Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Google redirecter that I cannot remove

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Google redirecter that I cannot remove

Unread postby thoffman2000 » October 17th, 2012, 11:23 am

Had the "System error. Hard disk failure detected" fake message virus on this computer yesterday. Thought I had it removed but today I have a Google redirecter that I cannot get removed. Need assistance please.

DDS.SCR will not run, nor will any TDDS Killer apps.

Posting OTL.TXT and EXTRAS.TXT:


OTL logfile created on: 10/17/2012 10:46:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\administrator.SBM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.52 Mb Total Physical Memory | 395.71 Mb Available Physical Memory | 39.04% Memory free
2.38 Gb Paging File | 1.93 Gb Available in Paging File | 80.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 132.10 Gb Free Space | 88.68% Space Free | Partition Type: NTFS
Drive D: | 605.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 57.64 Mb Total Space | 47.44 Mb Free Space | 82.30% Space Free | Partition Type: FAT
Drive F: | 210.42 Gb Total Space | 101.61 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive L: | 272.24 Gb Total Space | 67.34 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive M: | 210.42 Gb Total Space | 101.61 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive Y: | 210.42 Gb Total Space | 101.61 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive Z: | 210.42 Gb Total Space | 101.61 Gb Free Space | 48.29% Space Free | Partition Type: NTFS

Computer Name: DHRDPJD1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 10:36:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.SBM\Desktop\OTL.exe
PRC - [2012/01/23 10:26:04 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe
PRC - [2012/01/23 10:25:52 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2003/10/23 23:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2007/07/12 23:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/01/23 10:26:04 | 001,664,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)
SRV - [2012/01/23 10:26:04 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\snac.exe -- (SNAC)
SRV - [2012/01/23 10:25:52 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2010/09/07 17:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\mmiller\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/10/10 11:55:02 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20121016.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/10 11:55:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/10/10 11:55:02 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20121016.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/20 12:09:09 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120928.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/16 03:45:03 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/23 10:33:17 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/23 10:26:14 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\symtdi.sys -- (SYMTDI)
DRV - [2012/01/23 10:26:12 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2012/01/23 10:26:12 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)
DRV - [2012/01/23 10:26:12 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys -- (SymDS)
DRV - [2012/01/23 10:26:12 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2012/01/23 10:26:12 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2006/08/28 02:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/11/25 17:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=3070829
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=del ... bd=3070829
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=3070829
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=del ... bd=3070829
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=3070829
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=del ... bd=3070829
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=3070829
IE - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.spader.com/
IE - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\..\SearchScopes,DefaultScope = {F710BCDF-3161-45E1-83E4-CD898026EFEF}
IE - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\..\SearchScopes\{F710BCDF-3161-45E1-83E4-CD898026EFEF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2804845723-1255299562-3013120717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} http://portal.spader.com/PORTAL/Reserve ... b&Arch=X86 (RSClientPrint 2008 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 4987160650 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0404795666 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXc ... eatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.22.11 10.1.22.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SBM.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBCBCFBE-2E49-49B0-947A-C5C80B7A1ABB}: DhcpNameServer = 10.1.22.11 10.1.22.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\WinLogoutNotifier.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 07:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3dc4c62d-7279-11dc-a668-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc4c62d-7279-11dc-a668-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc4c62d-7279-11dc-a668-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2004/08/04 07:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/17 10:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.SBM\Application Data\Macromedia
[2012/10/17 10:45:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.SBM\Desktop\OTL.exe
[2012/10/17 10:30:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.SBM\Start Menu\Programs\Administrative Tools
[2012/10/17 10:30:40 | 000,706,431 | R--- | C] (Swearware) -- C:\Documents and Settings\administrator.SBM\Desktop\dds.scr
[2012/10/17 10:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.SBM\Application Data\Adobe
[2012/10/17 10:29:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\administrator.SBM\IETldCache
[2012/10/17 10:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.SBM\Local Settings\Application Data\Symantec
[2012/10/17 09:55:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/17 07:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/10/17 07:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/10/17 07:34:51 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2012/10/16 16:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/10/16 16:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/16 15:42:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/16 15:36:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/16 15:36:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/16 15:36:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/16 15:34:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/16 15:33:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/16 15:30:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/16 15:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/16 15:17:55 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/16 15:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/10/16 15:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/10/16 15:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/10/16 14:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/10/16 14:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/10/16 14:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/10/16 11:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/16 11:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/16 11:18:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/16 11:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/06/16 13:47:28 | 001,723,432 | ---- | C] (Yugma,Inc. ) -- C:\Documents and Settings\All Users\Application Data\Yugma-Uninstaller.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/17 10:44:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/17 10:44:03 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 10:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 10:42:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/17 10:42:07 | 1062,825,984 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/17 10:36:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.SBM\Desktop\OTL.exe
[2012/10/17 10:29:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\administrator.SBM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/17 10:29:00 | 000,000,930 | RHS- | M] () -- C:\Documents and Settings\administrator.SBM\ntuser.pol
[2012/10/17 10:08:36 | 000,706,431 | R--- | M] (Swearware) -- C:\Documents and Settings\administrator.SBM\Desktop\dds.scr
[2012/10/16 15:42:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/16 15:26:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/16 15:17:23 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/16 15:17:23 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/16 12:14:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/10/16 10:58:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/09/17 12:19:39 | 000,000,391 | ---- | M] () -- C:\WINDOWS\SSCE.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/17 10:12:08 | 1062,825,984 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/16 15:42:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/10/16 15:42:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/10/16 15:36:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/16 15:36:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/16 15:36:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/16 15:36:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/16 15:36:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/16 14:02:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/16 12:14:05 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/10/16 11:21:22 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/10/16 11:21:22 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/10/16 11:21:20 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2012/10/16 11:21:17 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Standard.lnk
[2012/10/16 11:21:17 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/10/16 11:21:17 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/10/16 11:21:16 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 6.0.lnk
[2012/02/15 03:43:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/03 11:43:37 | 000,000,391 | ---- | C] () -- C:\WINDOWS\SSCE.INI
[2007/10/04 08:13:30 | 000,000,930 | RHS- | C] () -- C:\Documents and Settings\administrator.SBM\ntuser.pol
[2007/10/04 08:11:42 | 000,002,412 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/28 10:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/10/17 07:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/09/20 12:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmiller\Application Data\webex

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 10/17/2012 10:46:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\administrator.SBM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.52 Mb Total Physical Memory | 395.71 Mb Available Physical Memory | 39.04% Memory free
2.38 Gb Paging File | 1.93 Gb Available in Paging File | 80.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 132.10 Gb Free Space | 88.68% Space Free | Partition Type: NTFS
Drive D: | 605.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 57.64 Mb Total Space | 47.44 Mb Free Space | 82.30% Space Free | Partition Type: FAT
Drive F: | 210.42 Gb Total Space | 101.61 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive L: | 272.24 Gb Total Space | 67.34 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive M: | 210.42 Gb Total Space | 101.61 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive Y: | 210.42 Gb Total Space | 101.61 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive Z: | 210.42 Gb Total Space | 101.61 Gb Free Space | 48.29% Space Free | Partition Type: NTFS

Computer Name: DHRDPJD1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{549B8A35-DA2A-43F8-BC24-51EA4A24512F}" = TimeCard
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7043B64C-9602-41E5-8A3D-2170485ECE95}_1" = G.Neil Optima Attendance Controller 8.0
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7C53EA37-5700-4FED-9C45-79CB03389AE8}" = GoldMine PLUS for Microsoft Office
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9FEE669-D417-4FAB-A5FB-5B55169059BC}" = TimeCard
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterBase 6 Open Edition - 6.0.2.0" = InterBase 6 Open Edition - 6.0.2.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mirage Driver_is1" = Mirage Driver 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealVNC_is1" = VNC Free Edition 4.1.2
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\iron.cat Event Info: Open File
ActionTaken:
Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL TOOL\SVRTSERVICE.EXE
(PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\Iron.inf Event Info: Open File
ActionTaken:
Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL TOOL\SVRTSERVICE.EXE
(PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\Ironx86.sys Event Info: Open
File ActionTaken: Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL
TOOL\SVRTSERVICE.EXE (PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\srtsp.cat Event Info: Open
File ActionTaken: Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL
TOOL\SVRTSERVICE.EXE (PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\srtsp.inf Event Info: Open
File ActionTaken: Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL
TOOL\SVRTSERVICE.EXE (PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\srtsp.sys Event Info: Open
File ActionTaken: Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL
TOOL\SVRTSERVICE.EXE (PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\srtspx.cat Event Info: Open
File ActionTaken: Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL
TOOL\SVRTSERVICE.EXE (PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\srtspx.inf Event Info: Open
File ActionTaken: Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL
TOOL\SVRTSERVICE.EXE (PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\srtspx.sys Event Info: Open
File ActionTaken: Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL
TOOL\SVRTSERVICE.EXE (PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

Error - 10/17/2012 9:04:46 AM | Computer Name = DHRDPJD1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Cached
Installs\System32\Drivers\Name\Version\BuildNum\x86\SymDS.cat Event Info: Open
File ActionTaken: Logged Actor Process: C:\PROGRAM FILES\SOPHOS\SOPHOS VIRUS REMOVAL
TOOL\SVRTSERVICE.EXE (PID 3172) Time: Wednesday, October 17, 2012 8:04:46 AM

[ System Events ]
Error - 10/17/2012 10:24:16 AM | Computer Name = DHRDPJD1 | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error: %%1714

Error - 10/17/2012 10:33:12 AM | Computer Name = DHRDPJD1 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/17/2012 10:41:07 AM | Computer Name = DHRDPJD1 | Source = dnscache | ID = 11004
Description = Unable to start DNS Client service. Could not start the Remote Procedure
Call (RPC) interface for this service. To correct the problem, you may restart the
RPC and DNS Client services. To do so, use the following commands at a command prompt:
(1) type "net start rpc" to start the RPC service, and (2) type "net start dnscache"
to start the DNS Client service. For specific error code information, see the record
data displayed below.

Error - 10/17/2012 10:42:30 AM | Computer Name = DHRDPJD1 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/17/2012 10:42:30 AM | Computer Name = DHRDPJD1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI

Error - 10/17/2012 10:42:30 AM | Computer Name = DHRDPJD1 | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error: %%1714

Error - 10/17/2012 10:43:24 AM | Computer Name = DHRDPJD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/17/2012 11:13:38 AM | Computer Name = DHRDPJD1 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/17/2012 11:29:32 AM | Computer Name = DHRDPJD1 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/17/2012 11:43:35 AM | Computer Name = DHRDPJD1 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060


< End of report >
thoffman2000
Active Member
 
Posts: 2
Joined: October 17th, 2012, 11:06 am
Top
Advertisement
Register to Remove

Re: Google redirecter that I cannot remove

Unread postby thoffman2000 » October 17th, 2012, 1:30 pm

Please disregard. Managed to get TDSSKiller to run, cured Rootkit.Boot.SST.b. System seems stable again.
Thanks
thoffman2000
Active Member
 
Posts: 2
Joined: October 17th, 2012, 11:06 am
Top

Re: Google redirecter that I cannot remove

Unread postby deltalima » October 17th, 2012, 1:33 pm

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 430 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index