2012-01-16 08:46 - 00036708 _____ C:\WINDOWS\errord.log
2013-10-28 09:12 - 2009-07-06 09:59 - 00000278 ___SH C:\Documents and Settings\weaverr\ntuser.ini
2013-10-28 09:12 - 2004-08-11 18:20 - 00032520 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-28 09:11 - 2013-10-28 09:11 - 00000000 ____D C:\_OTM
2013-10-28 09:10 - 2010-08-17 09:17 - 00000000 ____D C:\WINDOWS\ERDNT
2013-10-28 09:09 - 2013-10-28 09:09 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\erunt
2013-10-28 09:08 - 2013-10-28 09:08 - 00071398 _____ (jpshortstuff) C:\Documents and Settings\weaverr\Desktop\GooredFix.exe
2013-10-28 09:08 - 2013-10-28 09:07 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\weaverr\Desktop\OTM.exe
2013-10-28 08:24 - 2013-10-23 12:52 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Citrix
2013-10-28 08:24 - 2012-12-13 04:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842$
2013-10-28 08:00 - 2010-07-16 08:32 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-28 07:59 - 2012-02-15 11:07 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-28 07:59 - 2010-07-16 08:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-28 07:59 - 2004-08-11 18:02 - 00000000 ____D C:\WINDOWS\security
2013-10-25 16:54 - 2009-07-06 09:59 - 00000000 ____D C:\Documents and Settings\weaverr
2013-10-24 16:45 - 2008-09-19 11:20 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-21 08:09 - 2013-10-21 07:36 - 00011928 _____ C:\Documents and Settings\weaverr\My Documents\Hampton - LEED Total Material Costs.xlsx
2013-10-15 08:57 - 2004-08-11 18:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-11 16:59 - 2008-04-04 22:44 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-10-10 17:00 - 2013-02-20 10:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-10-10 17:00 - 2013-02-20 10:19 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-10 17:00 - 2013-02-20 10:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-10 14:22 - 2009-08-17 10:19 - 00000000 ____D C:\Program Files\Windows Desktop Search
2013-10-10 14:22 - 2008-09-19 10:51 - 00000000 ____D C:\Program Files\Winamp
2013-10-10 14:22 - 2004-08-11 18:11 - 00000000 ____D C:\Program Files\Windows NT
2013-10-10 14:21 - 2010-12-02 17:48 - 00000000 ____D C:\Program Files\QuickTime
2013-10-10 14:21 - 2008-04-04 22:40 - 00000000 ____D C:\Program Files\SetPoint
2013-10-10 14:18 - 2011-08-08 08:08 - 00000000 ____D C:\Program Files\PdaNet for Android
2013-10-10 14:18 - 2004-08-11 18:12 - 00000000 ____D C:\Program Files\Outlook Express
2013-10-10 14:18 - 2004-08-11 18:12 - 00000000 ____D C:\Program Files\NetMeeting
2013-10-10 14:17 - 2004-08-11 18:12 - 00000000 ____D C:\Program Files\Movie Maker
2013-10-10 14:16 - 2010-03-18 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 14:15 - 2004-08-11 18:11 - 00000000 ____D C:\Program Files\Messenger
2013-10-10 14:13 - 2010-12-02 18:00 - 00000000 ____D C:\Program Files\iTunes
2013-10-10 14:04 - 2011-04-18 14:17 - 00000000 ____D C:\Program Files\Glance26
2013-10-10 14:03 - 2008-04-04 22:44 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2013-10-10 14:00 - 2008-04-22 13:34 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-10-10 13:57 - 2008-05-05 09:33 - 00000000 ____D C:\Program Files\Builder System
2013-10-10 13:53 - 2008-04-22 13:39 - 00000000 ____D C:\Program Files\AutoCAD 2009
2013-10-10 13:46 - 2004-08-11 17:47 - 00000000 ____D C:\i386
2013-10-10 13:38 - 2004-08-11 18:53 - 00000000 ____D C:\dell
2013-10-10 13:33 - 2011-11-09 15:39 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Akamai
2013-10-10 13:16 - 2004-08-11 18:12 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-10 13:16 - 2004-08-11 18:02 - 00000000 ____D C:\WINDOWS\system32\usmt
2013-10-10 07:58 - 2004-08-11 18:06 - 00360136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-10 07:43 - 2009-08-17 10:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-10 07:43 - 2004-08-11 18:07 - 00618600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-10 07:41 - 2013-10-10 07:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 07:41 - 2013-10-09 07:43 - 00132232 _____ C:\WINDOWS\KB2847311.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00565772 _____ C:\WINDOWS\iis6.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00523491 _____ C:\WINDOWS\FaxSetup.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00251260 _____ C:\WINDOWS\ocgen.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00239785 _____ C:\WINDOWS\tsoc.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00173672 _____ C:\WINDOWS\comsetup.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00159830 _____ C:\WINDOWS\msmqinst.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00105294 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00092055 _____ C:\WINDOWS\netfxocm.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00048861 _____ C:\WINDOWS\updspapi.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00036125 _____ C:\WINDOWS\MedCtrOC.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00029070 _____ C:\WINDOWS\ocmsn.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00026435 _____ C:\WINDOWS\tabletoc.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00026265 _____ C:\WINDOWS\msgsocm.log
2013-10-10 07:41 - 2012-01-19 08:42 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-10 07:40 - 2013-10-10 07:40 - 00128873 _____ C:\WINDOWS\KB2862335.log
2013-10-10 07:40 - 2013-10-10 07:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 07:40 - 2012-04-23 08:06 - 00103186 _____ C:\WINDOWS\setupapi.log
2013-10-10 07:40 - 2012-01-19 08:42 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-10 07:37 - 2013-07-16 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-10 07:35 - 2008-04-22 13:24 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-10 07:34 - 2012-02-24 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-10 07:32 - 2013-10-10 07:32 - 00010484 _____ C:\WINDOWS\KB2868038.log
2013-10-10 07:32 - 2013-10-10 07:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 07:31 - 2013-10-10 07:31 - 00011134 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-10 07:31 - 2013-10-10 07:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 07:31 - 2009-12-08 09:37 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-10 07:30 - 2013-10-10 07:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 10:09 - 2012-05-01 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 10:09 - 2011-05-23 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-08 10:23 - 2013-07-30 10:11 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\PM Projects
2013-10-02 14:22 - 2013-05-14 15:00 - 00000000 ____D C:\Documents and Settings\weaverr\Desktop\Kip

Files to move or delete:
====================
C:\Documents and Settings\watersj\gotomypc_437.exe
C:\Documents and Settings\weaverr\gyb.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Fix Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by weaverr at 2013-10-29 07:51:46 Run:1
Running from C:\Documents and Settings\weaverr\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Apple] - rundll32 "C:\Documents and Settings\weaverr\Local Settings\Application Data\Symantec\Apple\jacg.dll",DllRegisterServer <===== ATTENTION
FF Extension: ssbmnfvuqd - C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\[email protected]
2013-10-10 13:04 - 2013-10-10 13:04 - 00000003 _____ C:\Documents and Settings\weaverr\Local Settings\Application Data\aaceeffc29.nls
2013-10-10 13:00 - 2013-10-10 13:23 - 00726624 _____ C:\Documents and Settings\weaverr\Local Settings\Application Data\dfl29z32.dll
2013-10-23 12:52 - 2009-07-06 09:59 - 00000000 ____D C:\Documents and Settings\weaverr\Local Settings\Application Data\Symantec
C:\Documents and Settings\weaverr\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
end

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Apple => Value not found.
C:\Documents and Settings\weaverr\Application Data\Mozilla\Firefox\Profiles\7okqq9lh.default\Extensions\[email protected] => Moved successfully.
C:\Documents and Settings\weaverr\Local Settings\Application Data\aaceeffc29.nls => Moved successfully.
C:\Documents and Settings\weaverr\Local Settings\Application Data\dfl29z32.dll => Moved successfully.
C:\Documents and Settings\weaverr\Local Settings\Application Data\Symantec => Moved successfully.
C:\Documents and Settings\weaverr\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====

#7
Phel

Posted 30 October 2013 - 03:01 PM

Trusted Helper

Malware Removal
1,386 posts

Sorry for delay.

How your computer is running now? I'd like to get a fresh OTL log now.

Run OTL.
Click on Scan All Users checkbox, which is located near Quick Scan button.
Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
Under the Custom Scans/Fixes box at the bottom, paste in the following:
```
BASESERVICES
set /c
```
Then click the Run Scan button at the top.
Let the program run unhindered.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

So, please, don't forget to post in your next message:

OTL.txt
Extras.txt

#8
Phel

Posted 09 November 2013 - 05:31 AM

Trusted Helper

Malware Removal
1,386 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.