babylon search and installbrain updater service is on my computer [Cl

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

2 Pages

1 2 >

babylon search and installbrain updater service is on my computer [Cl, want to safely delete them, windows vista basic

Options

LDTate View Member Profile	Mar 12 2012, 01:02 PM Post #2
Forum God Group: Root Admin Posts: 56,298 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs for these tools, use "copy/paste". DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. Please run a new MBAM scan being sure to update before scanning. Post the scan results Also please describe how your computer behaves at the moment. Please don't attach the scans / logs, use "copy/paste".

whodoctorwho View Member Profile	Mar 15 2012, 09:39 PM Post #3
New Member Group: Authentic Member Posts: 9 Joined: 8-March 12 Member No.: 99,750 Operating System: vista	How's this? OTL logfile created on: 3/15/2012 11:27:53 PM - Run 4 OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\D\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19190) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.93 Gb Total Physical Memory \| 0.90 Gb Available Physical Memory \| 46.34% Memory free 4.12 Gb Paging File \| 2.97 Gb Available in Paging File \| 72.18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 149.05 Gb Total Space \| 105.54 Gb Free Space \| 70.81% Space Free \| Partition Type: NTFS Drive D: \| 2.78 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Computer Name: D-PC \| User Name: D \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\D\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\bProtector\bProtect.exe (bProtector) PRC - C:\ProgramData\InstallBrainService\ibsvc.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\protector.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\Microsoft Office\Office\MSO97.DLL () MOD - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () MOD - C:\Program Files\Microsoft Office\Office\OSA.EXE () ========== Win32 Services (SafeList) ========== SRV - (bProtector) -- C:\ProgramData\bProtector\bProtect.exe (bProtector) SRV - (InstallBrainService) -- C:\ProgramData\InstallBrainService\ibsvc.exe () SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (PDFProFiltSrv) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation ) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={sea...ferrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=101587&b...00000c0a8d6c8dd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=101587&b...00000032542c4cd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 35 4F 7F 12 FC CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...amp;FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}...00000c0a8d6c8dd IE - HKCU\..\SearchScopes\{7EFBD67B-A9FE-49A6-9EBF-D9937F0DD8EC}: "URL" = http://www.google.com/search?q={searchTerm...age={startPage} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\D\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\D\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\D\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\D\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2006/09/18 17:41:30 \| 000,000,761 \| ---- \| M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Open with PDF Converter 5.2 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll () O8 - Extra context menu item: Open with PDF Professional 5.2 - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll (Zeon Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C0BC28-B145-4810-B1A0-7215471338C1}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4B5436-4301-48E2-981F-618D5D85D956}: DhcpNameServer = 192.168.10.1 O20 - AppInit_DLLs: (protector.dll) - C:\Windows\System32\protector.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 \| 000,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/03/15 23:25:31 \| 000,594,944 \| ---- \| C] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe [2012/03/14 03:26:37 \| 002,044,416 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/03/14 03:26:31 \| 001,172,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012/03/14 03:26:31 \| 001,068,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/03/14 03:26:31 \| 000,683,008 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012/03/14 03:26:31 \| 000,219,648 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012/03/14 03:26:31 \| 000,160,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012/03/14 03:22:55 \| 000,613,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012/03/13 21:26:18 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Roaming\Mozilla [2012/03/09 09:02:15 \| 000,388,608 \| ---- \| C] (Trend Micro Inc.) -- C:\Users\D\Desktop\HiJackThis.exe [2012/03/09 02:09:29 \| 000,000,000 \| ---D \| C] -- C:\Users\D\Desktop\What the Tech [2012/03/09 00:57:25 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012/03/09 00:57:24 \| 000,000,000 \| ---D \| C] -- C:\Program Files\VS Revo Group [2012/03/08 23:36:58 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Roaming\Malwarebytes [2012/03/08 23:36:51 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/08 23:36:47 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2012/03/08 23:36:44 \| 000,020,464 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/03/08 23:36:44 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/03/08 23:34:24 \| 009,502,424 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\D\Documents\mbam-setup-1.60.1.1000.exe [2012/03/08 23:20:44 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AudioConverter [2012/03/08 23:20:13 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoConverter [2012/03/08 23:19:55 \| 000,000,000 \| ---D \| C] -- C:\Program Files\VideoConverter [2012/03/08 23:19:23 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Local\Babylon [2012/03/08 23:19:19 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Roaming\Babylon [2012/03/08 23:19:19 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Babylon [2012/03/08 23:19:07 \| 000,000,000 \| ---D \| C] -- C:\Windows\System32\Extensions [2012/03/08 23:19:02 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\bProtector [2012/03/08 23:18:58 \| 000,000,000 \| ---D \| C] -- C:\Program Files\AudioConverter [2012/03/08 23:18:54 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\InstallBrainService [2012/03/04 22:17:40 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Roaming\Macrovision [2012/03/04 22:17:34 \| 000,000,000 \| ---D \| C] -- C:\Users\D\AppData\Roaming\Zeon [2012/03/04 22:16:00 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\ScanSoft [2012/03/04 22:03:38 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Nuance [2012/03/04 22:03:34 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Professional 5 [2012/03/04 22:02:18 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\ScanSoft Shared [2012/03/04 22:02:17 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\zeon [2012/03/04 22:01:49 \| 000,000,000 \| ---D \| C] -- C:\speech [2012/03/04 22:01:49 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Nuance [2012/03/04 22:01:49 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Macrovision [2012/02/16 01:09:47 \| 000,105,984 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/02/16 01:09:46 \| 000,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/02/16 01:09:42 \| 001,469,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/02/16 01:09:42 \| 000,611,840 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012/02/16 01:09:42 \| 000,602,112 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/02/16 01:09:41 \| 000,387,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012/02/16 01:09:41 \| 000,385,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012/02/16 01:09:41 \| 000,184,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012/02/16 01:09:41 \| 000,164,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/02/16 01:09:41 \| 000,133,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/02/16 01:09:41 \| 000,109,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012/02/16 01:09:41 \| 000,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012/02/16 01:09:41 \| 000,055,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012/02/16 01:09:41 \| 000,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012/02/16 01:09:40 \| 001,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/02/16 01:09:40 \| 000,174,080 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012/02/16 01:09:40 \| 000,043,520 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012/02/16 01:09:40 \| 000,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [3 C:\Users\D\Documents\.tmp files -> C:\Users\D\Documents\.tmp -> ] [2 C:\Users\D\Desktop\.tmp files -> C:\Users\D\Desktop\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/15 23:25:36 \| 000,594,944 \| ---- \| M] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe [2012/03/15 23:15:00 \| 000,000,892 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028815970-3122597289-1249273105-1000UA.job [2012/03/15 22:11:02 \| 000,003,664 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/15 22:11:02 \| 000,003,664 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/15 20:11:03 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/03/15 03:22:32 \| 000,270,416 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/03/15 03:20:55 \| 2078,392,320 \| -HS- \| M] () -- C:\hiberfil.sys [2012/03/15 00:15:00 \| 000,000,840 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028815970-3122597289-1249273105-1000Core.job [2012/03/10 03:24:10 \| 000,001,356 \| ---- \| M] () -- C:\Users\D\AppData\Local\d3d9caps.dat [2012/03/09 09:02:19 \| 000,388,608 \| ---- \| M] (Trend Micro Inc.) -- C:\Users\D\Desktop\HiJackThis.exe [2012/03/09 00:57:25 \| 000,001,057 \| ---- \| M] () -- C:\Users\D\Desktop\Revo Uninstaller.lnk [2012/03/09 00:48:35 \| 001,402,880 \| ---- \| M] () -- C:\Users\D\Documents\HijackThis.msi [2012/03/08 23:36:51 \| 000,000,906 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/08 23:34:33 \| 009,502,424 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\D\Documents\mbam-setup-1.60.1.1000.exe [2012/03/08 23:20:44 \| 000,000,872 \| ---- \| M] () -- C:\Users\D\Desktop\AudioConverter.lnk [2012/03/08 23:20:13 \| 000,000,872 \| ---- \| M] () -- C:\Users\D\Desktop\VideoConverter.lnk [2012/03/08 23:19:49 \| 000,001,492 \| ---- \| M] () -- C:\user.js [2012/03/08 23:19:02 \| 000,790,520 \| ---- \| M] () -- C:\Windows\System32\protector.dll [2012/03/04 22:04:01 \| 000,000,258 \| RHS- \| M] () -- C:\ProgramData\ntuser.pol [2012/03/04 20:23:41 \| 000,414,368 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/03/03 10:44:24 \| 003,916,754 \| ---- \| M] () -- C:\Users\D\Documents\United Spas T7 Users Guide.pdf [2012/03/03 10:42:23 \| 004,682,874 \| ---- \| M] () -- C:\Users\D\Documents\United Spas C5-T7-InstallServiceManual.pdf [2012/03/03 10:41:16 \| 000,758,539 \| ---- \| M] () -- C:\Users\D\Documents\United Spas T-7 QuickReferenceAndDiagram.pdf [2012/03/02 09:27:15 \| 000,219,409 \| ---- \| M] () -- C:\Users\D\Documents\Kohler ExperienceRemoteDoesNotWork_3-23-10[1].pdf [2012/02/25 21:00:32 \| 000,130,701 \| ---- \| M] () -- C:\Users\D\Documents\SPA DOME DEALER PRICING as of 2-12 Spa Dome Enclosures with Warranty.pdf [2012/02/24 22:10:13 \| 000,008,211 \| ---- \| M] () -- C:\Users\D\Documents\Gecko S & M Class probe Resistor values.pdf [2012/02/24 22:09:26 \| 000,233,149 \| ---- \| M] () -- C:\Users\D\Documents\Spa Marvel 60 Day Welcome Program.pdf [2012/02/24 22:08:35 \| 000,110,808 \| ---- \| M] () -- C:\Users\D\Documents\SM Cleanser MSDS.pdf [2012/02/24 22:08:24 \| 000,124,204 \| ---- \| M] () -- C:\Users\D\Documents\Spa Marvel Filter Cleaner MSDS.pdf [2012/02/24 22:08:14 \| 000,154,762 \| ---- \| M] () -- C:\Users\D\Documents\Spa Marvel Water Treatment MSDS.pdf [2012/02/24 10:19:42 \| 001,076,128 \| ---- \| M] () -- C:\Users\D\Documents\Service manual SSPA-1,SSPA-MP ANG.pdf [2012/02/24 10:18:55 \| 000,207,314 \| ---- \| M] () -- C:\Users\D\Documents\SSPA-MP_HS.pdf [3 C:\Users\D\Documents\.tmp files -> C:\Users\D\Documents\.tmp -> ] [2 C:\Users\D\Desktop\.tmp files -> C:\Users\D\Desktop\.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/09 01:00:24 \| 2078,392,320 \| -HS- \| C] () -- C:\hiberfil.sys [2012/03/09 00:57:25 \| 000,001,057 \| ---- \| C] () -- C:\Users\D\Desktop\Revo Uninstaller.lnk [2012/03/09 00:48:27 \| 001,402,880 \| ---- \| C] () -- C:\Users\D\Documents\HijackThis.msi [2012/03/08 23:36:51 \| 000,000,906 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/08 23:20:44 \| 000,000,872 \| ---- \| C] () -- C:\Users\D\Desktop\AudioConverter.lnk [2012/03/08 23:20:13 \| 000,000,872 \| ---- \| C] () -- C:\Users\D\Desktop\VideoConverter.lnk [2012/03/08 23:19:39 \| 000,001,492 \| ---- \| C] () -- C:\user.js [2012/03/08 23:19:02 \| 000,790,520 \| ---- \| C] () -- C:\Windows\System32\protector.dll [2012/03/04 22:03:52 \| 000,000,258 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2012/03/03 10:44:23 \| 003,916,754 \| ---- \| C] () -- C:\Users\D\Documents\United Spas T7 Users Guide.pdf [2012/03/03 10:42:23 \| 004,682,874 \| ---- \| C] () -- C:\Users\D\Documents\United Spas C5-T7-InstallServiceManual.pdf [2012/03/03 10:41:16 \| 000,758,539 \| ---- \| C] () -- C:\Users\D\Documents\United Spas T-7 QuickReferenceAndDiagram.pdf [2012/03/02 09:27:15 \| 000,219,409 \| ---- \| C] () -- C:\Users\D\Documents\Kohler ExperienceRemoteDoesNotWork_3-23-10[1].pdf [2012/02/25 21:00:28 \| 000,130,701 \| ---- \| C] () -- C:\Users\D\Documents\SPA DOME DEALER PRICING as of 2-12 Spa Dome Enclosures with Warranty.pdf [2012/02/24 22:10:12 \| 000,008,211 \| ---- \| C] () -- C:\Users\D\Documents\Gecko S & M Class probe Resistor values.pdf [2012/02/24 22:09:24 \| 000,233,149 \| ---- \| C] () -- C:\Users\D\Documents\Spa Marvel 60 Day Welcome Program.pdf [2012/02/24 22:08:33 \| 000,110,808 \| ---- \| C] () -- C:\Users\D\Documents\SM Cleanser MSDS.pdf [2012/02/24 22:08:24 \| 000,124,204 \| ---- \| C] () -- C:\Users\D\Documents\Spa Marvel Filter Cleaner MSDS.pdf [2012/02/24 22:08:14 \| 000,154,762 \| ---- \| C] () -- C:\Users\D\Documents\Spa Marvel Water Treatment MSDS.pdf [2012/02/24 10:19:32 \| 001,076,128 \| ---- \| C] () -- C:\Users\D\Documents\Service manual SSPA-1,SSPA-MP ANG.pdf [2012/02/24 10:18:53 \| 000,207,314 \| ---- \| C] () -- C:\Users\D\Documents\SSPA-MP_HS.pdf [2011/11/17 23:09:13 \| 000,001,356 \| ---- \| C] () -- C:\Users\D\AppData\Local\d3d9caps.dat [2011/11/03 23:51:45 \| 000,004,608 \| ---- \| C] () -- C:\Users\D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/02 03:16:30 \| 000,018,904 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/11/01 21:04:43 \| 000,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/11/01 21:04:43 \| 000,107,612 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/10/28 00:05:02 \| 000,000,022 \| ---- \| C] () -- C:\Windows\exchng.ini [2011/10/28 00:05:01 \| 000,000,611 \| ---- \| C] () -- C:\Windows\ODBC.INI [2011/10/28 00:05:00 \| 000,000,957 \| ---- \| C] () -- C:\Windows\ODBCINST.INI ========== LOP Check ========== [2012/03/08 23:19:19 \| 000,000,000 \| ---D \| M] -- C:\Users\D\AppData\Roaming\Babylon [2011/10/28 08:46:29 \| 000,000,000 \| ---D \| M] -- C:\Users\D\AppData\Roaming\OpenOffice.org [2011/10/28 02:50:02 \| 000,000,000 \| ---D \| M] -- C:\Users\D\AppData\Roaming\PDF Software [2012/03/04 22:17:34 \| 000,000,000 \| ---D \| M] -- C:\Users\D\AppData\Roaming\Zeon [2012/03/15 03:19:49 \| 000,032,590 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\. > [2006/09/18 17:43:36 \| 000,000,024 \| ---- \| M] () -- C:\autoexec.bat [2009/04/11 02:36:36 \| 000,333,257 \| RHS- \| M] () -- C:\bootmgr [2011/03/06 15:09:40 \| 000,008,192 \| R-S- \| M] () -- C:\BOOTSECT.BAK [2006/09/18 17:43:37 \| 000,000,010 \| ---- \| M] () -- C:\config.sys [2007/11/07 09:00:40 \| 000,017,734 \| ---- \| M] () -- C:\eula.1028.txt [2007/11/07 09:00:40 \| 000,017,734 \| ---- \| M] () -- C:\eula.1031.txt [2007/11/07 09:00:40 \| 000,010,134 \| ---- \| M] () -- C:\eula.1033.txt [2007/11/07 09:00:40 \| 000,017,734 \| ---- \| M] () -- C:\eula.1036.txt [2007/11/07 09:00:40 \| 000,017,734 \| ---- \| M] () -- C:\eula.1040.txt [2007/11/07 09:00:40 \| 000,000,118 \| ---- \| M] () -- C:\eula.1041.txt [2007/11/07 09:00:40 \| 000,017,734 \| ---- \| M] () -- C:\eula.1042.txt [2007/11/07 09:00:40 \| 000,017,734 \| ---- \| M] () -- C:\eula.2052.txt [2007/11/07 09:00:40 \| 000,017,734 \| ---- \| M] () -- C:\eula.3082.txt [2011/10/28 02:10:51 \| 000,004,717 \| -HS- \| M] () -- C:\ffastun.ffa [2011/10/28 02:10:51 \| 000,122,880 \| -HS- \| M] () -- C:\ffastun.ffl [2011/10/28 02:10:51 \| 000,057,344 \| -H-- \| M] () -- C:\ffastun.ffo [2011/10/28 02:10:51 \| 004,009,984 \| -HS- \| M] () -- C:\ffastun0.ffx [2007/11/07 09:00:40 \| 000,001,110 \| ---- \| M] () -- C:\globdata.ini [2012/03/15 03:20:55 \| 2078,392,320 \| -HS- \| M] () -- C:\hiberfil.sys [2007/11/07 09:03:18 \| 000,562,688 \| ---- \| M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 09:00:40 \| 000,000,843 \| ---- \| M] () -- C:\install.ini [2007/11/07 09:03:18 \| 000,076,304 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 09:03:18 \| 000,096,272 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 09:03:18 \| 000,091,152 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 09:03:18 \| 000,097,296 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 09:03:18 \| 000,095,248 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 09:03:18 \| 000,081,424 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 09:03:18 \| 000,079,888 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 09:03:18 \| 000,075,792 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 09:03:18 \| 000,096,272 \| ---- \| M] (Microsoft Corporation) -- C:\install.res.3082.dll [2011/10/27 23:58:52 \| 000,000,000 \| RHS- \| M] () -- C:\IO.SYS [2011/10/27 23:58:52 \| 000,000,000 \| RHS- \| M] () -- C:\MSDOS.SYS [2012/03/15 03:20:53 \| 2392,211,456 \| -HS- \| M] () -- C:\pagefile.sys [2012/03/08 23:19:49 \| 000,001,492 \| ---- \| M] () -- C:\user.js [2007/11/07 09:00:40 \| 000,005,686 \| ---- \| M] () -- C:\vcredist.bmp [2007/11/07 09:09:22 \| 001,442,522 \| ---- \| M] () -- C:\VC_RED.cab [2007/11/07 09:12:28 \| 000,232,960 \| ---- \| M] () -- C:\VC_RED.MSI < %systemroot%\Fonts\.com > [2006/11/02 08:37:12 \| 000,026,040 \| ---- \| M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 08:37:12 \| 000,026,489 \| ---- \| M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 08:37:12 \| 000,029,779 \| ---- \| M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2011/11/22 09:33:00 \| 000,037,665 \| ---- \| M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\.dll > < %systemroot%\Fonts\.ini > [2006/09/18 17:37:34 \| 000,000,065 \| ---- \| M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\.ini2 > < %systemroot%\Fonts\.exe > < %systemroot%\system32\spool\prtprocs\w32x86\.* > [2008/01/19 03:34:28 \| 000,089,600 \| ---- \| M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL [2006/11/02 08:35:48 \| 000,022,528 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll < %systemroot%\REPAIR\.bak1 > < %systemroot%\REPAIR\.ini > < %systemroot%\system32\.jpg > < %systemroot%\.jpg > < %systemroot%\.png > < %systemroot%\.scr > < %systemroot%\._sy > < %APPDATA%\Adobe\Update\.* > < %ALLUSERSPROFILE%\Favorites\. > < %APPDATA%\Microsoft\. > < %PROGRAMFILES%\. > [2011/10/31 00:14:20 \| 000,000,174 \| -HS- \| M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\. > < %systemroot%\. /mp /s > < %systemroot%\System32\config\.sav > [2006/11/02 06:34:05 \| 000,008,192 \| ---- \| M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 06:34:05 \| 000,020,480 \| ---- \| M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 06:34:05 \| 000,008,192 \| ---- \| M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 06:34:08 \| 010,133,504 \| ---- \| M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 06:34:08 \| 001,826,816 \| ---- \| M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\.lnk /x > < %systemroot%\system32\config\systemprofile\.dat /x > < %systemroot%\.config > < %systemroot%\system32\.db > < %PROGRAMFILES%\Internet Explorer\.dat > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\.lnk /x > [2012/02/14 01:06:00 \| 000,000,286 \| -HS- \| M] () -- C:\Users\D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini < %USERPROFILE%\Desktop\.exe > [2012/03/09 09:02:19 \| 000,388,608 \| ---- \| M] (Trend Micro Inc.) -- C:\Users\D\Desktop\HiJackThis.exe [2012/03/15 23:25:36 \| 000,594,944 \| ---- \| M] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe [2 C:\Users\D\Desktop\.tmp files -> C:\Users\D\Desktop\.tmp -> ] < %PROGRAMFILES%\Common Files\.* > < %systemroot%\.src > < %systemroot%\install\.* > < %systemroot%\system32\DLL\. > < %systemroot%\system32\HelpFiles\. > < %systemroot%\system32\rundll\. > < %systemroot%\winn32\. > < %systemroot%\Java\. > < %systemroot%\system32\test\. > < %systemroot%\system32\Rundll32\. > < %systemroot%\AppPatch\Custom\. > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-15 07:03:54 < > < End of report >

LDTate View Member Profile	Mar 16 2012, 05:38 AM Post #4
Forum God Group: Root Admin Posts: 56,298 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	I need a MBAM (Malwarebytes) updated scan, not OTL. If you don't have it, download and run the setup.. Be sure to check for updates before running http://forums.whatthetech.com/index.php?au...amp;showfile=21

whodoctorwho View Member Profile	Mar 17 2012, 09:30 AM Post #5
New Member Group: Authentic Member Posts: 9 Joined: 8-March 12 Member No.: 99,750 Operating System: vista	Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.17.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19190 D :: D-PC [administrator] 3/17/2012 9:56:20 AM mbam-log-2012-03-17 (09-56-20).txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 258978 Time elapsed: 58 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

LDTate View Member Profile	Mar 18 2012, 05:05 PM Post #6
Forum God Group: Root Admin Posts: 56,298 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Please do not attach the scan results from Combofx. Use copy/paste. Vista and Windows 7 users: 1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator") Download ComboFix from one of these locations: Link 1 Link 2 If using this link, Right Click and select Save As. * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs Double click on ComboFix.exe & follow the prompts. Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package. If Vista or Windows 7, skip the Recovery Console part As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Give it atleast 20-30 minutes to finish if needed. Please do not attach the scan results from Combofx. Use copy/paste.** Also please describe how your computer behaves at the moment.

whodoctorwho View Member Profile	Mar 18 2012, 09:56 PM Post #7
New Member Group: Authentic Member Posts: 9 Joined: 8-March 12 Member No.: 99,750 Operating System: vista	I can not get a log from combofix running my computer normally. It continues to shut down my computer after run the 50 tests. I did run combofix while in SafeMode w/ networking, so I will paste that log. After running combofix during safemode w/networking, a message about a registry problem would come up and I couldn't use the internet. ComboFix 12-03-18.01 - D 03/18/2012 22:40:01.4.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.1555 [GMT -4:00] Running from: c:\users\D\Desktop\ComboFix.exe AV: Microsoft Security Essentials Disabled/Updated {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials Disabled/Updated {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 ))))))))))))))))))))))))))))))) . . 2012-03-19 02:47 . 2012-03-19 02:48 -------- d-----w- c:\users\D\AppData\Local\temp 2012-03-19 02:47 . 2012-03-19 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-19 01:51 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB147661-3AAA-4DC7-9B39-FE3E063F40E8}\mpengine.dll 2012-03-14 07:26 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 07:26 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 07:26 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 07:26 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 07:26 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 07:26 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 07:26 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-14 07:22 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 07:22 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-09 04:57 . 2012-03-09 04:57 -------- d-----w- c:\program files\VS Revo Group 2012-03-09 03:36 . 2012-03-09 03:36 -------- d-----w- c:\users\D\AppData\Roaming\Malwarebytes 2012-03-09 03:36 . 2012-03-09 03:36 -------- d-----w- c:\programdata\Malwarebytes 2012-03-09 03:36 . 2012-03-09 03:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-09 03:36 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-09 03:19 . 2012-03-09 03:20 -------- d-----w- c:\program files\VideoConverter 2012-03-09 03:19 . 2012-03-09 03:19 1492 ----a-w- C:\user.js 2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\users\D\AppData\Local\Babylon 2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\users\D\AppData\Roaming\Babylon 2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\programdata\Babylon 2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\windows\system32\Extensions 2012-03-09 03:19 . 2012-03-09 03:19 -------- d-----w- c:\programdata\bProtector 2012-03-09 03:19 . 2012-03-09 03:19 790520 ----a-w- c:\windows\system32\protector.dll 2012-03-09 03:18 . 2012-03-09 03:20 -------- d-----w- c:\program files\AudioConverter 2012-03-05 02:17 . 2012-03-05 02:17 -------- d-----w- c:\users\D\AppData\Roaming\Macrovision 2012-03-05 02:17 . 2012-03-05 02:17 -------- d-----w- c:\users\D\AppData\Roaming\Zeon 2012-03-05 02:16 . 2012-03-05 02:16 -------- d-----w- c:\programdata\ScanSoft 2012-03-05 02:03 . 2012-03-05 02:06 -------- d-----w- c:\programdata\Nuance 2012-03-05 02:02 . 2012-03-05 02:02 -------- d-----w- c:\program files\Common Files\ScanSoft Shared 2012-03-05 02:02 . 2012-03-05 02:02 -------- d-----w- c:\programdata\zeon 2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- C:\speech 2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- c:\programdata\Macrovision 2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- c:\program files\Nuance . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-05 00:23 . 2011-10-28 05:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-08 06:03 . 2011-11-10 13:41 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-31 12:44 . 2011-10-30 02:16 237072 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-12-23 795936] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-12-23 58656] "Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2008-11-03 54560] . c:\users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376] Microsoft Office Shortcut Bar.lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1997-7-11 333824] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=protector.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . --- Other Services/Drivers In Memory --- . NewlyCreated - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Open with PDF Converter 5.2 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100 IE: Open with PDF Professional 5.2 - c:\program files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm TCP: DhcpNameServer = 192.168.10.1 . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-18 22:48 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2012-03-18 22:51:17 ComboFix-quarantined-files.txt 2012-03-19 02:51 . Pre-Run: 115,740,409,856 bytes free Post-Run: 115,652,227,072 bytes free . - - End Of File - - D458A6C0F6E31310C4D2188C4633A529

LDTate View Member Profile	Mar 19 2012, 05:35 AM Post #8
Forum God Group: Root Admin Posts: 56,298 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Please download DDS by sUBs from one of the following links and save it to your desktop. DDS.scr DDS.pif Disable any script blocking protection (How to Disable your Security Programs) Double click DDS icon to run the tool (may take up to 3 minutes to run) When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. --------------------------------------------------- Post the contents of the DDS.txt in your next reply

whodoctorwho View Member Profile	Mar 19 2012, 09:09 PM Post #9
New Member Group: Authentic Member Posts: 9 Joined: 8-March 12 Member No.: 99,750 Operating System: vista	When I started the DDS program the first time, my computer shut off, very similar to when I was trying to run Combofix. After restarting my computer I was able to run the DDS program to its end and here is the results: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19190 Run by D at 22:57:40 on 2012-03-19 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.937 [GMT -4:00] . AV: Microsoft Security Essentials Disabled/Updated {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials Disabled/Updated {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\bProtector\bProtect.exe C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe C:\ProgramData\bProtector\bProtect.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 5\bin\PlusIEContextMenu.dll BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PDFHook] c:\program files\nuance\pdf professional 5\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf professional 5\RegistryController.exe mRun: [Nuance PDF Professional 5-reminder] "c:\program files\nuance\pdf professional 5\ereg\ereg.exe" -r "c:\programdata\nuance\pdf professional 5\ereg\Ereg.ini" StartupFolder: c:\users\d\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Open with PDF Converter 5.2 - c:\program files\nuance\pdf professional 5\cnvres_eng.dll /100 IE: Open with PDF Professional 5.2 - c:\program files\nuance\pdf professional 5\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{B5C0BC28-B145-4810-B1A0-7215471338C1} : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{CA4B5436-4301-48E2-981F-618D5D85D956} : DhcpNameServer = 192.168.10.1 . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R2 bProtector;bProtector;c:\programdata\bprotector\bProtect.exe [2012-3-8 773624] R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-12-23 144672] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-30 21504] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-03-19 04:49:09 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c029cbb-73c0-4f02-8dba-80a01fdbd165}\mpengine.dll 2012-03-19 04:46:27 -------- d-----w- c:\users\d\appdata\local\temp 2012-03-19 04:45:41 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-19 04:33:43 -------- d-----w- C:\ComboFix 2012-03-19 02:09:01 98816 ----a-w- c:\windows\sed.exe 2012-03-19 02:09:01 518144 ----a-w- c:\windows\SWREG.exe 2012-03-19 02:09:01 256000 ----a-w- c:\windows\PEV.exe 2012-03-19 02:09:01 208896 ----a-w- c:\windows\MBR.exe 2012-03-14 07:26:37 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 07:26:31 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 07:26:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 07:26:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 07:26:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 07:26:31 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 07:26:17 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-03-14 07:22:55 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 07:22:55 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-09 04:57:24 -------- d-----w- c:\program files\VS Revo Group 2012-03-09 03:36:58 -------- d-----w- c:\users\d\appdata\roaming\Malwarebytes 2012-03-09 03:36:47 -------- d-----w- c:\programdata\Malwarebytes 2012-03-09 03:36:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-09 03:36:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-09 03:19:55 -------- d-----w- c:\program files\VideoConverter 2012-03-09 03:19:23 -------- d-----w- c:\users\d\appdata\local\Babylon 2012-03-09 03:19:19 -------- d-----w- c:\users\d\appdata\roaming\Babylon 2012-03-09 03:19:19 -------- d-----w- c:\programdata\Babylon 2012-03-09 03:19:07 -------- d-----w- c:\windows\system32\Extensions 2012-03-09 03:19:02 790520 ----a-w- c:\windows\system32\protector.dll 2012-03-09 03:19:02 -------- d-----w- c:\programdata\bProtector 2012-03-09 03:18:58 -------- d-----w- c:\program files\AudioConverter 2012-03-05 02:17:40 -------- d-----w- c:\users\d\appdata\roaming\Macrovision 2012-03-05 02:17:34 -------- d-----w- c:\users\d\appdata\roaming\Zeon 2012-03-05 02:03:38 -------- d-----w- c:\programdata\Nuance 2012-03-05 02:02:18 -------- d-----w- c:\program files\common files\ScanSoft Shared 2012-03-05 02:02:17 -------- d-----w- c:\programdata\zeon 2012-03-05 02:01:49 -------- d-----w- C:\speech 2012-03-05 02:01:49 -------- d-----w- c:\program files\Nuance . ==================== Find3M ==================== . 2012-03-05 00:23:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 22:58:38.63 ===============

LDTate View Member Profile	Mar 20 2012, 07:41 AM Post #10
Forum God Group: Root Admin Posts: 56,298 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Strange that only OTL sees it. OTL Fix Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL CODE :OTL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=101587&b...00000032542c4cd :Files C:\Users\D\AppData\Local\Babylon C:\Users\D\AppData\Roaming\Babylon C:\ProgramData\Babylon :Commands [EmptyFlash] [EmptyTemp] [RESETHOSTS] [purity] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, it will reboot when it is done and produce a log

whodoctorwho View Member Profile	Mar 20 2012, 08:20 PM Post #11
New Member Group: Authentic Member Posts: 9 Joined: 8-March 12 Member No.: 99,750 Operating System: vista	I appreciate your help. Here is the log after running OTL fix. Babylon is still showing on my search. I originally noticed Babylon after Revo, Audioconverter and Videoconverter were downloaded onto my computer (don't know if that means anything.) Files\Folders moved on Reboot... C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\comments[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\EditMessageLight[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\fastbutton[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\index[1].php moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9QYNR3W\Messenger[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NT8S6TE0\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NT8S6TE0\0[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NT8S6TE0\xmlProxy[1].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\e-cs[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\iframe3[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\InboxLight[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\iu3[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\LocalStorage[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\mail[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\xd_proxy[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXIJZJC3\xmlProxy[3].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\feedback[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\resourcespreload[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\resourcespreload[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H799KWC7\st[1] moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCGO6F1S\AjaxHistoryFrame[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCGO6F1S\csc-render[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCGO6F1S\xmlProxy[2].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\ads[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\de[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\fc[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\index[8].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\RteFrame_16.2.4514.0219[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\0[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\adloader[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\article[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\ext-render-secure[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\iframe[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\launch[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\sh74[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\xframe-proxy_20110929[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\xframe-proxy_20110929[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\xmlProxy[3].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1XX9AT1\xmlProxy[4].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\aceUAC[1].htm moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\cm[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\combo[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\cs[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\GRedirect[2].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\like[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\xmlProxy[3].htm moved successfully. Registry entries deleted on Reboot...

LDTate View Member Profile	Mar 21 2012, 06:48 AM Post #12
Forum God Group: Root Admin Posts: 56,298 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Are these foldes still there? C:\Users\D\AppData\Local\Babylon C:\Users\D\AppData\Roaming\Babylon C:\ProgramData\Babylon

whodoctorwho View Member Profile	Mar 21 2012, 08:35 AM Post #13
New Member Group: Authentic Member Posts: 9 Joined: 8-March 12 Member No.: 99,750 Operating System: vista	No. In my 'Search the web (Babylon)' it is still there. It is listed in my Internet add-ons under search provider as the default search provider and I can not remove it.

LDTate View Member Profile	Mar 21 2012, 03:22 PM Post #14
Forum God Group: Root Admin Posts: 56,298 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	OTL Fix Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL CODE :OTL IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={sea...ferrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=101587&b...00000c0a8d6c8dd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=101587&b...00000032542c4cd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 35 4F 7F 12 FC CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}...00000c0a8d6c8dd :Files C:\Windows\System32\protector.dll C:\ProgramData\bProtector C:\Users\D\AppData\Local\Babylon C:\Users\D\AppData\Roaming\Babylon C:\ProgramData\Babylon C:\ProgramData\InstallBrainService\ibsvc.exe C:\ProgramData\InstallBrainService :Commands [EmptyFlash] [EmptyTemp] [RESETHOSTS] [purity] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, it will reboot when it is done and produce a log

whodoctorwho View Member Profile	Mar 21 2012, 08:50 PM Post #15
New Member Group: Authentic Member Posts: 9 Joined: 8-March 12 Member No.: 99,750 Operating System: vista	Thank you for your help. It looks like the Babylon search provider is finally gone. I thought it was tied to the bProtector program that I found unexpectedly, but the bProtector is still here and the Babylon is gone. Your help is much appreciated. Here is the log: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope\| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache\| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope\| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope\| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. ========== FILES ========== File move failed. C:\Windows\System32\protector.dll scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtector scheduled to be moved on reboot. File\Folder C:\Users\D\AppData\Local\Babylon not found. File\Folder C:\Users\D\AppData\Roaming\Babylon not found. File\Folder C:\ProgramData\Babylon not found. File\Folder C:\ProgramData\InstallBrainService\ibsvc.exe not found. File\Folder C:\ProgramData\InstallBrainService not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: D ->Flash cache emptied: 562 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: D ->Temp folder emptied: 35358087 bytes ->Temporary Internet Files folder emptied: 209630314 bytes ->Java cache emptied: 33091 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41888 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 234.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.39.1 log created on 03212012_223143 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\protector.dll scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtector scheduled to be moved on reboot. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\bProtector\bProtect.settings moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBPDYIL7\iframe[1].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R345FJ1\index[3].html moved successfully. C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Computer slow down and no net	0	ethycs	2,571	22nd August 2006 - 07:25 PM Last post by: ethycs
Virus, Spyware & Malware Removal Window Search Problem	5	-David Worrell-	4,833	10th November 2003 - 07:06 PM Last post by: cnm
Virus, Spyware & Malware Removal Can't Control My Computer	6	-James Foster-	3,013	22nd December 2003 - 10:13 AM Last post by: cnm
Virus, Spyware & Malware Removal Msn Search	14	whatgrayhair?	2,541	5th May 2005 - 12:41 AM Last post by: alsocom
Virus, Spyware & Malware Removal Cool-search.net Redirection	6	-Tomaz-	2,023	31st December 2003 - 01:46 PM Last post by: cnm