Solved Google Redirect, 'Google hiring' popup, and failing Windows Update!

Status
Not open for further replies.
Good news :)

Uninstall Ask Toolbar, known foistware.

==========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1497846478-1033770382-2792673747-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1497846478-1033770382-2792673747-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/10/20 09:44:03 | 000,000,000 | ---D | M] -- C:\Users\Bren\AppData\Roaming\Acubyh
[2010/09/01 18:42:49 | 000,000,000 | ---D | M] -- C:\Users\Bren\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1
[2010/04/17 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Bren\AppData\Roaming\cYo
[2011/01/20 16:04:11 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{3BD0E192-B3D7-463A-8E7A-ABDB64E61589}.job


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-


:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Free scan now button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View report.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
you told me to uninstall Ask Toolbar, but I already did before when you asked. When I went to uninstall it again, it wasn't there, so I'm not sure about that one. So, naturally, I went onward to do the Java remover, and that went fine, but when I went to run OTL, it came up with an error and then froze on me.
 
We'll get rid of Ask Toolbar with the above OTL script.

Disable your AV program and try OTL fix again.
 
this is what i got this time:

All processes killed
Error: Unable to interpret <O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1497846478-1033770382-2792673747-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1497846478-1033770382-2792673747-1000\..Trusted Ranges: Range1 ([http] in Local intranet)> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <[2010/10/20 09:44:03 | 000,000,000 | ---D | M] -- C:\Users\Bren\AppData\Roaming\Acubyh> in the current context!
Error: Unable to interpret <[2010/09/01 18:42:49 | 000,000,000 | ---D | M] -- C:\Users\Bren\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1> in the current context!
Error: Unable to interpret <[2010/04/17 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Bren\AppData\Roaming\cYo> in the current context!
Error: Unable to interpret <[2011/01/20 16:04:11 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{3BD0E192-B3D7-463A-8E7A-ABDB64E61589}.job> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bren
->Temp folder emptied: 804879 bytes
->Temporary Internet Files folder emptied: 2165922 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 47531179 bytes
->Google Chrome cache emptied: 144987618 bytes
->Flash cache emptied: 14625 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2173669 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb


[EMPTYFLASH]

User: All Users

User: Bren
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.4 log created on 01222011_183420

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Nope.
You didn't copy my whole script. Most likely, you missed a "colon" on front of "OTL" (1st line).
Retry.
 
and now java update scheduler keeps 'stopped working.'

Also I copied down the error message from when the OTL thing quits.

Access violation at address 005CC7ED in module 'OTC.exe'. Read of address 00000000.
 
tried it in safe mode, got the same error message:

Access violation at address 005CC7ED in module 'OTC.exe'. Read of address 00000000.
 
Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

  • Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator")
  • Click on the CleanUp! button and follow the prompts.
  • You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.
  • After the reboot all the tools we used should be gone.
  • The tool will delete itself once it finishes.

Now, download fresh copy of OTL and try to run the fix again.
 
Cleaned the system with OTC. Manually deleted what was left. Downloaded fresh copy of OTL, and it hailed me with the same error message. What's got me, doc?
 
1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Smart Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
windows defender MpCmdRun.exe
``````````End of Log````````````
 
Since you have Eset installed, run this instead....

Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Free scan now button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View report.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
 
QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Sun Jan 23 01:52:59 2011
Machine ID: 4CC3C3B6



No infection found.
-------------------



Processes
---------
Application STServices 1656 C:\Windows\SMINST\BLService.exe
Bonjour 1168 C:\Program Files\Bonjour\mDNSResponder.exe
ESET Smart Security 1424 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Firefox 6020 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 5056 C:\Program Files\Mozilla Firefox\plugin-container.exe
HP Health Check Service 996 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
HP Quick Launch Buttons 3300 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
hpqwmiex Module 3792 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
iTunes 3432 C:\Program Files\iPod\bin\iPodService.exe
Microsoft Search Enhancement Pack 2152 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft® CoReXT 2288 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
Microsoft® CoReXT 2436 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 4896 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 576 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 628 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 1920 C:\Windows\System32\dwm.exe
Microsoft® Windows® Operating System 724 C:\Windows\System32\lsass.exe
Microsoft® Windows® Operating System 732 C:\Windows\System32\lsm.exe
Microsoft® Windows® Operating System 2896 C:\Windows\System32\rundll32.exe
Microsoft® Windows® Operating System 704 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 1300 C:\Windows\System32\SLsvc.exe
Microsoft® Windows® Operating System 504 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 1772 C:\Windows\System32\spoolsv.exe
Microsoft® Windows® Operating System 884 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 964 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 488 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1888 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1632 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2192 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2252 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1516 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1340 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 3028 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1284 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1216 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1160 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1068 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1000 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1972 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 2132 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 3856 C:\Windows\System32\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 620 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 676 C:\Windows\System32\winlogon.exe
Microsoft® Windows® Operating System 1692 C:\Windows\System32\wlanext.exe
MobileDeviceService 892 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PMB 1652 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
RichVideo Module 2088 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SoftK56 Modem Driver 2380 C:\Windows\System32\drivers\XAudio.exe
Windows Defender 5276 C:\Program Files\Windows Defender\MpCmdRun.exe
Windows® Search 5520 C:\Windows\System32\SearchFilterHost.exe
Windows® Search 2324 C:\Windows\System32\SearchIndexer.exe
Windows® Search 4440 C:\Windows\System32\SearchProtocolHost.exe


Network activity
----------------
Process svchost.exe (488) connected on port 443 (HTTP over SSL) --> 96.17.157.57
Process plugin-container.exe (5056) connected on port 5050 (Yahoo Messenger) --> 98.139.60.175
Process firefox.exe (6020) connected on port 80 (HTTP) --> 66.220.149.11
Process firefox.exe (6020) connected on port 80 (HTTP) --> 216.115.101.178
Process firefox.exe (6020) connected on port 80 (HTTP) --> 216.115.101.178
Process firefox.exe (6020) connected on port 80 (HTTP) --> 74.125.226.140
Process firefox.exe (6020) connected on port 80 (HTTP) --> 173.222.140.74
Process firefox.exe (6020) connected on port 80 (HTTP) --> 24.143.194.106
Process firefox.exe (6020) connected on port 80 (HTTP) --> 74.125.226.155
Process firefox.exe (6020) connected on port 80 (HTTP) --> 63.118.252.16
Process firefox.exe (6020) connected on port 80 (HTTP) --> 63.116.243.153
Process firefox.exe (6020) connected on port 80 (HTTP) --> 69.63.180.43
Process firefox.exe (6020) connected on port 80 (HTTP) --> 74.125.226.140
Process firefox.exe (6020) connected on port 80 (HTTP) --> 74.125.226.155
Process firefox.exe (6020) connected on port 80 (HTTP) --> 63.116.243.139
Process firefox.exe (6020) connected on port 80 (HTTP) --> 63.116.243.144
Process firefox.exe (6020) connected on port 80 (HTTP) --> 63.116.243.99
Process firefox.exe (6020) connected on port 80 (HTTP) --> 8.19.18.172
Process firefox.exe (6020) connected on port 80 (HTTP) --> 63.116.243.104

Process svchost.exe (488) listens on ports: 51548
Process wininit.exe (620) listens on ports: 49152 (RPC)
Process services.exe (704) listens on ports: 49163
Process lsass.exe (724) listens on ports: 49155 (RPC)
Process svchost.exe (964) listens on ports: 135 (RPC)
Process svchost.exe (1068) listens on ports: 49153 (RPC)
Process svchost.exe (1216) listens on ports: 49154 (RPC)
Process svchost.exe (1632) listens on ports: 49157 (RPC)


Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe CS5 Service Manager C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Bitberry Software Update Checker C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
CEEment C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Default Manager C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
ESET Smart Security C:\Program Files\ESET\ESET Smart Security\egui.exe
FINDFAST.EXE C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Google Update C:\Users\Bren\AppData\Local\Google\Update\GoogleUpdate.exe
HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Intel(R) Common User Interface C:\Windows\system32\hkcmd.exe
Intel(R) Common User Interface C:\Windows\System32\igfxdev.dll
Intel(R) Common User Interface C:\Windows\system32\igfxpers.exe
Intel(R) Common User Interface C:\Windows\system32\igfxtray.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Logitech Camera Software C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
MUI StartMenu Application C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
OSA.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE
PMB C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PowerISO Virtual Drive Manager C:\Program Files\PowerISO\PWRISOVM.EXE
QuickTime C:\Program Files\QuickTime\QTTask.exe
RealPlayer (32-bit) C:\Program Files\real\realplayer\update\realsched.exe
SBSV 2010/02/19-11:02:07 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Skype C:\Program Files\Skype\Phone\Skype.exe
Standalone Scanner Components C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
Windows® Internet Explorer C:\Windows\System32\webcheck.dll
µTorrent C:\Program Files\uTorrent\uTorrent.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll
BitDefender QuickScan C:\Users\Bren\AppData\Roaming\Mozilla\Firefox\Profiles\5uutn830.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Users\Bren\AppData\Roaming\Mozilla\Firefox\Profiles\5uutn830.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
BitDefender QuickScan C:\Users\Bren\AppData\Roaming\Mozilla\Firefox\Profiles\5uutn830.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Google Update C:\Users\Bren\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
Java Deployment Toolkit 6.0.230.5 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MSN® Toolbar c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer(tm) G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
RealPlayer(tm) HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Missing files
-------------
File not found: C:\Windows\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"


Scan
----

The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

Upload started - 1 file(s)
FINDFAST.EXE (122880)
Upload speed - 12 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 15 sec
Total traffic - 0.19 MB sent, 636.17 KB recvd
Scanned 1336 files and modules - 64 seconds

==============================================================================
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bren
->Temp folder emptied: 51934 bytes
->Temporary Internet Files folder emptied: 43786 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32018315 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 779 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb


[EMPTYFLASH]

User: All Users

User: Bren
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.20.4 log created on 01232011_021229

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Computer is doing much much better. My thanks goes out to you a million times. I thank you for being patient with me as I learned the ropes.
 
Cool
dancing_dude.gif

Good luck and stay safe :)
 
Status
Not open for further replies.

Similar threads

A
Google proposes ChromeOS Flex as an alternative for soon-to-be e-wasted Windows 10 machines
Replies
19
Views
430
ZedRM
ZedRM
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
140
James Ryan
J
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
635
Feng Lengshun
F

Latest posts

Back