Jump to content

Build Theme!
  •  
  • Infected?

Welcome Guest to What the Tech - Register now for FREE

We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

Create an Account Login to Account


Photo

babylon search and installbrain updater service is on my computer [Cl


  • This topic is locked This topic is locked
19 replies to this topic

#1 whodoctorwho

whodoctorwho

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 09 March 2012 - 07:12 AM

OTL logfile created on: 3/9/2012 12:36:06 AM - Run 3
Downloaded some info and then found unwanted programs on my computer. Hopefully, I have included what you need to help me.


OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\D\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 59.11% Memory free
4.12 Gb Paging File | 3.20 Gb Available in Paging File | 77.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 104.64 Gb Free Space | 70.20% Space Free | Partition Type: NTFS

Computer Name: D-PC | User Name: D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\D\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\bProtector\bProtect.exe (bProtector)
PRC - C:\ProgramData\InstallBrainService\ibsvc.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\protector.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
MOD - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (bProtector) -- C:\ProgramData\bProtector\bProtect.exe (bProtector)
SRV - (InstallBrainService) -- C:\ProgramData\InstallBrainService\ibsvc.exe ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (PDFProFiltSrv) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (IpInIp) -- File not found
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation )
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylo...00000c0a8d6c8dd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00000032542c4cd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 35 4F 7F 12 FC CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000c0a8d6c8dd
IE - HKCU\..\SearchScopes\{7EFBD67B-A9FE-49A6-9EBF-D9937F0DD8EC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\D\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\D\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\D\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\D\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with PDF Converter 5.2 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O8 - Extra context menu item: Open with PDF Professional 5.2 - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C0BC28-B145-4810-B1A0-7215471338C1}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4B5436-4301-48E2-981F-618D5D85D956}: DhcpNameServer = 192.168.10.1
O20 - AppInit_DLLs: (protector.dll) - C:\Windows\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 00:19:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe
[2012/03/09 00:04:22 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/09 00:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/08 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/03/08 23:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/03/08 22:36:58 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Malwarebytes
[2012/03/08 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 22:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/08 22:36:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/08 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/08 22:34:24 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\D\Documents\mbam-setup-1.60.1.1000.exe
[2012/03/08 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AudioConverter
[2012/03/08 22:20:13 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoConverter
[2012/03/08 22:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoConverter
[2012/03/08 22:19:23 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Local\Babylon
[2012/03/08 22:19:19 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Babylon
[2012/03/08 22:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/08 22:19:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2012/03/08 22:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtector
[2012/03/08 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\AudioConverter
[2012/03/08 22:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallBrainService
[2012/03/04 21:17:40 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Macrovision
[2012/03/04 21:17:34 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Zeon
[2012/03/04 21:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/03/04 21:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/03/04 21:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Professional 5
[2012/03/04 21:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012/03/04 21:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2012/03/04 21:01:49 | 000,000,000 | ---D | C] -- C:\speech
[2012/03/04 21:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012/03/04 21:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012/02/16 00:09:55 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/16 00:09:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 00:09:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 00:09:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 00:09:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/16 00:09:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/16 00:09:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/16 00:09:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/16 00:09:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/16 00:09:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 00:09:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/16 00:09:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/16 00:09:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/16 00:09:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/16 00:09:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/16 00:09:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 00:09:40 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/16 00:09:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/16 00:09:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/13 00:10:58 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Mozilla
[2012/02/13 00:09:57 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Local\Deployment
[2012/02/09 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Local\ElevatedDiagnostics
[3 C:\Users\D\Documents\*.tmp files -> C:\Users\D\Documents\*.tmp -> ]
[2 C:\Users\D\Desktop\*.tmp files -> C:\Users\D\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 00:19:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe
[2012/03/09 00:15:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028815970-3122597289-1249273105-1000UA.job
[2012/03/09 00:15:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028815970-3122597289-1249273105-1000Core.job
[2012/03/09 00:04:40 | 000,002,515 | ---- | M] () -- C:\Users\D\Desktop\HiJackThis.lnk
[2012/03/09 00:00:39 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 00:00:39 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 00:00:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/09 00:00:24 | 2078,392,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 23:58:50 | 000,001,356 | ---- | M] () -- C:\Users\D\AppData\Local\d3d9caps.dat
[2012/03/08 23:57:25 | 000,001,057 | ---- | M] () -- C:\Users\D\Desktop\Revo Uninstaller.lnk
[2012/03/08 23:48:35 | 001,402,880 | ---- | M] () -- C:\Users\D\Documents\HijackThis.msi
[2012/03/08 22:45:57 | 000,270,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/08 22:36:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/08 22:34:33 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\D\Documents\mbam-setup-1.60.1.1000.exe
[2012/03/08 22:20:44 | 000,000,872 | ---- | M] () -- C:\Users\D\Desktop\AudioConverter.lnk
[2012/03/08 22:20:13 | 000,000,872 | ---- | M] () -- C:\Users\D\Desktop\VideoConverter.lnk
[2012/03/08 22:19:49 | 000,001,492 | ---- | M] () -- C:\user.js
[2012/03/08 22:19:02 | 000,790,520 | ---- | M] () -- C:\Windows\System32\protector.dll
[2012/03/04 21:04:01 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/04 19:23:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/03 09:44:24 | 003,916,754 | ---- | M] () -- C:\Users\D\Documents\United Spas T7 Users Guide.pdf
[2012/03/03 09:42:23 | 004,682,874 | ---- | M] () -- C:\Users\D\Documents\United Spas C5-T7-InstallServiceManual.pdf
[2012/03/03 09:41:16 | 000,758,539 | ---- | M] () -- C:\Users\D\Documents\United Spas T-7 QuickReferenceAndDiagram.pdf
[2012/03/02 08:27:15 | 000,219,409 | ---- | M] () -- C:\Users\D\Documents\Kohler ExperienceRemoteDoesNotWork_3-23-10[1].pdf
[2012/02/25 20:00:32 | 000,130,701 | ---- | M] () -- C:\Users\D\Documents\SPA DOME DEALER PRICING as of 2-12 Spa Dome Enclosures with Warranty.pdf
[2012/02/24 21:10:13 | 000,008,211 | ---- | M] () -- C:\Users\D\Documents\Gecko S & M Class probe Resistor values.pdf
[2012/02/24 21:09:26 | 000,233,149 | ---- | M] () -- C:\Users\D\Documents\Spa Marvel 60 Day Welcome Program.pdf
[2012/02/24 21:08:35 | 000,110,808 | ---- | M] () -- C:\Users\D\Documents\SM Cleanser MSDS.pdf
[2012/02/24 21:08:24 | 000,124,204 | ---- | M] () -- C:\Users\D\Documents\Spa Marvel Filter Cleaner MSDS.pdf
[2012/02/24 21:08:14 | 000,154,762 | ---- | M] () -- C:\Users\D\Documents\Spa Marvel Water Treatment MSDS.pdf
[2012/02/24 09:19:42 | 001,076,128 | ---- | M] () -- C:\Users\D\Documents\Service manual SSPA-1,SSPA-MP ANG.pdf
[2012/02/24 09:18:55 | 000,207,314 | ---- | M] () -- C:\Users\D\Documents\SSPA-MP_HS.pdf
[2012/02/14 00:06:00 | 000,000,938 | ---- | M] () -- C:\Users\D\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/13 00:43:46 | 000,093,815 | ---- | M] () -- C:\Users\D\Documents\Progressive Proof of Ins 2-12-12 TempID.pdf
[2012/02/09 21:05:46 | 001,175,659 | ---- | M] () -- C:\Users\D\Documents\Berliss_sellsheet_3_1.3.12.pdf
[2012/02/09 21:03:36 | 000,044,110 | ---- | M] () -- C:\Users\D\Documents\Berliss Pump Seals pool spa pricing+seals.pdf
[2012/02/09 10:46:56 | 000,055,495 | ---- | M] () -- C:\Users\D\Documents\Est_1297_from_Advantage_Poo[1].pdf
[3 C:\Users\D\Documents\*.tmp files -> C:\Users\D\Documents\*.tmp -> ]
[2 C:\Users\D\Desktop\*.tmp files -> C:\Users\D\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/09 00:04:22 | 000,002,515 | ---- | C] () -- C:\Users\D\Desktop\HiJackThis.lnk
[2012/03/09 00:00:24 | 2078,392,320 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/08 23:57:25 | 000,001,057 | ---- | C] () -- C:\Users\D\Desktop\Revo Uninstaller.lnk
[2012/03/08 23:48:27 | 001,402,880 | ---- | C] () -- C:\Users\D\Documents\HijackThis.msi
[2012/03/08 22:36:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/08 22:20:44 | 000,000,872 | ---- | C] () -- C:\Users\D\Desktop\AudioConverter.lnk
[2012/03/08 22:20:13 | 000,000,872 | ---- | C] () -- C:\Users\D\Desktop\VideoConverter.lnk
[2012/03/08 22:19:39 | 000,001,492 | ---- | C] () -- C:\user.js
[2012/03/08 22:19:02 | 000,790,520 | ---- | C] () -- C:\Windows\System32\protector.dll
[2012/03/04 21:03:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/03 09:44:23 | 003,916,754 | ---- | C] () -- C:\Users\D\Documents\United Spas T7 Users Guide.pdf
[2012/03/03 09:42:23 | 004,682,874 | ---- | C] () -- C:\Users\D\Documents\United Spas C5-T7-InstallServiceManual.pdf
[2012/03/03 09:41:16 | 000,758,539 | ---- | C] () -- C:\Users\D\Documents\United Spas T-7 QuickReferenceAndDiagram.pdf
[2012/03/02 08:27:15 | 000,219,409 | ---- | C] () -- C:\Users\D\Documents\Kohler ExperienceRemoteDoesNotWork_3-23-10[1].pdf
[2012/02/25 20:00:28 | 000,130,701 | ---- | C] () -- C:\Users\D\Documents\SPA DOME DEALER PRICING as of 2-12 Spa Dome Enclosures with Warranty.pdf
[2012/02/24 21:10:12 | 000,008,211 | ---- | C] () -- C:\Users\D\Documents\Gecko S & M Class probe Resistor values.pdf
[2012/02/24 21:09:24 | 000,233,149 | ---- | C] () -- C:\Users\D\Documents\Spa Marvel 60 Day Welcome Program.pdf
[2012/02/24 21:08:33 | 000,110,808 | ---- | C] () -- C:\Users\D\Documents\SM Cleanser MSDS.pdf
[2012/02/24 21:08:24 | 000,124,204 | ---- | C] () -- C:\Users\D\Documents\Spa Marvel Filter Cleaner MSDS.pdf
[2012/02/24 21:08:14 | 000,154,762 | ---- | C] () -- C:\Users\D\Documents\Spa Marvel Water Treatment MSDS.pdf
[2012/02/24 09:19:32 | 001,076,128 | ---- | C] () -- C:\Users\D\Documents\Service manual SSPA-1,SSPA-MP ANG.pdf
[2012/02/24 09:18:53 | 000,207,314 | ---- | C] () -- C:\Users\D\Documents\SSPA-MP_HS.pdf
[2012/02/14 00:06:00 | 000,000,938 | ---- | C] () -- C:\Users\D\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/13 00:43:45 | 000,093,815 | ---- | C] () -- C:\Users\D\Documents\Progressive Proof of Ins 2-12-12 TempID.pdf
[2012/02/13 00:10:30 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028815970-3122597289-1249273105-1000UA.job
[2012/02/13 00:10:28 | 000,000,840 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028815970-3122597289-1249273105-1000Core.job
[2012/02/09 21:05:45 | 001,175,659 | ---- | C] () -- C:\Users\D\Documents\Berliss_sellsheet_3_1.3.12.pdf
[2012/02/09 21:03:35 | 000,044,110 | ---- | C] () -- C:\Users\D\Documents\Berliss Pump Seals pool spa pricing+seals.pdf
[2012/02/09 10:46:56 | 000,055,495 | ---- | C] () -- C:\Users\D\Documents\Est_1297_from_Advantage_Poo[1].pdf
[2011/11/17 22:09:13 | 000,001,356 | ---- | C] () -- C:\Users\D\AppData\Local\d3d9caps.dat
[2011/11/03 22:51:45 | 000,004,608 | ---- | C] () -- C:\Users\D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/02 02:16:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/11/01 20:04:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/01 20:04:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/10/27 23:05:02 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2011/10/27 23:05:01 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/27 23:05:00 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI

========== LOP Check ==========

[2012/03/08 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Babylon
[2011/10/28 07:46:29 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\OpenOffice.org
[2011/10/28 01:50:02 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\PDF Software
[2012/03/04 21:17:34 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Zeon
[2012/02/25 14:42:44 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/03/06 14:09:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2011/10/28 01:10:51 | 000,004,717 | -HS- | M] () -- C:\ffastun.ffa
[2011/10/28 01:10:51 | 000,122,880 | -HS- | M] () -- C:\ffastun.ffl
[2011/10/28 01:10:51 | 000,057,344 | -H-- | M] () -- C:\ffastun.ffo
[2011/10/28 01:10:51 | 004,009,984 | -HS- | M] () -- C:\ffastun0.ffx
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/03/09 00:00:24 | 2078,392,320 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/10/27 22:58:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/27 22:58:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/09 00:00:22 | 2392,211,456 | -HS- | M] () -- C:\pagefile.sys
[2012/03/08 22:19:49 | 000,001,492 | ---- | M] () -- C:\user.js
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/11/22 08:33:00 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/10/30 23:14:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/14 00:06:00 | 000,000,286 | -HS- | M] () -- C:\Users\D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/09 00:19:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe
[2 C:\Users\D\Desktop\*.tmp files -> C:\Users\D\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-07 08:02:15

< >

< End of report >
OTL Extras logfile created on: 3/9/2012 12:23:18 AM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\D\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 60.07% Memory free
4.12 Gb Paging File | 3.22 Gb Available in Paging File | 78.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 104.64 Gb Free Space | 70.20% Space Free | Partition Type: NTFS

Computer Name: D-PC | User Name: D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{87595D19-4363-4506-81CF-91FF73B2F368}" = Nuance PDF Professional 5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudioConverter" = AudioConverter
"InstallBrain Updater Service" = InstallBrain Updater Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office8.0" = Microsoft Office 97, Professional Edition
"Revo Uninstaller" = Revo Uninstaller 1.93
"VideoConverter" = VideoConverter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2012 8:44:44 PM | Computer Name = D-PC | Source = LoadPerf | ID = 3002
Description =

Error - 2/26/2012 12:31:28 PM | Computer Name = D-PC | Source = LoadPerf | ID = 3002
Description =

Error - 2/27/2012 1:13:36 PM | Computer Name = D-PC | Source = LoadPerf | ID = 3002
Description =

Error - 2/28/2012 10:10:20 PM | Computer Name = D-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19190 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1a0 Start Time: 01ccf5177208f2d0 Termination Time: 5101

Error - 2/28/2012 10:10:42 PM | Computer Name = D-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 8.0.0.4412 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1b4 Start Time: 01ccf574f2768ce0 Termination Time: 688

Error - 3/2/2012 9:47:27 AM | Computer Name = D-PC | Source = LoadPerf | ID = 3002
Description =

Error - 3/3/2012 3:08:48 AM | Computer Name = D-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19190 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fe0 Start Time: 01ccf73028830be4 Termination Time: 313

Error - 3/4/2012 8:26:55 PM | Computer Name = D-PC | Source = LoadPerf | ID = 3002
Description =

Error - 3/6/2012 11:19:40 PM | Computer Name = D-PC | Source = System Restore | ID = 8193
Description =

Error - 3/6/2012 11:19:40 PM | Computer Name = D-PC | Source = System Restore | ID = 8210
Description =

[ System Events ]
Error - 3/8/2012 10:14:19 AM | Computer Name = D-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.121.1095.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/8/2012 11:45:39 PM | Computer Name = D-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:44:00 PM on 3/8/2012 was unexpected.

Error - 3/8/2012 11:45:57 PM | Computer Name = D-PC | Source = DCOM | ID = 10005
Description =

Error - 3/8/2012 11:45:57 PM | Computer Name = D-PC | Source = DCOM | ID = 10005
Description =

Error - 3/8/2012 11:45:57 PM | Computer Name = D-PC | Source = LSM | ID = 1048
Description =

Error - 3/8/2012 11:46:08 PM | Computer Name = D-PC | Source = DCOM | ID = 10005
Description =

Error - 3/8/2012 11:46:12 PM | Computer Name = D-PC | Source = DCOM | ID = 10005
Description =

Error - 3/8/2012 11:46:22 PM | Computer Name = D-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/8/2012 11:46:22 PM | Computer Name = D-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/9/2012 12:46:54 AM | Computer Name = D-PC | Source = DCOM | ID = 10005
Description =


< End of report >
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:01:21 AM, on 3/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19190)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00000032542c4cd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Professional 5\Ereg\Ereg.ini"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\D\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Open with PDF Converter 5.2 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100
O8 - Extra context menu item: Open with PDF Professional 5.2 - res://C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - AppInit_DLLs: protector.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: bProtector - bProtector - C:\ProgramData\bProtector\bProtect.exe
O23 - Service: InstallBrain Updater Service (InstallBrainService) - Unknown owner - C:\ProgramData\InstallBrainService\ibsvc.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe

--
End of file - 6671 bytes

#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 12 March 2012 - 01:02 PM

:welcome:


Logs will be closed if you haven't replied within 3 days


Please don't attach the scans / logs for these tools, use "copy/paste".


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.



Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste".

#3 whodoctorwho

whodoctorwho

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 15 March 2012 - 09:39 PM

How's this?

OTL logfile created on: 3/15/2012 11:27:53 PM - Run 4
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\D\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 46.34% Memory free
4.12 Gb Paging File | 2.97 Gb Available in Paging File | 72.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 105.54 Gb Free Space | 70.81% Space Free | Partition Type: NTFS
Drive D: | 2.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: D-PC | User Name: D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\D\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\bProtector\bProtect.exe (bProtector)
PRC - C:\ProgramData\InstallBrainService\ibsvc.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\protector.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
MOD - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (bProtector) -- C:\ProgramData\bProtector\bProtect.exe (bProtector)
SRV - (InstallBrainService) -- C:\ProgramData\InstallBrainService\ibsvc.exe ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (PDFProFiltSrv) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation )
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylo...00000c0a8d6c8dd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00000032542c4cd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 35 4F 7F 12 FC CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000c0a8d6c8dd
IE - HKCU\..\SearchScopes\{7EFBD67B-A9FE-49A6-9EBF-D9937F0DD8EC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\D\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\D\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\D\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\D\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with PDF Converter 5.2 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O8 - Extra context menu item: Open with PDF Professional 5.2 - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C0BC28-B145-4810-B1A0-7215471338C1}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4B5436-4301-48E2-981F-618D5D85D956}: DhcpNameServer = 192.168.10.1
O20 - AppInit_DLLs: (protector.dll) - C:\Windows\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 23:25:31 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe
[2012/03/14 03:26:37 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 03:26:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 03:26:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 03:26:31 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 03:26:31 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 03:26:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 03:22:55 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/13 21:26:18 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Mozilla
[2012/03/09 09:02:15 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\D\Desktop\HiJackThis.exe
[2012/03/09 02:09:29 | 000,000,000 | ---D | C] -- C:\Users\D\Desktop\What the Tech
[2012/03/09 00:57:25 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/03/09 00:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/03/08 23:36:58 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Malwarebytes
[2012/03/08 23:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 23:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/08 23:36:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/08 23:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/08 23:34:24 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\D\Documents\mbam-setup-1.60.1.1000.exe
[2012/03/08 23:20:44 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AudioConverter
[2012/03/08 23:20:13 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoConverter
[2012/03/08 23:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoConverter
[2012/03/08 23:19:23 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Local\Babylon
[2012/03/08 23:19:19 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Babylon
[2012/03/08 23:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/08 23:19:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2012/03/08 23:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtector
[2012/03/08 23:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\AudioConverter
[2012/03/08 23:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallBrainService
[2012/03/04 22:17:40 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Macrovision
[2012/03/04 22:17:34 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Zeon
[2012/03/04 22:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/03/04 22:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/03/04 22:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Professional 5
[2012/03/04 22:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012/03/04 22:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2012/03/04 22:01:49 | 000,000,000 | ---D | C] -- C:\speech
[2012/03/04 22:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012/03/04 22:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012/02/16 01:09:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 01:09:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 01:09:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 01:09:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/16 01:09:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/16 01:09:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/16 01:09:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/16 01:09:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/16 01:09:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 01:09:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/16 01:09:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/16 01:09:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/16 01:09:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/16 01:09:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/16 01:09:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 01:09:40 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/16 01:09:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/16 01:09:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[3 C:\Users\D\Documents\*.tmp files -> C:\Users\D\Documents\*.tmp -> ]
[2 C:\Users\D\Desktop\*.tmp files -> C:\Users\D\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/15 23:25:36 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe
[2012/03/15 23:15:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028815970-3122597289-1249273105-1000UA.job
[2012/03/15 22:11:02 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 22:11:02 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 20:11:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/15 03:22:32 | 000,270,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/15 03:20:55 | 2078,392,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 00:15:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028815970-3122597289-1249273105-1000Core.job
[2012/03/10 03:24:10 | 000,001,356 | ---- | M] () -- C:\Users\D\AppData\Local\d3d9caps.dat
[2012/03/09 09:02:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\D\Desktop\HiJackThis.exe
[2012/03/09 00:57:25 | 000,001,057 | ---- | M] () -- C:\Users\D\Desktop\Revo Uninstaller.lnk
[2012/03/09 00:48:35 | 001,402,880 | ---- | M] () -- C:\Users\D\Documents\HijackThis.msi
[2012/03/08 23:36:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/08 23:34:33 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\D\Documents\mbam-setup-1.60.1.1000.exe
[2012/03/08 23:20:44 | 000,000,872 | ---- | M] () -- C:\Users\D\Desktop\AudioConverter.lnk
[2012/03/08 23:20:13 | 000,000,872 | ---- | M] () -- C:\Users\D\Desktop\VideoConverter.lnk
[2012/03/08 23:19:49 | 000,001,492 | ---- | M] () -- C:\user.js
[2012/03/08 23:19:02 | 000,790,520 | ---- | M] () -- C:\Windows\System32\protector.dll
[2012/03/04 22:04:01 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/04 20:23:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/03 10:44:24 | 003,916,754 | ---- | M] () -- C:\Users\D\Documents\United Spas T7 Users Guide.pdf
[2012/03/03 10:42:23 | 004,682,874 | ---- | M] () -- C:\Users\D\Documents\United Spas C5-T7-InstallServiceManual.pdf
[2012/03/03 10:41:16 | 000,758,539 | ---- | M] () -- C:\Users\D\Documents\United Spas T-7 QuickReferenceAndDiagram.pdf
[2012/03/02 09:27:15 | 000,219,409 | ---- | M] () -- C:\Users\D\Documents\Kohler ExperienceRemoteDoesNotWork_3-23-10[1].pdf
[2012/02/25 21:00:32 | 000,130,701 | ---- | M] () -- C:\Users\D\Documents\SPA DOME DEALER PRICING as of 2-12 Spa Dome Enclosures with Warranty.pdf
[2012/02/24 22:10:13 | 000,008,211 | ---- | M] () -- C:\Users\D\Documents\Gecko S & M Class probe Resistor values.pdf
[2012/02/24 22:09:26 | 000,233,149 | ---- | M] () -- C:\Users\D\Documents\Spa Marvel 60 Day Welcome Program.pdf
[2012/02/24 22:08:35 | 000,110,808 | ---- | M] () -- C:\Users\D\Documents\SM Cleanser MSDS.pdf
[2012/02/24 22:08:24 | 000,124,204 | ---- | M] () -- C:\Users\D\Documents\Spa Marvel Filter Cleaner MSDS.pdf
[2012/02/24 22:08:14 | 000,154,762 | ---- | M] () -- C:\Users\D\Documents\Spa Marvel Water Treatment MSDS.pdf
[2012/02/24 10:19:42 | 001,076,128 | ---- | M] () -- C:\Users\D\Documents\Service manual SSPA-1,SSPA-MP ANG.pdf
[2012/02/24 10:18:55 | 000,207,314 | ---- | M] () -- C:\Users\D\Documents\SSPA-MP_HS.pdf
[3 C:\Users\D\Documents\*.tmp files -> C:\Users\D\Documents\*.tmp -> ]
[2 C:\Users\D\Desktop\*.tmp files -> C:\Users\D\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/09 01:00:24 | 2078,392,320 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/09 00:57:25 | 000,001,057 | ---- | C] () -- C:\Users\D\Desktop\Revo Uninstaller.lnk
[2012/03/09 00:48:27 | 001,402,880 | ---- | C] () -- C:\Users\D\Documents\HijackThis.msi
[2012/03/08 23:36:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/08 23:20:44 | 000,000,872 | ---- | C] () -- C:\Users\D\Desktop\AudioConverter.lnk
[2012/03/08 23:20:13 | 000,000,872 | ---- | C] () -- C:\Users\D\Desktop\VideoConverter.lnk
[2012/03/08 23:19:39 | 000,001,492 | ---- | C] () -- C:\user.js
[2012/03/08 23:19:02 | 000,790,520 | ---- | C] () -- C:\Windows\System32\protector.dll
[2012/03/04 22:03:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/03 10:44:23 | 003,916,754 | ---- | C] () -- C:\Users\D\Documents\United Spas T7 Users Guide.pdf
[2012/03/03 10:42:23 | 004,682,874 | ---- | C] () -- C:\Users\D\Documents\United Spas C5-T7-InstallServiceManual.pdf
[2012/03/03 10:41:16 | 000,758,539 | ---- | C] () -- C:\Users\D\Documents\United Spas T-7 QuickReferenceAndDiagram.pdf
[2012/03/02 09:27:15 | 000,219,409 | ---- | C] () -- C:\Users\D\Documents\Kohler ExperienceRemoteDoesNotWork_3-23-10[1].pdf
[2012/02/25 21:00:28 | 000,130,701 | ---- | C] () -- C:\Users\D\Documents\SPA DOME DEALER PRICING as of 2-12 Spa Dome Enclosures with Warranty.pdf
[2012/02/24 22:10:12 | 000,008,211 | ---- | C] () -- C:\Users\D\Documents\Gecko S & M Class probe Resistor values.pdf
[2012/02/24 22:09:24 | 000,233,149 | ---- | C] () -- C:\Users\D\Documents\Spa Marvel 60 Day Welcome Program.pdf
[2012/02/24 22:08:33 | 000,110,808 | ---- | C] () -- C:\Users\D\Documents\SM Cleanser MSDS.pdf
[2012/02/24 22:08:24 | 000,124,204 | ---- | C] () -- C:\Users\D\Documents\Spa Marvel Filter Cleaner MSDS.pdf
[2012/02/24 22:08:14 | 000,154,762 | ---- | C] () -- C:\Users\D\Documents\Spa Marvel Water Treatment MSDS.pdf
[2012/02/24 10:19:32 | 001,076,128 | ---- | C] () -- C:\Users\D\Documents\Service manual SSPA-1,SSPA-MP ANG.pdf
[2012/02/24 10:18:53 | 000,207,314 | ---- | C] () -- C:\Users\D\Documents\SSPA-MP_HS.pdf
[2011/11/17 23:09:13 | 000,001,356 | ---- | C] () -- C:\Users\D\AppData\Local\d3d9caps.dat
[2011/11/03 23:51:45 | 000,004,608 | ---- | C] () -- C:\Users\D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/02 03:16:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/11/01 21:04:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/01 21:04:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/10/28 00:05:02 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2011/10/28 00:05:01 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/28 00:05:00 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI

========== LOP Check ==========

[2012/03/08 23:19:19 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Babylon
[2011/10/28 08:46:29 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\OpenOffice.org
[2011/10/28 02:50:02 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\PDF Software
[2012/03/04 22:17:34 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Zeon
[2012/03/15 03:19:49 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/03/06 15:09:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2011/10/28 02:10:51 | 000,004,717 | -HS- | M] () -- C:\ffastun.ffa
[2011/10/28 02:10:51 | 000,122,880 | -HS- | M] () -- C:\ffastun.ffl
[2011/10/28 02:10:51 | 000,057,344 | -H-- | M] () -- C:\ffastun.ffo
[2011/10/28 02:10:51 | 004,009,984 | -HS- | M] () -- C:\ffastun0.ffx
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/03/15 03:20:55 | 2078,392,320 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/10/27 23:58:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/27 23:58:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/15 03:20:53 | 2392,211,456 | -HS- | M] () -- C:\pagefile.sys
[2012/03/08 23:19:49 | 000,001,492 | ---- | M] () -- C:\user.js
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/11/22 09:33:00 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/10/31 00:14:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/14 01:06:00 | 000,000,286 | -HS- | M] () -- C:\Users\D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/09 09:02:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\D\Desktop\HiJackThis.exe
[2012/03/15 23:25:36 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe
[2 C:\Users\D\Desktop\*.tmp files -> C:\Users\D\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-15 07:03:54

< >

< End of report >

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 16 March 2012 - 05:38 AM

I need a MBAM (Malwarebytes) updated scan, not OTL.
If you don't have it, download and run the setup..

Be sure to check for updates before running

http://forums.whatth...amp;showfile=21

#5 whodoctorwho

whodoctorwho

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 17 March 2012 - 09:30 AM

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.17.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19190 D :: D-PC [administrator] 3/17/2012 9:56:20 AM mbam-log-2012-03-17 (09-56-20).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 258978 Time elapsed: 58 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 18 March 2012 - 05:05 PM

Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

#7 whodoctorwho

whodoctorwho

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 18 March 2012 - 09:56 PM

I can not get a log from combofix running my computer normally. It continues to shut down my computer after run the 50 tests. I did run combofix while in SafeMode w/ networking, so I will paste that log. After running combofix during safemode w/networking, a message about a registry problem would come up and I couldn't use the internet.

ComboFix 12-03-18.01 - D 03/18/2012 22:40:01.4.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.1555 [GMT -4:00]
Running from: c:\users\D\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 02:47 . 2012-03-19 02:48 -------- d-----w- c:\users\D\AppData\Local\temp
2012-03-19 02:47 . 2012-03-19 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 01:51 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB147661-3AAA-4DC7-9B39-FE3E063F40E8}\mpengine.dll
2012-03-14 07:26 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:26 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 07:26 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 07:26 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 07:26 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 07:26 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:26 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 07:22 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 07:22 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-09 04:57 . 2012-03-09 04:57 -------- d-----w- c:\program files\VS Revo Group
2012-03-09 03:36 . 2012-03-09 03:36 -------- d-----w- c:\users\D\AppData\Roaming\Malwarebytes
2012-03-09 03:36 . 2012-03-09 03:36 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 03:36 . 2012-03-09 03:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-09 03:36 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 03:19 . 2012-03-09 03:20 -------- d-----w- c:\program files\VideoConverter
2012-03-09 03:19 . 2012-03-09 03:19 1492 ----a-w- C:\user.js
2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\users\D\AppData\Local\Babylon
2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\users\D\AppData\Roaming\Babylon
2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\programdata\Babylon
2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\windows\system32\Extensions
2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\programdata\bProtector
2012-03-09 03:19 . 2012-03-09 03:19 790520 ----a-w- c:\windows\system32\protector.dll
2012-03-09 03:18 . 2012-03-09 03:20 -------- d-----w- c:\program files\AudioConverter
2012-03-05 02:17 . 2012-03-05 02:17 -------- d-----w- c:\users\D\AppData\Roaming\Macrovision
2012-03-05 02:17 . 2012-03-05 02:17 -------- d-----w- c:\users\D\AppData\Roaming\Zeon
2012-03-05 02:16 . 2012-03-05 02:16 -------- d-----w- c:\programdata\ScanSoft
2012-03-05 02:03 . 2012-03-05 02:06 -------- d-----w- c:\programdata\Nuance
2012-03-05 02:02 . 2012-03-05 02:02 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2012-03-05 02:02 . 2012-03-05 02:02 -------- d-----w- c:\programdata\zeon
2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- C:\speech
2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- c:\programdata\Macrovision
2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- c:\program files\Nuance
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 00:23 . 2011-10-28 05:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2011-11-10 13:41 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-10-30 02:16 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-12-23 795936]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-12-23 58656]
"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2008-11-03 54560]
.
c:\users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376]
Microsoft Office Shortcut Bar.lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1997-7-11 333824]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=protector.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Open with PDF Converter 5.2 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Open with PDF Professional 5.2 - c:\program files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 192.168.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 22:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-03-18 22:51:17
ComboFix-quarantined-files.txt 2012-03-19 02:51
.
Pre-Run: 115,740,409,856 bytes free
Post-Run: 115,652,227,072 bytes free
.
- - End Of File - - D458A6C0F6E31310C4D2188C4633A529

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 19 March 2012 - 05:35 AM

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt in your next reply


#9 whodoctorwho

whodoctorwho

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 19 March 2012 - 09:09 PM

When I started the DDS program the first time, my computer shut off, very similar to when I was trying to run Combofix. After restarting my computer I was able to run the DDS program to its end and here is the results: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19190 Run by D at 22:57:40 on 2012-03-19 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.937 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\bProtector\bProtect.exe C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe C:\ProgramData\bProtector\bProtect.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 5\bin\PlusIEContextMenu.dll BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PDFHook] c:\program files\nuance\pdf professional 5\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf professional 5\RegistryController.exe mRun: [Nuance PDF Professional 5-reminder] "c:\program files\nuance\pdf professional 5\ereg\ereg.exe" -r "c:\programdata\nuance\pdf professional 5\ereg\Ereg.ini" StartupFolder: c:\users\d\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Open with PDF Converter 5.2 - c:\program files\nuance\pdf professional 5\cnvres_eng.dll /100 IE: Open with PDF Professional 5.2 - c:\program files\nuance\pdf professional 5\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{B5C0BC28-B145-4810-B1A0-7215471338C1} : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{CA4B5436-4301-48E2-981F-618D5D85D956} : DhcpNameServer = 192.168.10.1 . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R2 bProtector;bProtector;c:\programdata\bprotector\bProtect.exe [2012-3-8 773624] R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-12-23 144672] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-30 21504] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-03-19 04:49:09 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c029cbb-73c0-4f02-8dba-80a01fdbd165}\mpengine.dll 2012-03-19 04:46:27 -------- d-----w- c:\users\d\appdata\local\temp 2012-03-19 04:45:41 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-19 04:33:43 -------- d-----w- C:\ComboFix 2012-03-19 02:09:01 98816 ----a-w- c:\windows\sed.exe 2012-03-19 02:09:01 518144 ----a-w- c:\windows\SWREG.exe 2012-03-19 02:09:01 256000 ----a-w- c:\windows\PEV.exe 2012-03-19 02:09:01 208896 ----a-w- c:\windows\MBR.exe 2012-03-14 07:26:37 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 07:26:31 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 07:26:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 07:26:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 07:26:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 07:26:31 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 07:26:17 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-03-14 07:22:55 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 07:22:55 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-09 04:57:24 -------- d-----w- c:\program files\VS Revo Group 2012-03-09 03:36:58 -------- d-----w- c:\users\d\appdata\roaming\Malwarebytes 2012-03-09 03:36:47 -------- d-----w- c:\programdata\Malwarebytes 2012-03-09 03:36:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-09 03:36:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-09 03:19:55 -------- d-----w- c:\program files\VideoConverter 2012-03-09 03:19:23 -------- d-----w- c:\users\d\appdata\local\Babylon 2012-03-09 03:19:19 -------- d-----w- c:\users\d\appdata\roaming\Babylon 2012-03-09 03:19:19 -------- d-----w- c:\programdata\Babylon 2012-03-09 03:19:07 -------- d-----w- c:\windows\system32\Extensions 2012-03-09 03:19:02 790520 ----a-w- c:\windows\system32\protector.dll 2012-03-09 03:19:02 -------- d-----w- c:\programdata\bProtector 2012-03-09 03:18:58 -------- d-----w- c:\program files\AudioConverter 2012-03-05 02:17:40 -------- d-----w- c:\users\d\appdata\roaming\Macrovision 2012-03-05 02:17:34 -------- d-----w- c:\users\d\appdata\roaming\Zeon 2012-03-05 02:03:38 -------- d-----w- c:\programdata\Nuance 2012-03-05 02:02:18 -------- d-----w- c:\program files\common files\ScanSoft Shared 2012-03-05 02:02:17 -------- d-----w- c:\programdata\zeon 2012-03-05 02:01:49 -------- d-----w- C:\speech 2012-03-05 02:01:49 -------- d-----w- c:\program files\Nuance . ==================== Find3M ==================== . 2012-03-05 00:23:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 22:58:38.63 ===============

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 20 March 2012 - 07:41 AM

Strange that only OTL sees it.

OTL Fix
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=101587&b...00000032542c4cd
    
    :Files
    C:\Users\D\AppData\Local\Babylon
    C:\Users\D\AppData\Roaming\Babylon
    C:\ProgramData\Babylon
    
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS] 
    [purity]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log


#11 whodoctorwho

whodoctorwho

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 20 March 2012 - 08:20 PM

I appreciate your help. Here is the log after running OTL fix. Babylon is still showing on my search. I originally noticed Babylon after Revo, Audioconverter and Videoconverter were downloaded onto my computer (don't know if that means anything.) Files\Folders moved on Reboot... C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\comments[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\EditMessageLight[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\fastbutton[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\index[1].php moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\Messenger[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NT8S6TE0\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NT8S6TE0\0[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NT8S6TE0\xmlProxy[1].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\e-cs[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\iframe3[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\InboxLight[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\iu3[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\LocalStorage[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\mail[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\xd_proxy[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\xmlProxy[3].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\feedback[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\resourcespreload[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\resourcespreload[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\st[1] moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCGO6F1S\AjaxHistoryFrame[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCGO6F1S\csc-render[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCGO6F1S\xmlProxy[2].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\ads[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\de[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\fc[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\index[8].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\RteFrame_16.2.4514.0219[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\adloader[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\article[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\ext-render-secure[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\iframe[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\launch[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\sh74[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\xframe-proxy_20110929[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\xframe-proxy_20110929[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\xmlProxy[3].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\xmlProxy[4].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\aceUAC[1].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\cm[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\combo[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\cs[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\GRedirect[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\like[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\xmlProxy[3].htm moved successfully. Registry entries deleted on Reboot...

#12 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 21 March 2012 - 06:48 AM

Are these foldes still there? C:\Users\D\AppData\Local\Babylon C:\Users\D\AppData\Roaming\Babylon C:\ProgramData\Babylon

#13 whodoctorwho

whodoctorwho

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 21 March 2012 - 08:35 AM

No. In my 'Search the web (Babylon)' it is still there. It is listed in my Internet add-ons under search provider as the default search provider and I can not remove it.

#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 21 March 2012 - 03:22 PM

OTL Fix
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={sea...ferrer:source?}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=101587&b...00000c0a8d6c8dd
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=101587&b...00000032542c4cd
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 35 4F 7F 12 FC CC 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}...00000c0a8d6c8dd
    
    :Files
    C:\Windows\System32\protector.dll
    C:\ProgramData\bProtector
    C:\Users\D\AppData\Local\Babylon
    C:\Users\D\AppData\Roaming\Babylon
    C:\ProgramData\Babylon
    C:\ProgramData\InstallBrainService\ibsvc.exe
    C:\ProgramData\InstallBrainService
    
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS] 
    [purity]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log


#15 whodoctorwho

whodoctorwho

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 21 March 2012 - 08:50 PM

Thank you for your help. It looks like the Babylon search provider is finally gone. I thought it was tied to the bProtector program that I found unexpectedly, but the bProtector is still here and the Babylon is gone. Your help is much appreciated. Here is the log: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. ========== FILES ========== File move failed. C:\Windows\System32\protector.dll scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtector scheduled to be moved on reboot. File\Folder C:\Users\D\AppData\Local\Babylon not found. File\Folder C:\Users\D\AppData\Roaming\Babylon not found. File\Folder C:\ProgramData\Babylon not found. File\Folder C:\ProgramData\InstallBrainService\ibsvc.exe not found. File\Folder C:\ProgramData\InstallBrainService not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: D ->Flash cache emptied: 562 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: D ->Temp folder emptied: 35358087 bytes ->Temporary Internet Files folder emptied: 209630314 bytes ->Java cache emptied: 33091 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41888 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 234.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.39.1 log created on 03212012_223143 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\protector.dll scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtector scheduled to be moved on reboot. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\bProtector\bProtect.settings moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\iframe[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\index[3].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users