Author Topic: [Resolved] Google "We're sorry..." message (Read 1261 times)

AlanL · « **on:** December 12, 2011, 06:39:32 PM »

Hello,

Thank you for your spyware analysis website!

Using the search box on two different websites results in an error message from Google:

" We're sorry ... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now."

I am using a personal desktop computer running Windows 7 Home Premium Version 6.1.7601 Service Pack 1 Build 7601.

A Kaspersky Internet Security 2011 full system scan does not find any malware. That scan is the only fix I have attempted.

The HJT logfile is shown below.

Alan L.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:37:50 PM, on 12/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\ua\uad.exe
C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1523935162-1770914963-2250056250-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1523935162-1770914963-2250056250-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Play Wireless USB Adapter Utility.lnk = C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Belkin WLAN service (WLANBelkinService) - Unknown owner - C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10995 bytes

Hoov · « **Reply #1 on:** December 12, 2011, 07:41:39 PM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

What happens when you try doing a search right from Google's home page? Are you having any other problems at all?

AlanL · « **Reply #2 on:** December 13, 2011, 08:57:45 AM »

Hello Hoov,

This problem may have started a month ago when I had a hard disk crash. It started with some corrupted files and ended in 24 hours with a full hard disk failure. I installed a new HD, Windows 7 and replaced content from backups. Since then I have had no major problems, save this Google error.

1. Everything done so far:

- Ran Kaspersky full system scan. One item shows in "Detected Threats" - a "kernel mode memory patch" that is further identified as "legal software that can be used by criminals for damaging your computer or personal data."

2. Confirmed: items 2 through 5 below.

3. System is backed up to SOS Online Backup. There is no hard drive encryption software running.

4. This is a personal computer used for home and home business purposes. No IT department involvement.

Searching the Internet with Google using IE or Firefox is problem free. These two websites generate the Google "We're sorry..." message when using their embedded search feature.

http://www.csidata.com/
http://www.seykota.com/tribe/search/index.htm

Other than this, I have no other computer problems to report.

Thank you,

AlanL

Hoov · « **Reply #3 on:** December 13, 2011, 09:22:07 AM »

I hate to tell you this, but the problem is probably not yours. I just went to both sites and got the same results you did. I also tried other browsers and got the same result. Have you contacted them about this problem?

We can try a few general scans just to make sure.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Please copy and paste both logs into your next response. You may need more than one response.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Please download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.[/color])
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software[/i]" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

AlanL · « **Reply #4 on:** December 13, 2011, 02:16:57 PM »

Thanks Hoov for checking those two sites. I plan to inform both about the problem. Here is the DDS.txt log file.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Alan at 12:12:06 on 2011-12-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8172.6410 [GMT -8:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
C:\ua\uad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLAYWI~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{BE982366-99D1-4CEF-89FA-EF76C515C551} : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{ED19FD26-C106-4FBF-B4D3-9C98D7C6A9B1} : DhcpNameServer = 192.168.7.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\cxyw21n8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-21 2214504]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S?2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-7-1 352976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-12-12 16:20:10   388096   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-12 16:20:10   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2011-12-12 16:14:09   57344   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut21_28137AAFEB594CED9EF9B685FE1236D3.exe
2011-12-12 16:14:09   57344   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut2_C994E4D0046E4C42A00F6456E4509677.exe
2011-12-12 16:14:09   57344   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut13_D87888BFC4A14B48BF422FEB86EFFFCD.exe
2011-12-12 16:14:09   57344   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut12_D87888BFC4A14B48BF422FEB86EFFFCD.exe
2011-12-12 16:14:09   45056   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut51_37D7E6B74B9E47718F9C63E54EB5AFEC.exe
2011-12-12 16:14:09   45056   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut5_DF6DD45ABFF94301AC095A0459D5B199.exe
2011-12-12 16:14:09   40960   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut6_D87888BFC4A14B48BF422FEB86EFFFCD.exe
2011-12-12 16:14:09   40960   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut4_D87888BFC4A14B48BF422FEB86EFFFCD.exe
2011-12-12 16:14:09   40960   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut3_D87888BFC4A14B48BF422FEB86EFFFCD.exe
2011-12-12 16:14:09   40960   ----a-r-   C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}\NewShortcut1_D87888BFC4A14B48BF422FEB86EFFFCD.exe
2011-12-12 16:06:30   --------   d-----w-   C:\ua
2011-12-09 15:58:32   8822856   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{35AE086D-EB26-4947-AE43-9407F6FCE445}\mpengine.dll
2011-12-07 05:10:33   --------   dc-h--w-   C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-07 05:10:33   --------   d-----w-   C:\Program Files (x86)\Uniblue
2011-12-01 16:50:17   --------   d-----w-   C:\TBlox 382 Dev
.
==================== Find3M ====================
.
2011-11-26 16:21:04   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-01 22:25:04   2824032   ----a-w-   C:\Windows\System32\AutoPartNt.exe
2011-11-01 22:16:47   81952   ----a-w-   C:\Windows\System32\drivers\tifsfilt.sys
2011-11-01 22:16:47   711712   ----a-w-   C:\Windows\System32\drivers\timntr.sys
2011-11-01 22:16:43   235040   ----a-w-   C:\Windows\System32\drivers\snapman.sys
2011-11-01 22:16:30   593952   ----a-w-   C:\Windows\System32\drivers\tdrpman.sys
2011-10-30 19:22:52   91840   ----a-w-   C:\Windows\System32\NicInstC.dll
2011-10-30 19:22:52   314568   ----a-w-   C:\Windows\System32\PROUnstl.exe
2011-10-30 19:22:51   36472   ----a-w-   C:\Windows\System32\NicCo36.dll
2011-10-30 19:22:49   68264   ----a-w-   C:\Windows\System32\e1cmsg.dll
2011-10-30 19:22:49   313520   ----a-w-   C:\Windows\System32\drivers\e1c62x64.sys
2011-10-30 19:21:36   316064   ----a-w-   C:\Windows\System32\PRONtObj.dll
2011-10-30 19:21:34   154472   ----a-w-   C:\Windows\System32\drivers\iANSW60e.sys
2011-10-24 21:29:02   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 21:29:02   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2011-10-21 16:55:32   221   ----a-w-   C:\Updater.vbs
2011-10-21 16:55:30   764928   ----a-w-   C:\dbghelp.dll
2011-10-21 16:55:30   1415   ----a-w-   C:\CreateServiceReport.bat
2011-10-21 16:55:30   130   ----a-w-   C:\RestartTB.vbs
2011-10-21 13:23:14   175616   ----a-w-   C:\Windows\System32\msclmd.dll
2011-10-21 13:23:14   152576   ----a-w-   C:\Windows\SysWow64\msclmd.dll
2011-10-20 13:55:31   525544   ----a-w-   C:\Windows\System32\deployJava1.dll
2011-10-20 02:29:57   536870912   --sha-w-   C:\WinPEpge.sys
2011-09-29 16:29:28   1923952   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32   3144704   ----a-w-   C:\Windows\System32\win32k.sys
.
============= FINISH: 12:12:18.04 ===============

AlanL · « **Reply #5 on:** December 13, 2011, 02:23:59 PM »

Hoov, here is the Attach.txt log file.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2011 8:54:04 PM
System Uptime: 12/13/2011 4:58:44 AM (8 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 DELUXE
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 346.261 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0001
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0001
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: ASUS Bluetooth
Device ID: USB\VID_0B05&PID_179C\6&F57D961&0&7
Manufacturer: Atheros Communications
Name: ASUS Bluetooth
PNP Device ID: USB\VID_0B05&PID_179C\6&F57D961&0&7
Service: BTHUSB
.
==== System Restore Points ===================
.
RP56: 12/6/2011 3:16:51 PM - Windows Update
RP57: 12/12/2011 7:08:35 AM - Removed CSI Unfair Advantage 2.10.7 Build 118
RP58: 12/12/2011 8:05:58 AM - Installed CSI Unfair Advantage 2.10.7 Build 118
RP59: 12/12/2011 8:19:56 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
4500_G510af_Help_Web
4500_G510nz_Help
4500G510af_Software_Min
4500G510af_web
4500G510nz
4500G510nz_Software_Min
Adobe AIR
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
ASUS PC Diagnostics
BufferChm
CSI Unfair Advantage 2.10.7 Build 118
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Fax
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HPSSupply
Kaspersky Internet Security 2011
marvell 91xx driver
Marvell Miniport Driver
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Play Wireless USB Adapter
QuickTime
Scan
Seagate DiscWizard
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
SOS Online Backup
Status
StreetSmart Edge
Toolbox
Trader Workstation
Trading Blox
TrayApp
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
WebReg
.
==== Event Viewer Messages From Past Week ========
.
12/12/2011 4:24:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Bonefish_II\Alan SID (S-1-5-21-1523935162-1770914963-2250056250-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/12/2011 4:24:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Bonefish_II\Alan SID (S-1-5-21-1523935162-1770914963-2250056250-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

AlanL · « **Reply #6 on:** December 13, 2011, 03:44:51 PM »

Malwarebytes Report: looks like no problems.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8366

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/13/2011 1:05:28 PM
mbam-log-2011-12-13 (13-05-28).txt

Scan type: Quick scan
Objects scanned: 277607
Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hoov · « **Reply #7 on:** December 13, 2011, 04:31:05 PM »

Were you able to run Superantispyware?

As for the logs you posted, I don't see anything much to worry about. The only thing I can really say anything about is RegistryBooster. I hope you do not indiscriminately delete registry entries just because it tells you they are no longer needed. For the most part registry cleaners are not needed. If a registry gets that corrupted chances are you will be better off doing a windows reinstall.

Other than the two sites you are having problems with, are you having any other problems at all? I notice that you have 3 devices that you have disabled.

AlanL · « **Reply #8 on:** December 13, 2011, 05:57:17 PM »

Hi Hoov,

Below is the Superantispyware Report.

Thanks for the tip about Registry Booster. My PC is used for heavy engineering / financial calculation model runs using both proprietary and commercial software. I do a fair amount of application installs/uninstalls and multiple large file deletions. Registry Booster typically finds registry "errors" following the uninstalls and occasional code debug crashes. If those registry issues detected by Registry Booster are better left alone, no problem and I'll take your advice to stop using it.

I really appreciate your assistance and recommendations for these anti-malware tools , and plan to make a donation tonight to support the efforts of your team.

Best regards,
AlanL

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/13/2011 at 03:21 PM

Application Version : 5.0.1136

Core Rules Database Version : 8046
Trace Rules Database Version: 5858

Scan type : Complete Scan
Total Scan Time : 01:31:18

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 74141
Registry threats detected : 0
File items scanned : 444905
File threats detected : 100

Adware.Tracking Cookie
   C:\USERS\ALAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8RODYVFG.txt [ Cookie:alan@media6degrees.com/ ]
   C:\USERS\ALAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\11PBEXPM.txt [ Cookie:alan@imrworldwide.com/cgi-bin ]
   C:\USERS\ALAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IUXIPPSG.txt [ Cookie:alan@accounts.google.com/ ]
   C:\USERS\ALAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IM2SBDKU.txt [ Cookie:alan@doubleclick.net/ ]
   broadcast.piximedia.fr [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   cdn.gotraffic.net [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   cdn4.specificclick.net [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   core.insightexpressai.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   ec.atdmt.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   ia.media-imdb.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   insight.randomhouse.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   m1.2mdn.net [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   media.cnbc.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   media.kyte.tv [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   media.mtvnservices.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   media.oprah.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   media.scanscout.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   media.socialvibe.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   media1.break.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   media10.washingtonpost.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   msnbcmedia.msn.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   objects.tremormedia.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   s0.2mdn.net [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   secure-us.imrworldwide.com [ C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S7MMWBWJ ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALAN@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALAN@ADBRITE[1].TXT [ /ADBRITE ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALAN@ATDMT[1].TXT [ /ATDMT ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALAN@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALAN@INTERCLICK[2].TXT [ /INTERCLICK ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALAN@LIST.SBMEDIANEWS[2].TXT [ /LIST.SBMEDIANEWS ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALAN@TRAFFICMP[2].TXT [ /TRAFFICMP ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@2O7[2].TXT [ /2O7 ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@A1.INTERCLICK[2].TXT [ /A1.INTERCLICK ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@AD.WSOD[1].TXT [ /AD.WSOD ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ADBRITE[2].TXT [ /ADBRITE ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ADS.CNN[2].TXT [ /ADS.CNN ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ADS.ELITETRADER[1].TXT [ /ADS.ELITETRADER ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ADS.POINTROLL[1].TXT [ /ADS.POINTROLL ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ADS.UNDERTONE[1].TXT [ /ADS.UNDERTONE ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ADSERVER.ADTECHUS[2].TXT [ /ADSERVER.ADTECHUS ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ADVERTISING[2].TXT [ /ADVERTISING ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@APMEBF[2].TXT [ /APMEBF ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ATDMT[1].TXT [ /ATDMT ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@CHITIKA[2].TXT [ /CHITIKA ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@CSM.ROTATOR.HADJ7.ADJUGGLER[1].TXT [ /CSM.ROTATOR.HADJ7.ADJUGGLER ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ELITETRADER[2].TXT [ /ELITETRADER ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@FASTCLICK[1].TXT [ /FASTCLICK ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@FEDEX.122.2O7[1].TXT [ /FEDEX.122.2O7 ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@INO.DIRECTTRACK[2].TXT [ /INO.DIRECTTRACK ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@INTERCLICK[2].TXT [ /INTERCLICK ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@LFSTMEDIA[1].TXT [ /LFSTMEDIA ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@LIVEPERSON[1].TXT [ /LIVEPERSON ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@LIVEPERSON[2].TXT [ /LIVEPERSON ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@LIVEPERSON[4].TXT [ /LIVEPERSON ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@MEDIA.MTVNSERVICES[2].TXT [ /MEDIA.MTVNSERVICES ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@MEDIA.WWW.THEDUQUESNEDUKE[2].TXT [ /MEDIA.WWW.THEDUQUESNEDUKE ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@MEDIA01.LINKEDIN[1].TXT [ /MEDIA01.LINKEDIN ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@MICROSOFTSTO.112.2O7[1].TXT [ /MICROSOFTSTO.112.2O7 ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@NETWORK.REALMEDIA[1].TXT [ /NETWORK.REALMEDIA ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@NETWORKSOLUTIONS.112.2O7[1].TXT [ /NETWORKSOLUTIONS.112.2O7 ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@POINTROLL[2].TXT [ /POINTROLL ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@PRO-MARKET[1].TXT [ /PRO-MARKET ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@REALMEDIA[1].TXT [ /REALMEDIA ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@REVSCI[2].TXT [ /REVSCI ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@RICHMEDIA.YAHOO[1].TXT [ /RICHMEDIA.YAHOO ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@RU4[2].TXT [ /RU4 ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@SALES.LIVEPERSON[2].TXT [ /SALES.LIVEPERSON ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@SERVER.IAD.LIVEPERSON[2].TXT [ /SERVER.IAD.LIVEPERSON ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@SERVING-SYS[2].TXT [ /SERVING-SYS ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@STATCOUNTER[1].TXT [ /STATCOUNTER ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@TACODA.AT.ATWOLA[2].TXT [ /TACODA.AT.ATWOLA ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@TOPLIST[1].TXT [ /TOPLIST ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@TRAFFICMP[1].TXT [ /TRAFFICMP ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@TRAVELADVERTISING[1].TXT [ /TRAVELADVERTISING ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@TRVLNET.ADBUREAU[2].TXT [ /TRVLNET.ADBUREAU ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@WWW.BURSTNET[1].TXT [ /WWW.BURSTNET ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ZEDO[1].TXT [ /ZEDO ]
   C:\WINDOWS.OLD\USERS\ALAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALAN@ZILLOW.ADBUREAU[1].TXT [ /ZILLOW.ADBUREAU ]

Heur.Agent/Gen-WhiteBox
   C:\WINDOWS.OLD\PROGRAM FILES\XEROBANK\APP\XBCONFIG.EXE

Hoov · « **Reply #9 on:** December 13, 2011, 06:07:19 PM »

You can use it, but I would restrict removing registry entries to programs removed. Do you have any other questions or concerns?

AlanL · « **Reply #10 on:** December 13, 2011, 07:03:49 PM »

Nothing else Hoov. I am happy to put my malware concerns to rest for now. Thanks again for your timely and expert assistance!

Best regards,
AlanL

Hoov · « **Reply #11 on:** December 13, 2011, 07:27:15 PM »

Here is some info that may help you in the future.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

Use a different browser other than IE (most exploits are pointed towards IE). One of them is
Firefox.
It is also worth trying Thunderbird for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.

Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose.

Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.

MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.

If you find out from those two sites that you have some problem, let me know and I can reopen this thread. But I believe it is their problem.

News:

Author Topic: [Resolved] Google "We're sorry..." message (Read 1261 times)

AlanL

[Resolved] Google "We're sorry..." message

Hoov

Re: [In Progress] Google "We're sorry..." message

AlanL

Re: [In Progress] Google "We're sorry..." message

Hoov

Re: [In Progress] Google "We're sorry..." message

AlanL

Re: [In Progress] Google "We're sorry..." message

AlanL

Re: [In Progress] Google "We're sorry..." message

AlanL

Re: [In Progress] Google "We're sorry..." message

Hoov

Re: [In Progress] Google "We're sorry..." message

AlanL

Re: [In Progress] Google "We're sorry..." message

Hoov

Re: [In Progress] Google "We're sorry..." message

AlanL

Re: [In Progress] Google "We're sorry..." message

Hoov

Re: [In Progress] Google "We're sorry..." message