Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection(s) on COMPUTER 2


  • This topic is locked This topic is locked
51 replies to this topic

#1 dewalt

dewalt

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 23 December 2011 - 11:01 PM

Elise:

I am assuming I will find you or you will find this second thread (COMPUTER 2)

At least 3 things to try to fix:

1. Try to get Windows Update working. Message says, "windows Update cannot currently check for updates because service is not running. May need to restart computer -- Have done Restart several times, does NOT make a difference.

2. Have something popping up that is something about "reminder at later time or simmer" has the URL? of Greg@Percifield.com

3. Screen comes up when starting to say Enable Disable macros mentioned with Adobe. If helps, I think I can make a screen shot and maybe how to forward it. Know have used the screen shot for PRINTING things that don't want to be printed, assume I can figure out how to send/attach the file.

I'm wearing out the phrase "Thank you", thank you anyhow.

David

BC AdBot (Login to Remove)

 


#2 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 23 December 2011 - 11:55 PM

Did not finish item 3

If you click on "Disable (macros) button get another set of 8 screens with macros to be Disabled or Enabled and disabling the 8th screen brings up a blank gray screen with the phrase "Microsoft Word" in the title bar. I you "X" out the program just continues on. but what is it doing there and is it doing anything else that is bad?

David

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:55 AM

Posted 24 December 2011 - 01:54 AM

Hello, lets first see what is running on your computer.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 December 2011 - 04:57 AM

Tried to post a detail reply that COMPUTER 2 will not let dds.scr finish scan. Gets about 2/3 way through and stops

Tried 3 times. Will have to try something else

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:55 AM

Posted 24 December 2011 - 04:59 AM

Does the scan finish halfway, or can't you post the logs?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 December 2011 - 05:26 AM

Only goes 1/2 -2/3 way and stops. No log to post, didn't finish.

Sent a person message that I could not post a log, that dds.scr did not finish and as I tried to POST, got this graphicat the URL shown

http://www.bleepingcomputer.com/forums/topic432548.html

Don't know if legitimate or not, but my POST never got posted and could not give you the detail of what I tried, but bottom line is that dds.scr will not finish scan.
Tried 3 times. then when I went back to try to posst, there was this ad for a virus removal service with a button to I think purchase, in place of option to post a reply.

Don't know what is going on

Have attached a screen shot of the partially completed scan for the dds.scr scan

Attached Files



#7 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 December 2011 - 05:33 AM

And this is the graphic that popped up as I tried to post a detail explanation of what I tried to download and run dds.scr

Maybe coincidental, but thought maybe the malware was now intercepting REPLY posts

But bottom line is that the dds.scr scan screen is still showing and I cannot get rid of it short of shutting down the computer

#8 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 December 2011 - 05:36 AM

retry to resend graphic I got when I tried to POST detailed reply

Attached Files



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:55 AM

Posted 24 December 2011 - 06:11 AM

That means BC ws down, it should all be fine now, try to download/run DDS and post me the logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 December 2011 - 01:09 PM

Same thing as before:

First on startup, had message box:
"Windows has recovered from an unexpected shutdown"
Problem Signature:
Problem Event Name: "Blue Screen"

bunch of codes that I wrote down and can give you if it helps

Also gave 2 files that says can help describe problem. wrote down the file locations and can look them up if that helps. Both are on C:\ one is minidump, second is \Temp\WER-541792-0 sysdata.xml

Tried to download DDS from dds.scr, would not download

Tried to run from previous copy on flash drive. Started to run but stopped about 1 to 1-1/2 minutes into scan. Appears to have stopped at same place as before by position of status bar measure line of text above status bar. this time could not take screen shot to show. Also acting like before, could not "X" out, attempt to minimize and the black dds scan pops right back. Appears to be being blocked or hung up on something. No scan report to post, again stopped 2/3 of way through scan.

I'll wait for you to tell me what to try next

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:55 AM

Posted 24 December 2011 - 01:14 PM

Please try the following scan instead.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 December 2011 - 01:17 PM

Also appears Google Chrome has jumped in as browser. Asked if I wanted to close while a download in progress

Have added screen shot of attempts to get dds.scr. Can see curved link arrow showing attempt at download in progress

Attached Files



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:55 AM

Posted 24 December 2011 - 01:40 PM

Please see my previous post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 28 December 2011 - 09:12 PM

Elise:

Finally found second thread. Ran OTL as requested

first: OTL.txt log
second: Extras.txt log


OTL logfile created on: 12/28/2011 7:59:57 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David W\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.42% Memory free
6.00 Gb Paging File | 5.09 Gb Available in Paging File | 84.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241.15 Gb Total Space | 213.33 Gb Free Space | 88.46% Space Free | Partition Type: NTFS
Drive D: | 224.61 Gb Total Space | 183.93 Gb Free Space | 81.89% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 372.60 Gb Total Space | 372.50 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive G: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.49% Space Free | Partition Type: FAT32

Computer Name: DAVIDW-PC7 | User Name: David W | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 19:58:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\David W\Downloads\OTL.exe
PRC - [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/11/07 02:26:14 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/08/03 12:45:42 | 000,266,792 | ---- | M] () -- C:\Program Files\Chemstations\CHEMCAD\sysauth_service.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/02 22:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/09/17 06:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2009/09/17 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 05:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 05:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 05:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 05:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 05:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/03 12:45:42 | 000,266,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Chemstations\CHEMCAD\sysauth_service.exe -- (CHEMCAD System Authorization)
SRV - [2010/11/21 18:11:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/21 16:17:46 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/17 06:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2009/09/17 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/11/15 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:36:08 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111223.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 06:36:08 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111223.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/21 17:17:14 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/10 15:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/22 16:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 16:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 16:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/10/26 12:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/26 12:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 9D B5 C4 D8 89 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\David W\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\David W\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\David W\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2010/11/21 18:05:23 | 000,001,264 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E12A576-6A6C-4669-B7A3-4969616ACB53}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/21 13:40:28 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 20:46:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/26 20:46:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/26 20:46:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 20:46:34 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/23 07:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/23 07:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/23 07:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/12 20:54:39 | 000,000,000 | ---D | C] -- C:\Users\David W\AppData\Roaming\Uniblue
[2011/12/12 20:54:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011/12/12 20:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/12/12 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/12/12 20:49:20 | 000,000,000 | ---D | C] -- C:\Users\David W\AppData\Local\PackageAware

========== Files - Modified Within 30 Days ==========

[2011/12/28 19:30:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 19:29:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 16:57:49 | 000,000,238 | ---- | M] () -- C:\Users\David W\Desktop\All jerky is not created equal – Eatocracy - CNN.com Blogs.url
[2011/12/28 15:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/27 10:16:24 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/27 10:16:24 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/27 10:12:08 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/12/27 10:11:38 | 2414,718,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/24 15:20:42 | 000,028,217 | ---- | M] () -- C:\Users\David W\Desktop\ScreenHunter_01 Dec. 24 15.20.gif
[2011/12/24 12:25:20 | 000,178,598 | ---- | M] () -- C:\Users\David W\Desktop\ScreenHunter_02 Dec. 24 12.25.gif
[2011/12/24 11:51:54 | 000,046,325 | ---- | M] () -- C:\Users\David W\Desktop\ScreenHunter_01 Dec. 24 11.51.gif
[2011/12/24 09:51:25 | 294,973,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/24 04:28:38 | 000,035,851 | ---- | M] () -- C:\Users\David W\Desktop\ScreenHunter_02 Dec. 24 04.28.gif
[2011/12/24 04:14:12 | 000,043,466 | ---- | M] () -- C:\Users\David W\Desktop\ScreenHunter_01 Dec. 24 04.14.gif
[2011/12/23 07:28:48 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/23 07:28:45 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/23 07:28:45 | 000,002,189 | ---- | M] () -- C:\Users\David W\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/22 01:22:29 | 000,000,214 | ---- | M] () -- C:\Users\David W\Desktop\tdsskiller trojanTDSS modified .url
[2011/12/21 19:42:34 | 000,034,425 | ---- | M] () -- C:\Users\David W\Desktop\ScreenHunter_01 Dec. 21 19.42.gif
[2011/12/12 20:54:37 | 000,001,762 | ---- | M] () -- C:\Users\David W\Desktop\Uniblue RegistryBooster.lnk
[2011/12/12 20:54:37 | 000,001,752 | ---- | M] () -- C:\Users\David W\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/12/12 19:32:02 | 000,009,830 | ---- | M] () -- C:\Users\David W\Desktop\exefix.reg

========== Files Created - No Company Name ==========

[2011/12/28 16:57:49 | 000,000,238 | ---- | C] () -- C:\Users\David W\Desktop\All jerky is not created equal – Eatocracy - CNN.com Blogs.url
[2011/12/24 15:20:42 | 000,028,217 | ---- | C] () -- C:\Users\David W\Desktop\ScreenHunter_01 Dec. 24 15.20.gif
[2011/12/24 12:25:20 | 000,178,598 | ---- | C] () -- C:\Users\David W\Desktop\ScreenHunter_02 Dec. 24 12.25.gif
[2011/12/24 11:51:54 | 000,046,325 | ---- | C] () -- C:\Users\David W\Desktop\ScreenHunter_01 Dec. 24 11.51.gif
[2011/12/24 09:51:25 | 294,973,287 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/24 04:28:38 | 000,035,851 | ---- | C] () -- C:\Users\David W\Desktop\ScreenHunter_02 Dec. 24 04.28.gif
[2011/12/24 04:14:12 | 000,043,466 | ---- | C] () -- C:\Users\David W\Desktop\ScreenHunter_01 Dec. 24 04.14.gif
[2011/12/23 07:28:48 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/23 07:28:45 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/23 07:28:45 | 000,002,189 | ---- | C] () -- C:\Users\David W\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/22 01:22:29 | 000,000,214 | ---- | C] () -- C:\Users\David W\Desktop\tdsskiller trojanTDSS modified .url
[2011/12/21 19:42:34 | 000,034,425 | ---- | C] () -- C:\Users\David W\Desktop\ScreenHunter_01 Dec. 21 19.42.gif
[2011/12/12 20:54:40 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011/12/12 20:54:37 | 000,001,762 | ---- | C] () -- C:\Users\David W\Desktop\Uniblue RegistryBooster.lnk
[2011/12/12 20:54:37 | 000,001,752 | ---- | C] () -- C:\Users\David W\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/12/12 19:33:46 | 000,009,830 | ---- | C] () -- C:\Users\David W\Desktop\exefix.reg
[2011/05/17 06:03:15 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/05/17 01:30:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011/05/17 01:30:38 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011/01/31 20:12:19 | 000,001,740 | ---- | C] () -- C:\Windows\hpdj3840.ini
[2011/01/12 20:54:32 | 000,000,017 | ---- | C] () -- C:\Users\David W\AppData\Local\resmon.resmoncfg
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,412,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >



Log Extras.txt



OTL Extras logfile created on: 12/28/2011 7:59:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David W\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.42% Memory free
6.00 Gb Paging File | 5.09 Gb Available in Paging File | 84.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241.15 Gb Total Space | 213.33 Gb Free Space | 88.46% Space Free | Partition Type: NTFS
Drive D: | 224.61 Gb Total Space | 183.93 Gb Free Space | 81.89% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 372.60 Gb Total Space | 372.50 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive G: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.49% Space Free | Partition Type: FAT32

Computer Name: DAVIDW-PC7 | User Name: David W | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{179D679D-047F-491D-8783-D4BE596D2242}" = Visual Basic for Applications ® Core
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7CE6887B-CDE1-4E4D-813E-A064151B2BC0}" = CHEMCAD Suite
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1570454-ED12-4050-A7AC-9282C7AFB23C}" = Window Shopper
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner
"CHEMCAD Suite" = CHEMCAD Suite
"Driver Performer_is1" = Driver Performer
"FoxTab PDF Converter" = FoxTab PDF Converter
"Google Chrome" = Google Chrome
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROPLUS" = Microsoft Office Professional Plus 2007
"Search Toolbar" = Search Toolbar
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2011 1:23:31 PM | Computer Name = DavidW-PC7 | Source = Windows Search Service | ID = 3028
Description =

Error - 12/23/2011 1:23:31 PM | Computer Name = DavidW-PC7 | Source = Windows Search Service | ID = 3058
Description =

Error - 12/23/2011 1:23:31 PM | Computer Name = DavidW-PC7 | Source = Windows Search Service | ID = 7010
Description =

Error - 12/24/2011 3:43:27 AM | Computer Name = DavidW-PC7 | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/24/2011 4:55:48 AM | Computer Name = DavidW-PC7 | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/24/2011 4:55:51 AM | Computer Name = DavidW-PC7 | Source = SentinelProtectionServer | ID = 3
Description = Could not start Sentinel Protection Server.

Error - 12/24/2011 5:05:39 AM | Computer Name = DavidW-PC7 | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/24/2011 11:51:41 AM | Computer Name = DavidW-PC7 | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/24/2011 5:15:53 PM | Computer Name = DavidW-PC7 | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/27/2011 12:12:00 PM | Computer Name = DavidW-PC7 | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ OSession Events ]
Error - 2/3/2011 9:31:09 PM | Computer Name = DavidW-PC7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4758
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 10/12/2011 11:35:25 PM | Computer Name = DavidW-PC7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 602
seconds with 300 seconds of active time. This session ended with a crash.

Error - 11/8/2011 3:56:44 AM | Computer Name = DavidW-PC7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 188
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/24/2011 1:42:11 PM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 12/24/2011 1:42:13 PM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 12/24/2011 1:42:13 PM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 12/27/2011 12:50:25 AM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR7.

Error - 12/27/2011 12:50:26 AM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR7.

Error - 12/27/2011 12:50:27 AM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR7.

Error - 12/27/2011 1:11:05 PM | Computer Name = DavidW-PC7 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/28/2011 5:59:23 PM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR7.

Error - 12/28/2011 5:59:25 PM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR7.

Error - 12/28/2011 5:59:25 PM | Computer Name = DavidW-PC7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR7.


< End of report >

#15 dewalt

dewalt
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 29 December 2011 - 02:51 AM

Elise:

Back to one (hopefully) healthy computer again. trying to fix COMPUTER 2 for which we started thread two "Unknown infection(s) on COMPUTER 2". I am using the "repaired" COMPUTER 1 again. This is the computer associated with the first thread "tdsskiller trojanTDSS modified ??" Really don't want to use this any more than I have to because one of the harddrives may be failing.

We left thread COMPUTER 2 with my saying I could not fully run "dds.scr". I'm sure you can check past posts, but the program dds.scr would start, could see the black and white screen and see the status bar developing and it would get about 2/3 of the way across and stop. You could not "X" out of the screen, if you attempted to minimize it, the screen would pop right back up. Then, if you tried a shutdown, it would go through the shutdown process to the final screen where it says it is SHUTTING DOWN, but never turns off. Have to manually shutdown the machine.

So, on your instruction, ran OTL and posted the log.

The computer was still more or less working and had tried to access "bleepingcomputer.com", when the top half of the screen went black and then the got several message that the "webpage could not be accessed". So, COMPUTER 2 does not have internet access as well as probably some other problems. This also the same computer that I said could not get Windows updates, the service was not running. There is also a "reminder" note from some "Greg@Percifield.com".

So you have the OTL log of the COMPUTER 2, hopefully when you have time it will tell you something about what is running . I'm just glad to have second computer for access to emails and the internet.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users