Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Dell laptop, Latitude D610, possible hack [Closed]

painfully slow double text entry

  • This topic is locked This topic is locked
30 replies to this topic

#1 OtterTF

OtterTF

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 09 January 2014 - 03:52 PM

Most of my business is online, and although I regularly clear "internet data" the computer is becoming progressively slower to respond to commands. At one point, I actually had to type in each character twice in order for it to show up on the screen. That is when I thought, "someone is monitoring my key strokes." Online access is painfully slow, even when I have cleared internet via control panel. Wondering if there are cookies hiding somewhere that I can delete, and if there is something else slowing down my laptop. I did notice that there is one program that was downloaded, that I cannot get rid of: when I click on "uninstall", it brings me only to a page to "Upgrade." 


    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 11 January 2014 - 12:03 PM

Hi OtterTF,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
I cannot do anything without a log to review.

Please download DDS by sUBs from one of the following links and save it to your desktop.

dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please post both logs in your next reply: DDS.txt and Attach.txt

  • OtterTF likes this

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 OtterTF

OtterTF

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 11 January 2014 - 06:58 PM

Hi Tom, thanks for your reply. I disabled my anti-virus, Windows Security, and downloaded the DDS,com file from the internet. Then I disabled the internet and ran the file. I did it three times, and then did it once in Safe Mode. All four times, it ran about 5/6ths of the way and then quit, and each time my computer froze to where I had to shut it down hard. Am I doing something wrong? (dds.scr is a screen saver file? and clicking on that link takes me to their website asking for money to download a program)



#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 11 January 2014 - 07:25 PM

Hmm.

 

That program just provides reports.  It doesn't do anything to your system so malware doesn't usually block it.

 

Let's try a different scanner:

 

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    
    drivers32
    
    %SYSTEMDRIVE%\*.*
    
    %ALLUSERSPROFILE%\Favorites\*.*
    
    %APPDATA%\Microsoft\*.*
    
    %PROGRAMFILES%\*.*
    
    %APPDATA%\Update\*.*
    
    %systemroot%\*. /mp /s
    
    CREATERESTOREPOINT
    
    %systemroot%\AppPatch\Custom\*.*
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 OtterTF

OtterTF

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 12 January 2014 - 09:44 PM

Hi Tom, Here is the OTL.Txt:

 

OTL logfile created on: 1/12/2014 8:18:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.36 Mb Total Physical Memory | 217.42 Mb Available Physical Memory | 42.52% Memory free
1.22 Gb Paging File | 0.45 Gb Available in Paging File | 37.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 22.23 Gb Free Space | 59.65% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/09 14:36:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2013/12/11 14:59:14 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/05 09:55:28 | 013,209,088 | ---- | M] (The Weather Channel) -- C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/08/19 09:31:48 | 000,559,616 | ---- | M] (BrowserSafeguard) -- C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
PRC - [2013/03/07 20:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/11/03 14:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 14:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/11/03 14:45:48 | 001,372,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/11/03 14:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/11/03 14:35:14 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/11/03 14:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/14 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/14 15:23:18 | 000,538,096 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2003/07/11 19:45:02 | 000,241,664 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/11 13:36:01 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/11 06:34:49 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/11 06:16:12 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/10/09 18:31:25 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll
MOD - [2013/10/09 09:40:42 | 001,880,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\50ff73d7b2903b00d86f91eefa62d1c9\System.Deployment.ni.dll
MOD - [2013/10/09 09:40:40 | 000,189,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\9d301ecca1055c1e8dbe9a87a3f222f5\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/10/09 09:40:39 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 09:40:37 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 09:40:33 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll
MOD - [2013/10/09 09:10:30 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1934369c96e549961e8b10309e4d7123\PresentationFramework.ni.dll
MOD - [2013/10/09 09:09:21 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\c82e4e18d91c1cbf11342da73c7845a6\PresentationCore.ni.dll
MOD - [2013/10/09 09:08:53 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\e85c48d2567765f4153ee2af6c50dba3\WindowsBase.ni.dll
MOD - [2013/10/09 09:08:22 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 09:08:13 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/09 09:07:58 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/09/14 21:57:58 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\cb5671235362c8e17b1a1f0b67bfc8d9\UIAutomationTypes.ni.dll
MOD - [2013/09/14 21:57:57 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4b2e892995b8cdefb1e2cddb96f32736\UIAutomationProvider.ni.dll
MOD - [2013/09/14 21:57:56 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
MOD - [2013/09/14 21:57:47 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
MOD - [2013/09/14 21:57:42 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/09/14 11:42:48 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/09/14 11:42:35 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/09/14 11:41:45 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/09/14 11:41:17 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/09/14 11:41:05 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/08/14 10:23:06 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/14 10:20:59 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/14 10:18:18 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013/08/14 10:14:20 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/12 08:49:04 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/03/07 20:32:40 | 021,014,960 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013/03/07 20:32:38 | 000,292,272 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013/03/07 20:32:38 | 000,179,632 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2012/09/06 21:27:29 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/03 14:35:46 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2007/03/16 17:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/10 15:18:04 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/29 15:43:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2009/11/03 14:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/11/03 14:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2009/11/03 14:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/11/03 14:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/02/14 15:23:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] --  -- (cerc6)
DRV - [2009/11/11 03:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2008/08/13 15:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/05/10 14:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/07/06 21:02:18 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 14:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\..\SearchScopes,DefaultScope = {5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}
IE - HKCU\..\SearchScopes\{5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}: "URL" = http://www.google.co...1I7AURU_enUS498
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1032;https=127.0.0.1:1032;
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://mail.google..../?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tnt2toolbar.com/Plugin: C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\npTNT2.dll (Tightrope)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\User\APPLIC~1\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/08 18:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/10 06:54:04 | 000,000,000 | ---D | M]
 
[2012/09/02 09:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/09/11 20:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lx37whw3.default\extensions
[2013/09/11 20:45:23 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lx37whw3.default\extensions\plugin@yontoo.com.xpi
[2012/12/29 15:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/29 15:43:53 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/08/02 17:48:41 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2013/08/02 17:48:47 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/24 19:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/29 15:43:22 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: ArcadeCandy Textlinks Plugin (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0\npCandyx.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: npAPI Plugin (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\npTNT2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail Offline = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: Daily Fitness Center = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fidfjongddgnnpkhglcahnnpndcldjpa\4.67.1.37508_0\
CHR - Extension: InboxDollars = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ninmclfaanihkdljeclnamacejnlejhi\1.2.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2008/04/14 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {E6B6EF1A-0F26-44E0-98FF-858337C96BBC} - No CLSID value found.
O3:HKU - HKCU\..\Toolbar\WebBrowser: (ms1 Search.us.com Toolbar) - {E6B6EF1A-0F26-44E0-98FF-858337C96BBC} - C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\IEToolbar.dll (Freshy.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [EfficientCalendarFree]  File not found
O4 - HKLM..\Run: [EfficientDiary]  File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BrowserSafeguard] C:\Program Files\Browsersafeguard\BrowserSafeguard.exe (BrowserSafeguard)
O4 - HKCU..\Run: [DW7] C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1344279258999 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344279280406 (MUWebControl Class)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.0.53 24.116.2.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5205E9B4-1E4C-4E57-A5B8-C41DB5C6702F}: DhcpNameServer = 24.116.0.53 24.116.2.50
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/06 11:18:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/09 10:39:13 | 002,162,336 | ---- | C] (Catalina Marketing Corp) -- C:\Documents and Settings\User\Local Settings\Application Data\BcsKtYcHW.dll
[2013/05/09 10:34:59 | 003,837,792 | ---- | C] (Catalina Marketing Corp) -- C:\Program Files\CatalinaSavingsPrinter.exe
[2013/01/22 16:56:19 | 000,657,808 | ---- | C] (Daily Fitness Center) -- C:\Program Files\DailyFitnessCenterCrxSetup.exe
[2012/08/30 14:08:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJackThis.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/12 20:17:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/12 20:10:55 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to OTL.lnk
[2014/01/12 20:05:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 19:38:15 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/12 19:17:44 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/12 19:17:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/12 19:17:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/12 19:17:23 | 536,272,896 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/12 18:38:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/11 17:29:06 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-1177238915-1801674531-1003UA.job
[2014/01/11 15:22:42 | 003,391,488 | ---- | M] () -- C:\Documents and Settings\User\My Documents\MyDiary.edfx
[2014/01/07 23:29:17 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-1177238915-1801674531-1003Core.job
[2014/01/07 12:03:10 | 000,000,684 | ---- | M] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job
[2013/12/24 17:31:21 | 000,026,988 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Letter to Jenn 12-24-2013.odt
[2013/12/22 20:29:36 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to Customer Information.ods.lnk
[2013/12/22 19:09:48 | 000,006,598 | ---- | M] () -- C:\Documents and Settings\User\My Documents\New OpenDocument Spreadsheet.ods
[2013/12/16 13:36:13 | 000,069,253 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GeicoPymtConfirmation 12-15-13.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/12 20:10:55 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to OTL.lnk
[2014/01/11 17:28:20 | 536,272,896 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/24 14:43:12 | 000,026,988 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Letter to Jenn 12-24-2013.odt
[2013/12/22 20:29:27 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to Customer Information.ods.lnk
[2013/12/22 19:09:47 | 000,006,598 | ---- | C] () -- C:\Documents and Settings\User\My Documents\New OpenDocument Spreadsheet.ods
[2013/12/16 13:36:11 | 000,069,253 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GeicoPymtConfirmation 12-15-13.pdf
[2013/12/12 15:53:26 | 000,000,074 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2013/09/15 18:22:15 | 000,249,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-1177238915-1801674531-1003-0.dat
[2013/09/14 11:44:49 | 000,136,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/14 00:09:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/16 06:56:24 | 133,170,918 | ---- | C] () -- C:\Program Files\openoffice1.cab
[2013/07/16 06:54:56 | 002,260,992 | ---- | C] () -- C:\Program Files\openoffice400.msi
[2013/07/16 06:54:56 | 000,475,136 | ---- | C] () -- C:\Program Files\setup.exe
[2013/07/16 06:54:56 | 000,000,279 | ---- | C] () -- C:\Program Files\setup.ini
[2013/05/09 10:39:06 | 000,922,944 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\a.zip
[2013/04/14 22:25:12 | 000,643,648 | ---- | C] () -- C:\Program Files\Toolbar_production_62133.crxbho (1).exe
[2012/12/24 16:30:18 | 001,389,400 | ---- | C] () -- C:\Program Files\Toolbar_production_62133.crxbho.exe
[2012/09/15 20:41:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/06 21:01:04 | 135,933,721 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
[2012/08/27 20:39:16 | 000,003,177 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2012/08/22 16:05:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2012/08/22 16:03:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2012/08/13 01:59:50 | 125,106,169 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012/08/13 01:58:22 | 003,162,112 | ---- | C] () -- C:\Program Files\openofficeorg341.msi
[2012/08/06 15:58:08 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/06 15:50:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/08/06 15:49:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/08/06 15:49:58 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/08/06 12:04:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/06 11:21:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/06 11:14:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/08/06 04:45:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/06 04:44:33 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2012/08/06 12:23:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 12:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/09/02 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/20 17:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/09/10 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/07/21 09:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/09/02 09:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Babylon
[2012/09/10 21:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BabylonToolbar
[2013/05/09 10:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Catalina – Print Savings
[2012/08/20 16:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DriverCure
[2013/08/14 10:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Efficient Calendar Free
[2013/07/26 09:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Efficient Diary
[2012/08/29 19:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/04/14 22:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InboxDollars
[2012/08/22 16:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nikon
[2013/07/28 09:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice
[2012/09/06 21:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2013/07/21 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Systweak
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  >
[2012/08/06 11:15:28 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012/08/06 11:44:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/08/23 10:13:57 | 000,000,878 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012/08/23 10:13:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012/09/08 16:01:58 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/09/30 21:40:55 | 000,000,104 | ---- | C] () -- C:\WINDOWS\Tasks\Low Battery Alarm Program.job
[2013/08/20 11:03:32 | 000,000,684 | ---- | C] () -- C:\WINDOWS\Tasks\BrowserSafeguard Update Task.job
[2013/10/17 22:24:27 | 000,000,972 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-1177238915-1801674531-1003Core.job
[2013/10/17 22:24:30 | 000,000,994 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-1177238915-1801674531-1003UA.job
[2013/11/21 10:33:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
 
<  >
 
< %SYSTEMDRIVE%\*.* >
[2012/08/06 11:18:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/08/06 11:11:22 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/08/06 11:18:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2014/01/12 19:17:23 | 536,272,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 11:18:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/08/06 11:18:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 00:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/01/12 20:07:28 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2012/09/02 09:25:14 | 000,000,304 | ---- | M] () -- C:\user.js
 
<  >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
<  >
 
< %APPDATA%\Microsoft\*.* >
 
<  >
 
< %PROGRAMFILES%\*.* >
[2012/09/06 21:19:18 | 135,933,721 | ---- | M] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
[2013/05/09 10:36:48 | 003,837,792 | ---- | M] (Catalina Marketing Corp) -- C:\Program Files\CatalinaSavingsPrinter.exe
[2013/01/22 16:56:32 | 000,657,808 | ---- | M] (Daily Fitness Center) -- C:\Program Files\DailyFitnessCenterCrxSetup.exe
[2012/08/30 14:08:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HiJackThis.exe
[2012/08/30 14:15:45 | 000,006,108 | ---- | M] () -- C:\Program Files\hijackthis.log
[2013/07/16 06:56:24 | 133,170,918 | ---- | M] () -- C:\Program Files\openoffice1.cab
[2013/07/16 06:54:56 | 002,260,992 | ---- | M] () -- C:\Program Files\openoffice400.msi
[2012/08/13 01:59:50 | 125,106,169 | ---- | M] () -- C:\Program Files\openofficeorg1.cab
[2012/08/13 01:58:22 | 003,162,112 | ---- | M] () -- C:\Program Files\openofficeorg341.msi
[2013/07/16 06:54:56 | 000,475,136 | ---- | M] () -- C:\Program Files\setup.exe
[2013/07/16 06:54:56 | 000,000,279 | ---- | M] () -- C:\Program Files\setup.ini
[2013/04/14 22:25:31 | 000,643,648 | ---- | M] () -- C:\Program Files\Toolbar_production_62133.crxbho (1).exe
[2012/12/24 16:30:39 | 001,389,400 | ---- | M] () -- C:\Program Files\Toolbar_production_62133.crxbho.exe
 
<  >
 
< %APPDATA%\Update\*.* >
 
<  >
 
< %systemroot%\*. /mp /s >
 
<  >
 
<  >
 
< %systemroot%\AppPatch\Custom\*.* >
 
<  >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
<  >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-12-15 03:48:43
 
< End of report >


#6 OtterTF

OtterTF

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 12 January 2014 - 09:46 PM

And here is Extras.Txt

 

 

OTL Extras logfile created on: 1/12/2014 8:18:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.36 Mb Total Physical Memory | 217.42 Mb Available Physical Memory | 42.52% Memory free
1.22 Gb Paging File | 0.45 Gb Available in Paging File | 37.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 22.23 Gb Free Space | 59.65% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management 
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\WINDOWS\system32\dlcccoms.exe" = C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server -- ( )
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel® PROSet/Wireless WiFi Software
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ArcSoft Software Suite" = ArcSoft Software Suite
"ATI Display Driver" = ATI Display Driver
"BabylonToolbar" = Babylon toolbar on IE
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Browsersafeguard" = BrowserSafeguard
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"DailyFitnessCenter_53 Chrome Extension Uninstall" = Daily Fitness Center Toolbar Chrome Extension
"Efficient Calendar Free_is1" = Efficient Calendar Free 3.55
"Efficient Diary_is1" = Efficient Diary 3.53
"Google Chrome" = Google Chrome
"hp deskjet 970c series" = hp deskjet 970c series (Remove only)
"HP PhotoSmart 210/215 Camera Software" = HP PhotoSmart 210/215 Camera Software (by ArcSoft)
"ie8" = Windows Internet Explorer 8
"LifeJournal3" = LifeJournal3 3.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"ProInst" = Intel PROSet Wireless
"The Weather Channel App" = The Weather Channel App
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BD8EBCC6-008E-439F-AFB3-A76EE5CA22C5}" = Search.us.com
"InboxDollars" = InboxDollars
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/26/2013 11:37:35 PM | Computer Name = USER-PC | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.
 
Error - 12/27/2013 12:00:36 AM | Computer Name = USER-PC | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 twcapp.exe, P2 7.6.0.0, P3 528a6c0a, P4 fsharp.core,
 P5 4.0.0.0, P6 4d5f3f84, P7 1256, P8 69, P9 system.argumentexception, P10 NIL.
 
Error - 12/27/2013 12:34:53 AM | Computer Name = USER-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/28/2013 5:29:09 AM | Computer Name = USER-PC | Source = Google Update | ID = 20
Description = 
 
Error - 1/5/2014 12:20:41 PM | Computer Name = USER-PC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,
 P4 11.1.4501.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 1/6/2014 2:29:06 AM | Computer Name = USER-PC | Source = Google Update | ID = 20
Description = 
 
Error - 1/7/2014 1:38:24 PM | Computer Name = USER-PC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10201.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 1/9/2014 11:29:07 PM | Computer Name = USER-PC | Source = Google Update | ID = 20
Description = 
 
Error - 1/11/2014 6:52:19 PM | Computer Name = USER-PC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
Error - 1/11/2014 6:58:43 PM | Computer Name = USER-PC | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 4.0.9702.500, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 1/12/2014 10:43:20 PM | Computer Name = USER-PC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,
 P4 11.1.4501.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials,
 P8 NIL, P9 NIL, P10 NIL.
 
[ System Events ]
Error - 1/11/2014 8:22:29 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFD  Fips  intelppm  IPSec  MpFilter  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  Tcpip
 
Error - 1/11/2014 8:28:40 PM | Computer Name = USER-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/11/2014 8:28:41 PM | Computer Name = USER-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/11/2014 8:28:41 PM | Computer Name = USER-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/11/2014 9:31:00 PM | Computer Name = USER-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
 DHCP  Server) for the Network Card with network address 0013CE67F168.  The following
 error  occurred:   %%121.  Your computer will continue to try and obtain an address on
 its own from  the network address (DHCP) server.
 
Error - 1/12/2014 10:17:44 PM | Computer Name = USER-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/12/2014 10:17:46 PM | Computer Name = USER-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/12/2014 10:17:46 PM | Computer Name = USER-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/12/2014 10:43:40 PM | Computer Name = USER-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.165.1689.0     Update Source: %%859     Update Stage:
 %%854     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803
 
User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0
 
Error
 code: 0x80070643     Error description: Fatal error during installation. 
 
Error - 1/12/2014 10:44:49 PM | Computer Name = USER-PC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
 (Definition 1.165.1731.0).
 
 
< End of report >


#7 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 12 January 2014 - 11:44 PM

Double click on OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • please note the fix starts with the :
:Processes

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}
IE - HKCU\..\SearchScopes\{5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}: "URL" = http://www.google.co...1I7AURU_enUS498
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1032;https=127.0.0.1:1032;
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\User\APPLIC~1\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
[2013/09/11 20:45:23 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lx37whw3.default\extensions\plugin@yontoo.com.xpi
[2012/12/29 15:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/02 17:48:41 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2013/08/02 17:48:47 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {E6B6EF1A-0F26-44E0-98FF-858337C96BBC} - No CLSID value found.
O4 - HKLM..\Run: [EfficientCalendarFree]  File not found
O4 - HKLM..\Run: [EfficientDiary]  File not found
[2012/09/02 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/20 17:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/09/10 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/09/02 09:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Babylon
[2012/09/10 21:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BabylonToolbar
[2013/05/09 10:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Catalina – Print Savings

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer

Please post the  OTL log.
 

 


  • OtterTF likes this

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#8 OtterTF

OtterTF

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 13 January 2014 - 02:26 PM

Here is the OTL log after running fixes and reboot:

-------------------------------

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D1536E1-E01A-4BEF-A700-C21E1DD38EAF}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator\ deleted successfully.
C:\DOCUME~1\User\APPLIC~1\CATALI~1\NPBCSK~1.DLL moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lx37whw3.default\extensions\plugin@yontoo.com.xpi moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E6B6EF1A-0F26-44E0-98FF-858337C96BBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6B6EF1A-0F26-44E0-98FF-858337C96BBC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E6B6EF1A-0F26-44E0-98FF-858337C96BBC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EfficientCalendarFree deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EfficientDiary deleted successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer folder moved successfully.
C:\Documents and Settings\User\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\User\Application Data\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Documents and Settings\User\Application Data\Catalina – Print Savings folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33202 bytes
 
User: NetworkService
->Temp folder emptied: 2283750 bytes
->Temporary Internet Files folder emptied: 33269 bytes
 
User: User
->Temp folder emptied: 144295492 bytes
->Temporary Internet Files folder emptied: 8598334 bytes
->FireFox cache emptied: 79078059 bytes
->Google Chrome cache emptied: 8823065 bytes
->Flash cache emptied: 506 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30599018 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1048623512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2140899 bytes
 
Total Files Cleaned = 1,266.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01132014_124940
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#9 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 13 January 2014 - 02:50 PM

Good.

 

Now let's see if Mbam will run.

 

Please download Malwarebytes' Anti-Malware to your desktop.
 

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

 


  • OtterTF likes this

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#10 OtterTF

OtterTF

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 13 January 2014 - 07:04 PM

I was worried because I couldn't get rid of "Browser Safeguard" no matter which way I tried. Their "uninstall" link sent me to an "upgrade" page. SO GLAD to be rid of it!

What is "Babylon" and where did I get this? and, "Tidy Network"? what is that?

 

********

Malwarebytes' Anti-Malware (without reboot):

*****

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.13.10
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-PC [administrator]
 
1/13/2014 5:13:51 PM
mbam-log-2014-01-13 (17-13-51).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200926
Time elapsed: 11 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 23
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} (PUP.Optional.TidyNetwork.A) -> Delete on reboot.
HKCR\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD8EBCC6-008E-439F-AFB3-A76EE5CA22C5} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BrowserSafeguard (PUP.Optional.BrowserSafeGuard.A) -> Data: C:\Program Files\Browsersafeguard\Browsersafeguard.exe -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0I1P1NtGtBtH1N1J1J0E0K -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_zoomdownloadmngr-display-US-728x90-23609154882 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 6
C:\Program Files\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\Profiles\10261 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
 
Files Detected: 52
C:\Program Files\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\Downloads\Setup.exe (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\install.log (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\BrowserSafeguard Update Task.job (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\Autorun.inf (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\crx.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\ffassist.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\HtmlDialog.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\ie8starter.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\iehpr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\log.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\OldStyleSB.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\OSD7F0.OSD (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\progress.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\safari.safariextz (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\untar.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\xpi.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\Profiles\10261\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\Profiles\10261\partner.dat (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\Profiles\10261\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\TNT2\Profiles\10261\toolbar10261@tightropeinteractive.com.xpi (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
 
(end)

    Advertisements

Register to Remove


#11 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 13 January 2014 - 10:54 PM

Both of those usually come as foistware when you download other programs.  They same with Yontoo which usually seems to come bundled with a downloader. I don't know which programs they came with... but they've been on your system for months.

 

We "killed" these with OTL and Mbam found alot of remnants left.

 

Let's run another tool.

 

Download ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#12 OtterTF

OtterTF

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 14 January 2014 - 12:41 AM

I downloaded the ComboFix, saved to desktop. A big black warning screen with a bunch of dos-looking writing came up. Clicked desktop link to open ComboFix... got message to install Microsoft Windows Recovery Console. Did that, started scan for malware... and waited, and waited for almost 20 mins. Saw a blinking cursor, but looked like nothing was happening. Everything was frozen. Shut down hard. Reboot was faster, but took a long slow time to get into gmail and then log on here. Didn't want to try again because of #2 " Do not "re-run" Combofix.  If you have a problem, reply back for further instructions." So, reporting back. :)



#13 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 14 January 2014 - 07:50 PM

Let's try a different tool.
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. You want the 32-bit version
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • OtterTF likes this

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#14 OtterTF

OtterTF

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 15 January 2014 - 12:23 PM

FRST.txt LOG

**************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 01
Ran by User (administrator) on USER-PC on 15-01-2014 11:13:18
Running from C:\Documents and Settings\User\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
( ) C:\WINDOWS\system32\dlcccoms.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Nikon Corporation) C:\Program Files\Nikon\NkView6\NkvMon.exe
(Facebook) C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [DLCCCATS] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll [73728 2006-02-24] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-11-29] (HP)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [DW7] - C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe [13209088 2013-12-05] (The Weather Channel)
HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2013-10-17] (Facebook Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
ShortcutTarget: NkvMon.exe.lnk -> C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E6B6EF1A-0F26-44E0-98FF-858337C96BBC} -  No File
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lx37whw3.default
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lx37whw3.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tnt2toolbar.com/Plugin - C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\npTNT2.dll No File
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (ArcadeCandy Textlinks Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0\npCandyx.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (npAPI Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\TNT2\2.0.0.1057\npTNT2.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-10]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-03-27]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0 [2013-08-10]
CHR Extension: (Daily Fitness Center) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fidfjongddgnnpkhglcahnnpndcldjpa\4.67.1.37508_0 [2013-06-07]
CHR Extension: (InboxDollars) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ninmclfaanihkdljeclnamacejnlejhi\1.2.3_0 [2013-04-25]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-18]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-10]
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Documents and Settings\User\Application Data\BabylonToolbar\CR\BabylonChrome1.crx [2012-08-08]
CHR HKLM\...\Chrome\Extension: [fidfjongddgnnpkhglcahnnpndcldjpa] - C:\Program Files\DailyFitnessCenter_53 Chrome Extension\bar\DailyFitnessCenter@mindspark.com [2013-01-22]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Documents and Settings\User\Local Settings\Application Data\Wajam\Chrome\wajam.crx [2012-06-14]
CHR HKCU\...\Chrome\Extension: [ninmclfaanihkdljeclnamacejnlejhi] - C:\Documents and Settings\User\Application Data\InboxDollars\Toolbar_production_62133_26.crx [2013-01-03]
 
========================== Services (Whitelisted) =================
 
R2 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [538096 2007-02-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R3 SMCIRDA; C:\Windows\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [x]
S0 cerc6; No ImagePath
S3 UIUSys; system32\drivers\UIUSys.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-15 11:12 - 2014-01-15 11:12 - 00000633 _____ C:\Documents and Settings\User\Desktop\Shortcut to FRST.lnk
2014-01-15 11:12 - 2014-01-15 11:12 - 00000000 ____D C:\FRST
2014-01-13 23:00 - 2014-01-13 23:00 - 00000000 _RSHD C:\cmdcons
2014-01-13 23:00 - 2012-08-06 11:11 - 00000211 _____ C:\Boot.bak
2014-01-13 23:00 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-13 22:55 - 2014-01-13 23:17 - 00000000 ___SD C:\ComboFix
2014-01-13 22:55 - 2014-01-13 22:55 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-13 22:55 - 2014-01-13 22:55 - 00000000 ____D C:\Qoobox
2014-01-13 22:55 - 2011-06-25 23:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-13 22:55 - 2010-11-07 10:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-13 22:55 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-13 22:55 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-13 22:55 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-13 22:55 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-13 22:55 - 2000-08-30 17:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-13 22:55 - 2000-08-30 17:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-13 22:55 - 2000-08-30 17:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-13 22:47 - 2014-01-13 22:47 - 00000657 _____ C:\Documents and Settings\User\Desktop\Shortcut to ComboFix.lnk
2014-01-13 22:07 - 2014-01-13 22:07 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-01.dmp
2014-01-13 22:07 - 2014-01-13 22:07 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-13 17:08 - 2014-01-13 17:08 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-13 17:08 - 2014-01-13 17:08 - 00000000 ____D C:\Documents and Settings\User\Application Data\Malwarebytes
2014-01-13 17:08 - 2014-01-13 17:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-13 17:08 - 2014-01-13 17:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-13 17:07 - 2014-01-13 17:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-13 17:07 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-13 12:49 - 2014-01-13 12:49 - 00000000 ____D C:\_OTL
2014-01-12 20:10 - 2014-01-12 20:10 - 00000626 _____ C:\Documents and Settings\User\Desktop\Shortcut to OTL.lnk
2014-01-04 09:55 - 2014-01-09 20:23 - 00000139 _____ C:\Documents and Settings\User\debug.log
2013-12-24 14:43 - 2013-12-24 17:31 - 00026988 _____ C:\Documents and Settings\User\My Documents\Letter to Jenn 12-24-2013.odt
2013-12-22 20:29 - 2013-12-22 20:29 - 00000678 _____ C:\Documents and Settings\User\Desktop\Shortcut to Customer Information.ods.lnk
2013-12-22 19:09 - 2013-12-22 19:09 - 00006598 _____ C:\Documents and Settings\User\My Documents\New OpenDocument Spreadsheet.ods
 
==================== One Month Modified Files and Folders =======
 
2014-01-15 11:12 - 2014-01-15 11:12 - 00000633 _____ C:\Documents and Settings\User\Desktop\Shortcut to FRST.lnk
2014-01-15 11:12 - 2014-01-15 11:12 - 00000000 ____D C:\FRST
2014-01-15 11:05 - 2012-08-23 10:13 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 10:56 - 2012-08-06 11:16 - 01482229 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-14 18:17 - 2012-09-08 16:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-14 17:29 - 2013-10-17 22:24 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-1177238915-1801674531-1003UA.job
2014-01-14 15:05 - 2012-08-23 10:13 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 14:04 - 2012-08-06 11:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-14 14:04 - 2012-08-06 04:48 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-14 14:04 - 2012-08-06 04:48 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-14 14:04 - 2008-04-14 00:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-14 12:55 - 2013-09-14 00:09 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-14 11:17 - 2012-08-06 11:44 - 00032656 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-13 23:29 - 2013-10-17 22:24 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-1177238915-1801674531-1003Core.job
2014-01-13 23:17 - 2014-01-13 22:55 - 00000000 ___SD C:\ComboFix
2014-01-13 23:00 - 2014-01-13 23:00 - 00000000 _RSHD C:\cmdcons
2014-01-13 23:00 - 2012-08-06 04:43 - 00000327 __RSH C:\boot.ini
2014-01-13 22:55 - 2014-01-13 22:55 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-13 22:55 - 2014-01-13 22:55 - 00000000 ____D C:\Qoobox
2014-01-13 22:47 - 2014-01-13 22:47 - 00000657 _____ C:\Documents and Settings\User\Desktop\Shortcut to ComboFix.lnk
2014-01-13 22:07 - 2014-01-13 22:07 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-01.dmp
2014-01-13 22:07 - 2014-01-13 22:07 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-13 17:39 - 2012-09-12 09:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2736233$
2014-01-13 17:38 - 2013-09-15 18:22 - 00249544 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-1177238915-1801674531-1003-0.dat
2014-01-13 17:38 - 2013-09-14 11:44 - 00136166 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-13 17:38 - 2012-08-06 11:45 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini
2014-01-13 17:08 - 2014-01-13 17:08 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-13 17:08 - 2014-01-13 17:08 - 00000000 ____D C:\Documents and Settings\User\Application Data\Malwarebytes
2014-01-13 17:08 - 2014-01-13 17:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-13 17:08 - 2014-01-13 17:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-13 17:08 - 2014-01-13 17:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-13 12:50 - 2012-12-29 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-13 12:50 - 2012-09-10 21:24 - 00000000 ____D C:\Program Files\Yontoo
2014-01-13 12:49 - 2014-01-13 12:49 - 00000000 ____D C:\_OTL
2014-01-12 20:10 - 2014-01-12 20:10 - 00000626 _____ C:\Documents and Settings\User\Desktop\Shortcut to OTL.lnk
2014-01-12 20:09 - 2013-07-12 19:39 - 00000000 ____D C:\Documents and Settings\User\My Documents\COMPUTER
2014-01-11 15:22 - 2013-07-26 09:35 - 00000000 ____D C:\Documents and Settings\User\My Documents\Efficient Organizer AutoBackup
2014-01-11 15:22 - 2012-09-10 22:07 - 03391488 _____ C:\Documents and Settings\User\My Documents\MyDiary.edfx
2014-01-09 20:23 - 2014-01-04 09:55 - 00000139 _____ C:\Documents and Settings\User\debug.log
2014-01-08 13:24 - 2013-08-09 19:19 - 00000000 ____D C:\Documents and Settings\User\My Documents\IC SHOPPER
2014-01-04 09:54 - 2012-08-28 16:02 - 00000000 ____D C:\Program Files\dl_Cats
2013-12-27 22:50 - 2013-11-26 11:01 - 00000000 ____D C:\Documents and Settings\User\My Documents\AVON
2013-12-24 17:31 - 2013-12-24 14:43 - 00026988 _____ C:\Documents and Settings\User\My Documents\Letter to Jenn 12-24-2013.odt
2013-12-22 20:29 - 2013-12-22 20:29 - 00000678 _____ C:\Documents and Settings\User\Desktop\Shortcut to Customer Information.ods.lnk
2013-12-22 19:09 - 2013-12-22 19:09 - 00006598 _____ C:\Documents and Settings\User\My Documents\New OpenDocument Spreadsheet.ods
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
ADDITION.TXT LOG
************************
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2014 01
Ran by User at 2014-01-15 11:14:06
Running from C:\Documents and Settings\User\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.1.5 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (Version:  - )
ATI - Software Uninstall Utility (Version: 6.14.10.1012 - )
ATI Control Panel (Version: 6.14.10.5154 - )
ATI Display Driver (Version: 8.131.1.2-050706a-025030C-Dell - )
Babylon toolbar on IE (Version:  - BabylonToolbar) <==== ATTENTION
BabylonObjectInstaller (Version: 2.0.0.4 - Babylon Ltd)
Broadcom Gigabit Integrated Controller (Version: 9.02.06 - Broadcom Corporation)
Catalina Savings Printer (Version: 1.0.0 - Catalina Marketing Corp)
Conexant D110 MDC V.92 Modem (Version:  - )
Coupon Printer for Windows (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
Daily Fitness Center Toolbar Chrome Extension (Version:  - Mindspark Interactive Network)
Dell Wireless WLAN Card (Version: 4.100.15.8 - Dell Inc.)
Efficient Calendar Free 3.55 (Version:  - Efficient Software)
Efficient Diary 3.53 (Version:  - Efficient Software)
Facebook Messenger 2.1.4814.0 (Version: 2.1.4814.0 - Facebook)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
hp deskjet 970c series (Remove only) (Version:  - )
HP PhotoSmart 210/215 Camera Software (by ArcSoft) (Version:  - )
InboxDollars (Version:  - )
Intel PROSet Wireless (Version:  - ) Hidden
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000 - Intel Corporation)
LifeJournal3 3.0 (Version: 3.0 - Chronicles Software Co.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 17.0.1 - Mozilla)
Nikon View 6 (Version:  - )
OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation)
OpenOffice.org 3.4.1 (Version: 3.41.9593 - Apache Software Foundation)
QuickTime (Version: 7.71.80.42 - Apple Inc.)
The Weather Channel App (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinZip 17.5 (Version: 17.5.10480 - WinZip Computing, S.L. )
Yahoo! Messenger (Version:  - Yahoo! Inc.)
Yontoo 1.10.02 (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION
 
==================== Restore Points  =========================
 
16-10-2013 14:53:31 Software Distribution Service 3.0
16-10-2013 19:04:04 Software Distribution Service 3.0
18-10-2013 01:19:01 Software Distribution Service 3.0
23-10-2013 00:26:12 Software Distribution Service 3.0
24-10-2013 15:13:35 Software Distribution Service 3.0
26-10-2013 01:32:36 Software Distribution Service 3.0
27-10-2013 13:17:28 Software Distribution Service 3.0
28-10-2013 15:17:56 Software Distribution Service 3.0
29-10-2013 16:30:03 Software Distribution Service 3.0
31-10-2013 04:19:21 Software Distribution Service 3.0
01-11-2013 19:59:26 Software Distribution Service 3.0
04-11-2013 17:21:36 Software Distribution Service 3.0
05-11-2013 22:15:41 Software Distribution Service 3.0
08-11-2013 04:09:24 Software Distribution Service 3.0
09-11-2013 17:36:57 Software Distribution Service 3.0
11-11-2013 18:31:53 Software Distribution Service 3.0
13-11-2013 17:48:04 Software Distribution Service 3.0
14-11-2013 18:46:18 Software Distribution Service 3.0
14-11-2013 19:03:18 Software Distribution Service 3.0
15-11-2013 19:53:45 Software Distribution Service 3.0
17-11-2013 18:10:02 Software Distribution Service 3.0
18-11-2013 20:19:14 Software Distribution Service 3.0
19-11-2013 18:22:05 Software Distribution Service 3.0
20-11-2013 18:22:06 Software Distribution Service 3.0
20-11-2013 22:07:00 Software Distribution Service 3.0
21-11-2013 17:16:14 Software Distribution Service 3.0
23-11-2013 04:01:40 Software Distribution Service 3.0
25-11-2013 20:51:11 Software Distribution Service 3.0
26-11-2013 21:41:37 Software Distribution Service 3.0
28-11-2013 00:37:16 Software Distribution Service 3.0
29-11-2013 17:46:55 Software Distribution Service 3.0
02-12-2013 18:34:01 Software Distribution Service 3.0
04-12-2013 00:45:36 Software Distribution Service 3.0
05-12-2013 16:59:43 Software Distribution Service 3.0
06-12-2013 17:30:30 Software Distribution Service 3.0
08-12-2013 18:16:41 Software Distribution Service 3.0
09-12-2013 21:04:03 Software Distribution Service 3.0
10-12-2013 22:20:53 Software Distribution Service 3.0
12-12-2013 17:49:27 Software Distribution Service 3.0
12-12-2013 18:52:10 Software Distribution Service 3.0
13-12-2013 22:18:52 Software Distribution Service 3.0
15-12-2013 03:33:49 Software Distribution Service 3.0
15-12-2013 03:48:29 Software Distribution Service 3.0
16-12-2013 18:30:01 Software Distribution Service 3.0
17-12-2013 19:26:51 Software Distribution Service 3.0
19-12-2013 00:02:41 Software Distribution Service 3.0
20-12-2013 03:14:00 Software Distribution Service 3.0
22-12-2013 02:31:00 Software Distribution Service 3.0
23-12-2013 21:11:39 Software Distribution Service 3.0
25-12-2013 20:13:32 Software Distribution Service 3.0
26-12-2013 22:36:41 Software Distribution Service 3.0
27-12-2013 23:00:59 Software Distribution Service 3.0
28-12-2013 23:44:10 Software Distribution Service 3.0
30-12-2013 16:48:53 Software Distribution Service 3.0
31-12-2013 17:53:34 Software Distribution Service 3.0
01-01-2014 20:09:42 Software Distribution Service 3.0
03-01-2014 02:38:02 Software Distribution Service 3.0
04-01-2014 16:29:20 Software Distribution Service 3.0
05-01-2014 16:18:29 Software Distribution Service 3.0
05-01-2014 22:34:30 Software Distribution Service 3.0
07-01-2014 18:20:16 Software Distribution Service 3.0
08-01-2014 20:01:39 Software Distribution Service 3.0
09-01-2014 20:18:04 Software Distribution Service 3.0
11-01-2014 23:20:37 Software Distribution Service 3.0
13-01-2014 01:54:50 Software Distribution Service 3.0
13-01-2014 02:42:49 Software Distribution Service 3.0
13-01-2014 03:20:48 OTL Restore Point - 1/12/2014 8:20:39 PM
13-01-2014 19:17:48 Software Distribution Service 3.0
14-01-2014 21:17:14 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2008-04-14 00:00 - 2008-04-14 00:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-1177238915-1801674531-1003Core.job => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-1177238915-1801674531-1003UA.job => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Low Battery Alarm Program.job => ?
 
==================== Loaded Modules (whitelisted) =============
 
2009-11-03 14:35 - 2009-11-03 14:35 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2012-08-06 15:49 - 2007-03-16 17:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2013-03-07 20:32 - 2013-03-07 20:32 - 00292272 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 20:32 - 2013-03-07 20:32 - 21014960 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 20:32 - 2013-03-07 20:32 - 00179632 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2012-08-10 15:51 - 2012-09-06 21:27 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-10-13 23:52 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2008-04-14 00:00 - 2008-04-14 00:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 00:00 - 2008-04-14 00:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-07-10 13:33 - 2013-07-10 13:33 - 04591616 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2013-07-10 13:33 - 2013-07-10 13:33 - 00112128 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
2013-12-06 11:21 - 2013-12-03 19:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 11:21 - 2013-12-03 19:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 11:21 - 2013-12-03 19:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/14/2014 04:26:39 PM) (Source: .NET Runtime) (User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at DW.UI.App.Main()
 
Error: (01/14/2014 04:26:33 PM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 twcapp.exe, P2 7.6.0.0, P3 528a6c0a, P4 twcapp, P5 7.6.0.0, P6 528a6c0a, P7 7b, P8 3, P9 clr20r30, P10 clr20r31.
 
Error: (01/13/2014 09:44:18 PM) (Source: .NET Runtime) (User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at DW.UI.App.Main()
 
Error: (01/13/2014 09:44:12 PM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 twcapp.exe, P2 7.6.0.0, P3 528a6c0a, P4 twcapp, P5 7.6.0.0, P6 528a6c0a, P7 7b, P8 3, P9 clr20r30, P10 clr20r31.
 
Error: (01/13/2014 01:05:55 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 31.0.1650.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2014 00:50:40 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10201.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (01/12/2014 07:43:20 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.4501.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (01/11/2014 03:58:43 PM) (Source: Application Hang) (User: )
Description: Hanging application soffice.bin, version 4.0.9702.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/11/2014 03:52:19 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (01/09/2014 08:29:07 PM) (Source: Google Update) (User: USER-PC)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
 
System errors:
=============
Error: (01/14/2014 02:05:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/14/2014 02:05:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/14/2014 02:04:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/14/2014 11:07:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/14/2014 11:07:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/14/2014 11:07:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/13/2014 11:23:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/13/2014 11:23:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/13/2014 11:23:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/13/2014 11:15:58 PM) (Source: Service Control Manager) (User: )
Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (01/14/2014 04:26:39 PM) (Source: .NET Runtime)(User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at DW.UI.App.Main()
 
Error: (01/14/2014 04:26:33 PM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3twcapp.exe7.6.0.0528a6c0atwcapp7.6.0.0528a6c0a7b3system.nullreferenceexceptionNIL
 
Error: (01/13/2014 09:44:18 PM) (Source: .NET Runtime)(User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at DW.UI.App.Main()
 
Error: (01/13/2014 09:44:12 PM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3twcapp.exe7.6.0.0528a6c0atwcapp7.6.0.0528a6c0a7b3system.nullreferenceexceptionNIL
 
Error: (01/13/2014 01:05:55 PM) (Source: Application Hang)(User: )
Description: chrome.exe31.0.1650.63hungapp0.0.0.000000000
 
Error: (01/13/2014 00:50:40 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10201.0mpengine0unspecifiedNILNILNIL
 
Error: (01/12/2014 07:43:20 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070670patchapplicationam bdd11.1.4501.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL
 
Error: (01/11/2014 03:58:43 PM) (Source: Application Hang)(User: )
Description: soffice.bin4.0.9702.500hungapp0.0.0.000000000
 
Error: (01/11/2014 03:52:19 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (01/09/2014 08:29:07 PM) (Source: Google Update)(User: USER-PC)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 62%
Total physical RAM: 511.36 MB
Available physical RAM: 191.03 MB
Total Pagefile: 1246.56 MB
Available Pagefile: 377.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.69 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:37.26 GB) (Free:23.62 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: CF14CF14)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#15 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 15 January 2014 - 07:38 PM

That looks pretty good.  It also appears that combofix did run... at least it completed a portion of it's processes.

 

Let's try it again but run it differently.

 

hold your windows key and then press the r key.  This will bring up a run box.  In the box put:

combofix /nombr

and then press enter.

 

Let combofix try to run for a good hour before giving up on it.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics




Also tagged with one or more of these keywords: painfully slow, double text entry

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users