Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware blocking ap addresses


  • This topic is locked This topic is locked
22 replies to this topic

#1 rhodaellen

rhodaellen

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 16 January 2014 - 06:36 PM

Here are the log files from DDS.

Attached File  dds.txt   10.37KB   8 downloadsAttached File  attach.txt   26.76KB   1 downloads



BC AdBot (Login to Remove)

 


#2 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 21 January 2014 - 07:50 AM

Hi,

my name is alexsmith2709. I will be helping you to remove the infections you appear to have on your computer.

Please bear with me while i look over your logs.

I will reply within a couple of days, but if i do not, please feel free to PM me to remind me.

 

Regards,

alexsmith2709



#3 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 22 January 2014 - 04:41 PM

Hi rhodaellen,

 

We need to create an OTL Report

  • Please download OTL
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Regards,

alexsmith2709



#4 rhodaellen

rhodaellen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 26 January 2014 - 11:40 AM

Hi alexsmith2709

 

Here are the two OTL reports

let me know what you find.

 

OTL logfile created on: 1/26/2014 10:07:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Marian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.10 Mb Total Physical Memory | 315.06 Mb Available Physical Memory | 31.10% Memory free
2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 164.90 Gb Free Space | 71.86% Space Free | Partition Type: NTFS
 
Computer Name: DH32RNG1 | User Name: Marian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/26 10:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
PRC - [2014/01/06 12:52:41 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/22 07:18:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/17 10:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/01/06 12:52:56 | 003,017,840 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2014/01/06 12:52:53 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/01/06 12:52:53 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/01/06 12:52:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 08:51:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/01/05 16:40:43 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/11 18:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/07/16 18:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes,DefaultScope = {76A560C1-73B3-437E-BAD2-0C2BA605EAFF}
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{76A560C1-73B3-437E-BAD2-0C2BA605EAFF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{7B9731F8-D2B6-4FF4-A1D5-98A586F99A4A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.google.mozilla.com/firefox"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Marian\My Documents\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/22 07:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/22 07:18:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/14 16:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012/07/14 09:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Extensions
[2014/01/19 10:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions
[2010/03/20 09:36:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/14 09:28:48 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\links@rivalgaming.com
[2013/06/09 10:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\support@searchdonkeyapp.com
[2014/01/19 10:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/24 21:26:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/12 07:22:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/19 06:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 07:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 08:54:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/29 12:00:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2014/01/19 10:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\extension@FastFreeConverter.com
[2008/11/24 21:26:11 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2010/05/14 06:31:29 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/10/22 07:18:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/05/14 06:31:12 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2010/05/14 06:31:13 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2010/05/14 06:31:13 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2010/05/14 06:31:15 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2010/05/14 06:31:15 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com
CHR - Extension: Entanglement = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
 
O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-319201712-1820719856-627546557-1005..\Run: [Opciice] "C:\Documents and Settings\Marian\Application Data\Uhquehf\luahsai.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Spyde%20Solitaire/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1371057051500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1373819573921 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7553F93-3A5C-4556-93B2-A9D9FCA86659}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/26 10:07:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
[2014/01/25 14:45:21 | 000,000,000 | ---D | C] -- C:\Charlot
[2014/01/14 16:58:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Marian\Start Menu\Programs\Administrative Tools
[2014/01/14 16:57:54 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Marian\Desktop\dds.com
[2014/01/13 16:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
[2014/01/13 16:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marian\Application Data\gtk-2.0
[2014/01/10 17:34:05 | 000,000,000 | ---D | C] -- C:\Second Run
[2014/01/10 08:14:21 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Marian\Desktop\esetsmartinstaller_enu.exe
[2014/01/09 17:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/01/08 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marian\My Documents\CronosBook 5
[2014/01/08 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marian\My Documents\CronosBook 4
[2014/01/08 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marian\My Documents\CronosBook 3
[2014/01/06 13:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marian\Application Data\HpUpdate
[2014/01/06 13:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/06 12:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2014/01/05 17:48:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/05 17:11:20 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Marian\Desktop\tdsskiller.exe
[2014/01/05 16:55:03 | 000,760,063 | ---- | C] (Farbar) -- C:\Documents and Settings\Marian\Desktop\MiniToolBox.exe
[2014/01/05 16:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/01/05 14:40:19 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Marian\Desktop\mbar-1.07.0.1008.exe
[2014/01/01 18:44:47 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/01 18:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marian\Desktop\mbar
[2014/01/01 18:44:10 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Marian\My Documents\mbar-1.07.0.1008.exe
[2014/01/01 18:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marian\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/26 10:24:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/26 10:14:03 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-319201712-1820719856-627546557-1005.job
[2014/01/26 10:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
[2014/01/26 09:59:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/26 09:59:27 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-319201712-1820719856-627546557-1005.job
[2014/01/26 09:59:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/26 09:59:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/26 09:59:04 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 15:26:02 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Microsoft Word 2010.lnk
[2014/01/25 15:20:43 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Charlot.lnk
[2014/01/25 14:16:47 | 000,017,690 | ---- | M] () -- C:\Documents and Settings\Marian\Application Data\wklnhst.dat
[2014/01/15 11:01:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/14 16:58:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Marian\Desktop\dds.com
[2014/01/13 16:43:55 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Marian\.recently-used.xbel
[2014/01/10 17:33:19 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Local Disk ©.lnk
[2014/01/10 08:14:31 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Marian\Desktop\esetsmartinstaller_enu.exe
[2014/01/06 13:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/05 17:48:57 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\AdwCleaner.exe
[2014/01/05 17:11:48 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Marian\Desktop\tdsskiller.exe
[2014/01/05 16:55:05 | 000,760,063 | ---- | M] (Farbar) -- C:\Documents and Settings\Marian\Desktop\MiniToolBox.exe
[2014/01/05 16:40:43 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/05 16:40:10 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Marian\Desktop\mbar-1.07.0.1008.exe
[2014/01/05 09:33:03 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Marian\My Documents\spider.sav
[2014/01/03 09:57:11 | 000,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2014/01/01 18:44:22 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Marian\My Documents\mbar-1.07.0.1008.exe
[2014/01/01 18:23:57 | 000,002,978 | ---- | M] () -- C:\Documents and Settings\Marian\My Documents\cc_20140101_182350.reg
[2014/01/01 16:43:52 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/31 13:45:16 | 000,252,288 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/25 15:20:43 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Charlot.lnk
[2014/01/13 16:43:55 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Marian\.recently-used.xbel
[2014/01/10 17:33:19 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Local Disk ©.lnk
[2014/01/05 17:48:35 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\AdwCleaner.exe
[2014/01/01 18:23:54 | 000,002,978 | ---- | C] () -- C:\Documents and Settings\Marian\My Documents\cc_20140101_182350.reg
[2013/12/24 15:02:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/24 08:14:43 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\laprscvg
[2013/12/24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko
[2013/12/24 08:12:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marian\Application Data\SharedSettings.ccs
[2013/06/02 09:57:08 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/10/06 12:05:33 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/07/14 09:30:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/15 07:51:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/10/02 17:19:47 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/13 11:49:50 | 000,007,869 | ---- | C] () -- C:\Documents and Settings\Marian\DModem_Trace.trc
[2008/09/09 16:42:01 | 000,017,690 | ---- | C] () -- C:\Documents and Settings\Marian\Application Data\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8

< End of report >

 

OTL Extras logfile created on: 1/26/2014 10:07:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Marian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.10 Mb Total Physical Memory | 315.06 Mb Available Physical Memory | 31.10% Memory free
2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 164.90 Gb Free Space | 71.86% Space Free | Partition Type: NTFS
 
Computer Name: DH32RNG1 | User Name: Marian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1D601240-1E3C-11DE-8C30-0800200C9A66}" = Walmart Photo Manager
"{1DA007FA-6A47-426B-8813-91A8BC75EC7D}" = HP Deskjet 2510 series Product Improvement Study
"{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide
"{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}" = HP Deskjet 2510 series Help
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E0BDA5-DEAD-4116-8DC0-3F5C9A202C47}" = HP Deskjet 2510 series Basic Device Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}" = MySoftware Fonts
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}" = NetZero Internet and Voice Offer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB856C83-7CA0-4EB5-8D86-792B29EB4A10}" = MyDataBase
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E05D82D8-FE70-4228-B073-B0C07FE27595}" = iTunes
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8E67406-554B-4ABB-9841-D4B744D30C2E}" = iMusic Tools Essentials
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP49.DLL" = Canon i550
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"Digital Editions" = Adobe Digital Editions
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"Griffith_is1" = Griffith 0.12.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hoyle Word Games 2" = Hoyle Word Games 2
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Just CrossStitch Pattern CD Volume 1" = Just CrossStitch Pattern CD Volume 1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mozilla Thunderbird 24.2.0 (x86 en-US)" = Mozilla Thunderbird 24.2.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.SingleImage" = Microsoft Office Professional 2010
"PCStitch for Windows" = PCStitch for Windows
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Photo Viewer_is1" = Photo Viewer s2.5
"PhotoMail" = PhotoMail Maker
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SCRABBLE" = SCRABBLE
"SearchAssist" = SearchAssist
"Shorter Oxford English Dictionary (Sixth Edition)" = Shorter Oxford English Dictionary (Sixth Edition)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/20/2014 7:16:13 PM | Computer Name = DH32RNG1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2478656
 
Error - 1/20/2014 7:16:13 PM | Computer Name = DH32RNG1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2478656
 
Error - 1/24/2014 10:33:27 AM | Computer Name = DH32RNG1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/24/2014 10:33:27 AM | Computer Name = DH32RNG1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38117625
 
Error - 1/24/2014 10:33:27 AM | Computer Name = DH32RNG1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38117625
 
Error - 1/25/2014 12:17:07 PM | Computer Name = DH32RNG1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 1/25/2014 12:17:07 PM | Computer Name = DH32RNG1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 1/25/2014 10:33:41 PM | Computer Name = DH32RNG1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/25/2014 10:33:41 PM | Computer Name = DH32RNG1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1184265
 
Error - 1/25/2014 10:33:41 PM | Computer Name = DH32RNG1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1184265
 
[ System Events ]
Error - 1/11/2014 10:25:58 AM | Computer Name = DH32RNG1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service BBUpdate with
 arguments "-Service"  in order to run the server:  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 1/11/2014 10:26:39 AM | Computer Name = DH32RNG1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BBUpdate service to connect.
 
Error - 1/11/2014 10:26:39 AM | Computer Name = DH32RNG1 | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error:   %%1053
 
Error - 1/12/2014 1:31:20 PM | Computer Name = DH32RNG1 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
 with DCOM within the required timeout.
 
Error - 1/13/2014 10:49:37 PM | Computer Name = DH32RNG1 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
 with DCOM within the required timeout.
 
Error - 1/17/2014 11:07:03 AM | Computer Name = DH32RNG1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.101 on
 the  Network Card with network address 001D099D4944.
 
Error - 1/22/2014 10:54:52 AM | Computer Name = DH32RNG1 | Source = Print | ID = 6161
Description = The document Microsoft Word - Ch9afterparty.docx owned by Marian failed
 to print on printer HP Deskjet 2510 series. Data type: NT EMF 1.008. Size of the
 spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the
 document: 0. Number of pages printed: 0. Client machine: \\DH32RNG1. Win32 error
 code returned by the print processor: 259 (0x103).
 
Error - 1/22/2014 10:55:31 AM | Computer Name = DH32RNG1 | Source = Print | ID = 6161
Description = The document Microsoft Word - Ch9afterparty.docx owned by Marian failed
 to print on printer HP Deskjet 2510 series. Data type: NT EMF 1.008. Size of the
 spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the
 document: 0. Number of pages printed: 0. Client machine: \\DH32RNG1. Win32 error
 code returned by the print processor: 259 (0x103).
 
Error - 1/23/2014 9:59:00 AM | Computer Name = DH32RNG1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.101 on
 the  Network Card with network address 001D099D4944.
 
Error - 1/26/2014 12:01:07 PM | Computer Name = DH32RNG1 | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 85e18530, parameter2 86b81a98, parameter3
 86b926d0, parameter4 00000001.
 
 
< End of report >
 



#5 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 28 January 2014 - 05:03 AM

Hi rhodaellen,

We need to run ComboFix. Please visit this webpage for download links, and instructions for running the tool: 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please do not follow the uninstallation part of the instructions until i tell you to please.

Please include the C:\ComboFix.txt in your next reply for further review.

 

If you encouter any problems with these instructions please let me know.

 

Regards,

alexsmith2709



#6 rhodaellen

rhodaellen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 30 January 2014 - 11:03 AM

 I am still here, but I am waiting for help on running the program.  I'll have the report this Saturday.

Thanks for all your help so far.  My computer is much improved.
I'



#7 rhodaellen

rhodaellen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 02 February 2014 - 01:11 PM

Attached File  combofixlog.txt   9.84KB   3 downloads

alex

here's the report  I got from running combofix

what do you think?



#8 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 05 February 2014 - 03:52 AM

Thanks.

Next we need to uninstall some programs.

Click on the Start button on the taskbar and then click on the Control Panel icon.

Please double-click the Add or Remove Programs icon:
A list of programs installed will be populated this may take a bit of time.

In this list please find the program SearchAssist click Change (or Change/Remove):

A wizard should then open, which will guide you through the rest of the uninstall.

Please repeat these instructions for the program Coupon Printer for Windows.

 

Now please download AdwCleaner by Xplode and save to your Desktop.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished please click the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of #represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

Could you also please run another scan using OTL and post the report in the next reply.

A recap of the OTL instructions are:

  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.

Regards,

Alex



#9 rhodaellen

rhodaellen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 09 February 2014 - 12:16 PM

Alex:

got the two programs removed

and here are the reports from the scans

You think this might of got it?

there's quite an improvement on how its running now.

 

# AdwCleaner v3.018 - Report created 09/02/2014 at 10:42:56
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Marian - DH32RNG1
# Running from : C:\Documents and Settings\Marian\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\extension@FastFreeConverter.com
File Deleted : C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\.autoreg

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C792A75A-2A1F-4991-9B85-291745478A79}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v2.0.0.20 (en-US)

[ File : C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [21949 octets] - [05/01/2014 17:49:08]
AdwCleaner[R1].txt - [22010 octets] - [06/01/2014 17:28:08]
AdwCleaner[R2].txt - [1142 octets] - [08/01/2014 16:41:35]
AdwCleaner[R3].txt - [1593 octets] - [09/02/2014 10:40:12]
AdwCleaner[S0].txt - [22360 octets] - [06/01/2014 18:46:15]
AdwCleaner[S1].txt - [1204 octets] - [08/01/2014 16:56:31]
AdwCleaner[S2].txt - [1520 octets] - [09/02/2014 10:42:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1580 octets] ##########

 

olt scan txt

 

OTL logfile created on: 2/9/2014 10:50:32 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Marian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.10 Mb Total Physical Memory | 333.67 Mb Available Physical Memory | 32.94% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 165.89 Gb Free Space | 72.29% Space Free | Partition Type: NTFS
Drive D: | 40.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: DH32RNG1 | User Name: Marian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/06 07:54:11 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/01/26 10:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
PRC - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/22 07:18:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/17 10:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/06 07:54:20 | 003,019,376 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2014/02/06 07:54:19 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/02/06 07:54:19 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/02/06 07:54:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 08:51:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Marian\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/01/05 16:40:43 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/11 18:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/07/16 18:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes,DefaultScope = {76A560C1-73B3-437E-BAD2-0C2BA605EAFF}
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{76A560C1-73B3-437E-BAD2-0C2BA605EAFF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{7B9731F8-D2B6-4FF4-A1D5-98A586F99A4A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.google.mozilla.com/firefox"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Marian\My Documents\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/22 07:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/09 10:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/09 10:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012/07/14 09:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Extensions
[2014/02/02 11:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions
[2010/03/20 09:36:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/14 09:28:48 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\links@rivalgaming.com
[2013/06/09 10:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\support@searchdonkeyapp.com
[2014/01/19 10:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/24 21:26:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/12 07:22:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/19 06:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 07:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 08:54:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/29 12:00:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/11/24 21:26:11 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2010/05/14 06:31:29 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/10/22 07:18:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/05/14 06:31:12 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2010/05/14 06:31:13 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2010/05/14 06:31:13 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2010/05/14 06:31:15 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2010/05/14 06:31:15 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com
CHR - Extension: Entanglement = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
 
O1 HOSTS File: ([2014/02/02 11:55:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Spyde%20Solitaire/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1371057051500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1373819573921 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7553F93-3A5C-4556-93B2-A9D9FCA86659}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/06 07:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2014/02/05 12:06:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/02 12:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/02/02 11:22:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/02/02 11:19:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/02 11:19:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/02 11:19:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/02 11:19:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/02 11:19:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/02 11:19:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/02/02 11:16:18 | 005,179,159 | R--- | C] (Swearware) -- C:\Documents and Settings\Marian\Desktop\ComboFix.exe
[2014/01/26 10:07:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
[2014/01/25 14:45:21 | 000,000,000 | ---D | C] -- C:\Charlot
[2014/01/14 16:58:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Marian\Start Menu\Programs\Administrative Tools
[2014/01/14 16:57:54 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Marian\Desktop\dds.com
[2014/01/13 16:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
[2014/01/13 16:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marian\Application Data\gtk-2.0
[2014/01/10 17:34:05 | 000,000,000 | ---D | C] -- C:\Second Run
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/09 10:45:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/09 10:45:33 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-319201712-1820719856-627546557-1005.job
[2014/02/09 10:45:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/09 10:45:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/09 10:45:12 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/09 10:39:22 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\AdwCleaner.exe
[2014/02/09 10:31:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/09 10:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/09 10:14:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-319201712-1820719856-627546557-1005.job
[2014/02/08 18:31:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/08 10:23:42 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Microsoft Word 2010.lnk
[2014/02/02 11:55:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/02 11:22:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/02/02 11:18:47 | 005,179,159 | R--- | M] (Swearware) -- C:\Documents and Settings\Marian\Desktop\ComboFix.exe
[2014/02/02 10:24:18 | 000,017,646 | ---- | M] () -- C:\Documents and Settings\Marian\Application Data\wklnhst.dat
[2014/01/27 11:57:45 | 000,000,488 | ---- | M] () -- C:\WINDOWS\DHO.INI
[2014/01/26 10:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
[2014/01/25 15:20:43 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Charlot.lnk
[2014/01/15 11:01:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/14 16:58:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Marian\Desktop\dds.com
[2014/01/13 16:43:55 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Marian\.recently-used.xbel
[2014/01/10 17:33:19 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Local Disk ©.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/07 18:26:15 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/07 18:26:11 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/02 11:22:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/02/02 11:22:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/02/02 11:19:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/02 11:19:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/02 11:19:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/02 11:19:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/02 11:19:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/25 15:20:43 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Charlot.lnk
[2014/01/13 16:43:55 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Marian\.recently-used.xbel
[2014/01/10 17:33:19 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Local Disk ©.lnk
[2013/12/24 15:02:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/24 08:14:43 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\laprscvg
[2013/12/24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko
[2013/12/24 08:12:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marian\Application Data\SharedSettings.ccs
[2012/10/06 12:05:33 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/07/14 09:30:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/15 07:51:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/10/02 17:19:47 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/13 11:49:50 | 000,007,869 | ---- | C] () -- C:\Documents and Settings\Marian\DModem_Trace.trc
[2008/09/09 16:42:01 | 000,017,646 | ---- | C] () -- C:\Documents and Settings\Marian\Application Data\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



#10 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 12 February 2014 - 03:53 AM

We need to perform another fix using OTL.

Please reopen OTL.

  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    [2013/12/24 08:14:43 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\laprscvg
    [2013/12/24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

 

I notice you already have malwarebytes installed on your computer. I'd like to run a scan with that now.

Start malwarebytes and if it asks to update, please allow it to do so. If it does not ask you, go to the Update tab and check for database definition updates.

  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Now i'd like you to download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

 

Could you also perform another scan using OTL and post the log file for that too.

 

If you have any trouble doing any step i've mentioned please ask for help before proceeding to the next stage.



#11 rhodaellen

rhodaellen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 16 February 2014 - 05:03 PM

Hi Alex

 

Here's the Malware report

OTL logfile created on: 2/16/2014 10:07:19 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Marian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.10 Mb Total Physical Memory | 401.23 Mb Available Physical Memory | 39.60% Memory free
2.38 Gb Paging File | 1.91 Gb Available in Paging File | 80.33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 165.09 Gb Free Space | 71.94% Space Free | Partition Type: NTFS
Drive D: | 40.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: DH32RNG1 | User Name: Marian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/06 07:54:11 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/01/26 10:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/22 07:18:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/17 10:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/06 07:54:20 | 003,019,376 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2014/02/06 07:54:19 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/02/06 07:54:19 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/02/06 07:54:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 08:51:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Marian\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/02/16 10:08:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/01/05 16:40:43 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/11 18:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/07/16 18:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes,DefaultScope = {76A560C1-73B3-437E-BAD2-0C2BA605EAFF}
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{76A560C1-73B3-437E-BAD2-0C2BA605EAFF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{7B9731F8-D2B6-4FF4-A1D5-98A586F99A4A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.google.mozilla.com/firefox"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Marian\My Documents\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/22 07:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/09 10:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/09 10:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012/07/14 09:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Extensions
[2014/02/02 11:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions
[2010/03/20 09:36:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/14 09:28:48 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\links@rivalgaming.com
[2013/06/09 10:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\support@searchdonkeyapp.com
[2014/01/19 10:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/24 21:26:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/12 07:22:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/19 06:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 07:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 08:54:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/29 12:00:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/11/24 21:26:11 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2010/05/14 06:31:29 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/10/22 07:18:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/05/14 06:31:12 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2010/05/14 06:31:13 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2010/05/14 06:31:13 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2010/05/14 06:31:15 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2010/05/14 06:31:15 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com
CHR - Extension: Entanglement = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
 
O1 HOSTS File: ([2014/02/02 11:55:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-319201712-1820719856-627546557-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Spyde%20Solitaire/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1371057051500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1373819573921 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7553F93-3A5C-4556-93B2-A9D9FCA86659}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/16 10:08:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/02/15 08:15:48 | 000,000,000 | ---D | C] -- C:\Paris Blog
[2014/02/06 07:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2014/02/05 12:06:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/02 12:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/02/02 11:22:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/02/02 11:19:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/02 11:19:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/02 11:19:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/02 11:19:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/02 11:19:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/02 11:19:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/02/02 11:16:18 | 005,179,159 | R--- | C] (Swearware) -- C:\Documents and Settings\Marian\Desktop\ComboFix.exe
[2014/01/26 10:07:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
[2014/01/25 14:45:21 | 000,000,000 | ---D | C] -- C:\Charlot
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/16 10:31:04 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/16 10:30:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/16 10:19:07 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Marian\Desktop\esetsmartinstaller_enu.exe
[2014/02/16 10:14:08 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-319201712-1820719856-627546557-1005.job
[2014/02/16 10:09:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/02/16 08:30:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 18:31:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/15 08:20:05 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Paris Blog.lnk
[2014/02/15 07:30:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-319201712-1820719856-627546557-1005.job
[2014/02/15 07:30:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/15 07:30:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/15 07:30:21 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 11:25:55 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Microsoft Word 2010.lnk
[2014/02/14 11:25:46 | 000,017,622 | ---- | M] () -- C:\Documents and Settings\Marian\Application Data\wklnhst.dat
[2014/02/14 08:51:42 | 000,000,586 | ---- | M] () -- C:\WINDOWS\DHO.INI
[2014/02/12 13:36:22 | 000,446,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 13:36:22 | 000,073,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 13:13:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/09 10:39:22 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\AdwCleaner.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 17:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 17:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 17:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 17:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 17:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 17:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 17:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 17:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 17:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 17:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 17:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 17:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 17:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 17:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 17:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 17:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 17:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 17:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 17:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 17:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 17:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 17:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 17:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 17:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 17:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 17:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 17:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 17:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 17:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 17:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 16:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/02/02 11:55:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/02 11:22:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/02/02 11:18:47 | 005,179,159 | R--- | M] (Swearware) -- C:\Documents and Settings\Marian\Desktop\ComboFix.exe
[2014/01/26 10:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
[2014/01/25 15:20:43 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Charlot.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/15 08:20:05 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Paris Blog.lnk
[2014/02/07 18:26:15 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/07 18:26:11 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/02 11:22:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/02/02 11:22:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/02/02 11:19:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/02 11:19:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/02 11:19:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/02 11:19:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/02 11:19:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/25 15:20:43 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Charlot.lnk
[2014/01/13 16:43:55 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Marian\.recently-used.xbel
[2013/12/24 15:02:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/24 08:14:43 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\laprscvg
[2013/12/24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko
[2013/12/24 08:12:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marian\Application Data\SharedSettings.ccs
[2012/10/06 12:05:33 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/07/14 09:30:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/02 17:19:47 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/13 11:49:50 | 000,007,869 | ---- | C] () -- C:\Documents and Settings\Marian\DModem_Trace.trc
[2008/09/09 16:42:01 | 000,017,622 | ---- | C] () -- C:\Documents and Settings\Marian\Application Data\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< :OTL >
 
< [2013/12/24 08:14:43 | >
Invalid Switch: 24 08:14:43 |
 
< 000,012,326 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\laprscvg >
 
< [2013/12/24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko >
Invalid Switch: 24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko
 
<  >
 
< Push  >

< End of report >

 

Here's the security check

 

's Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Adobe Reader XI 
 Mozilla Firefox (2.0.0 Firefox out of Date! 
 Mozilla Thunderbird (24.3.0)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes Anti-Malware mbam.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe 
 ESET ESET Online Scanner OnlineCmdLineScanner.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

this is the OTL with text instructions

 

OTL logfile created on: 2/16/2014 10:07:19 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Marian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.10 Mb Total Physical Memory | 401.23 Mb Available Physical Memory | 39.60% Memory free
2.38 Gb Paging File | 1.91 Gb Available in Paging File | 80.33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 165.09 Gb Free Space | 71.94% Space Free | Partition Type: NTFS
Drive D: | 40.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: DH32RNG1 | User Name: Marian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/06 07:54:11 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/01/26 10:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/22 07:18:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/17 10:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/06 07:54:20 | 003,019,376 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2014/02/06 07:54:19 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/02/06 07:54:19 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/02/06 07:54:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 08:51:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Marian\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/02/16 10:08:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/01/05 16:40:43 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/11 18:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/07/16 18:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes,DefaultScope = {76A560C1-73B3-437E-BAD2-0C2BA605EAFF}
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{76A560C1-73B3-437E-BAD2-0C2BA605EAFF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\SearchScopes\{7B9731F8-D2B6-4FF4-A1D5-98A586F99A4A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.google.mozilla.com/firefox"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Marian\My Documents\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/22 07:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/09 10:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/09 10:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012/07/14 09:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Extensions
[2014/02/02 11:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions
[2010/03/20 09:36:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/14 09:28:48 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\links@rivalgaming.com
[2013/06/09 10:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marian\Application Data\Mozilla\Firefox\Profiles\z1mz9v33.default\extensions\support@searchdonkeyapp.com
[2014/01/19 10:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/24 21:26:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/12 07:22:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/19 06:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 07:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 08:54:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/29 12:00:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/11/24 21:26:11 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2010/05/14 06:31:29 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/10/22 07:18:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/05/14 06:31:12 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2010/05/14 06:31:13 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2010/05/14 06:31:13 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2010/05/14 06:31:15 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2010/05/14 06:31:15 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com
CHR - Extension: Entanglement = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Marian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
 
O1 HOSTS File: ([2014/02/02 11:55:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-319201712-1820719856-627546557-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-319201712-1820719856-627546557-1005\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Spyde%20Solitaire/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1371057051500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1373819573921 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7553F93-3A5C-4556-93B2-A9D9FCA86659}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/16 10:08:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/02/15 08:15:48 | 000,000,000 | ---D | C] -- C:\Paris Blog
[2014/02/06 07:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2014/02/05 12:06:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/02 12:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/02/02 11:22:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/02/02 11:19:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/02 11:19:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/02 11:19:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/02 11:19:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/02 11:19:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/02 11:19:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/02/02 11:16:18 | 005,179,159 | R--- | C] (Swearware) -- C:\Documents and Settings\Marian\Desktop\ComboFix.exe
[2014/01/26 10:07:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
[2014/01/25 14:45:21 | 000,000,000 | ---D | C] -- C:\Charlot
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/16 10:31:04 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/16 10:30:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/16 10:19:07 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Marian\Desktop\esetsmartinstaller_enu.exe
[2014/02/16 10:14:08 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-319201712-1820719856-627546557-1005.job
[2014/02/16 10:09:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/02/16 08:30:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 18:31:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/15 08:20:05 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Paris Blog.lnk
[2014/02/15 07:30:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-319201712-1820719856-627546557-1005.job
[2014/02/15 07:30:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/15 07:30:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/15 07:30:21 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 11:25:55 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Microsoft Word 2010.lnk
[2014/02/14 11:25:46 | 000,017,622 | ---- | M] () -- C:\Documents and Settings\Marian\Application Data\wklnhst.dat
[2014/02/14 08:51:42 | 000,000,586 | ---- | M] () -- C:\WINDOWS\DHO.INI
[2014/02/12 13:36:22 | 000,446,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 13:36:22 | 000,073,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 13:13:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/09 10:39:22 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\AdwCleaner.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 17:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 17:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 17:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 17:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 17:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 17:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 17:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 17:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 17:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 17:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 17:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 17:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 17:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 17:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 17:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 17:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 17:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 17:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 17:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 17:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 17:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 17:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 17:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 17:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 17:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 17:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 17:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 17:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 17:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 17:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 16:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/02/02 11:55:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/02 11:22:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/02/02 11:18:47 | 005,179,159 | R--- | M] (Swearware) -- C:\Documents and Settings\Marian\Desktop\ComboFix.exe
[2014/01/26 10:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marian\Desktop\OTL.exe
[2014/01/25 15:20:43 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Charlot.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/15 08:20:05 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Paris Blog.lnk
[2014/02/07 18:26:15 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/07 18:26:11 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/02 11:22:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/02/02 11:22:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/02/02 11:19:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/02 11:19:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/02 11:19:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/02 11:19:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/02 11:19:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/25 15:20:43 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Marian\Desktop\Shortcut to Charlot.lnk
[2014/01/13 16:43:55 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Marian\.recently-used.xbel
[2013/12/24 15:02:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/24 08:14:43 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\laprscvg
[2013/12/24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko
[2013/12/24 08:12:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marian\Application Data\SharedSettings.ccs
[2012/10/06 12:05:33 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/07/14 09:30:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/02 17:19:47 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/13 11:49:50 | 000,007,869 | ---- | C] () -- C:\Documents and Settings\Marian\DModem_Trace.trc
[2008/09/09 16:42:01 | 000,017,622 | ---- | C] () -- C:\Documents and Settings\Marian\Application Data\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< :OTL >
 
< [2013/12/24 08:14:43 | >
Invalid Switch: 24 08:14:43 |
 
< 000,012,326 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\laprscvg >
 
< [2013/12/24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko >
Invalid Switch: 24 08:13:41 | 000,067,992 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko
 
<  >
 
< Push  >

< End of report >



#12 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 17 February 2014 - 08:57 AM

Hi rhodaellen,

You didnt follow my instructions quite right. Please re-read them and follow exactly what it says. In OTL you ran a scan instead of a fix in the first part of my instructions.

You also did not post a log from Malwarebyte or ESET, did you run these?

 

Please follow my previous instructions again. Let me know if you have any problems before continuing to the next instruction.

 

Regards,

Alex



#13 rhodaellen

rhodaellen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 23 February 2014 - 02:15 PM

Alex-

Here's the text from sceurity check

Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Adobe Reader XI 
 Mozilla Firefox (2.0.0 Firefox out of Date! 
 Mozilla Thunderbird (24.3.0)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 ESET ESET Online Scanner OnlineCmdLineScanner.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

Here's the fix run from OTL

========== OTL ==========
File 13/12/24 08:14:43 | not found.
C:\Documents and Settings\Marian\Local Settings\Application Data\khcaohko moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 02232014_112109

 

this is the last run of malware

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Marian :: DH32RNG1 [administrator]

Protection: Enabled

2/23/2014 11:24:58 AM
mbam-log-2014-02-23 (11-24-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 249657
Time elapsed: 45 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

The ESET program found no threats

it only gave me the choice of removing files in quartine

and I removed them.

Hope this will help you

thanks again

 

 



#14 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 26 February 2014 - 09:11 AM

Hi rhodaellen,

The fix has not been run properly again.

Please reopen OTL.

  • Copy and Paste the following code exactly as I have written into the customscanfix.png textbox.
    :OTL
    [2013/12/24 08:14:43 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\Marian\Local Settings\Application Data\laprscvg
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

After that fix, please run another scan using OTL and post that log too.

It is important you follow these instructions exactly as written and in this order.

 

Regards,

Alex



#15 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 07 March 2014 - 03:52 AM

Hi rhodaellen,

I havent heard from you in a while. Is everything ok? Do you need any help running these instructions?

 

Regards,

Alex






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users