Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

think I am hit by a virus again


  • Please log in to reply

#1
islandcat

islandcat

    Member

  • Member
  • PipPipPip
  • 239 posts

Here I am again...was watching movies and hit by everything. Lots of pop ups and helps if I disable them but cant get other programs up in particular facebook. Still trying to keep my old desk top running....

OTL

OTL logfile created on: 26/02/2014 11:34:57 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.33% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 265.35 Gb Free Space | 89.02% Space Free | Partition Type: NTFS

Computer Name: DISCOVERY_OEM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/26 23:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014/02/25 09:51:03 | 000,111,904 | ---- | M] () -- C:\Program Files\Cling Clang\updateClingClang.exe
PRC - [2014/02/25 09:20:41 | 000,111,904 | ---- | M] () -- C:\Program Files\Cling Clang\bin\utilClingClang.exe
PRC - [2014/02/18 23:04:17 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2014/02/18 23:04:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2014/02/07 11:28:40 | 007,936,928 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
PRC - [2014/01/29 12:36:12 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/12/19 03:04:36 | 000,247,848 | ---- | M] () -- C:\Program Files\Discount Dragon\FrameworkEngine.exe
PRC - [2013/09/10 22:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 22:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/18 16:00:00 | 000,685,496 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/26 02:39:35 | 002,185,216 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\14022600\algo.dll
MOD - [2014/02/25 09:51:03 | 000,111,904 | ---- | M] () -- C:\Program Files\Cling Clang\updateClingClang.exe
MOD - [2014/02/25 09:20:41 | 000,111,904 | ---- | M] () -- C:\Program Files\Cling Clang\bin\utilClingClang.exe
MOD - [2014/02/18 23:04:19 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2014/02/14 09:05:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/14 09:04:47 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/13 23:05:27 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2014/02/13 23:05:24 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2014/02/13 23:05:15 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2014/02/13 23:02:49 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 22:57:59 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 22:57:52 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/13 22:57:36 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/13 22:53:30 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 22:53:18 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2013/12/19 03:04:36 | 000,258,088 | ---- | M] () -- C:\Program Files\Discount Dragon\FrameworkBHO.dll
MOD - [2013/12/19 03:04:36 | 000,247,848 | ---- | M] () -- C:\Program Files\Discount Dragon\FrameworkEngine.exe
MOD - [2013/08/24 15:31:09 | 000,991,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/19 08:37:38 | 000,565,827 | ---- | M] () -- C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fortunitas\updateFortunitas.exe -- (Update Fortunitas)
SRV - File not found [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/25 09:51:03 | 000,111,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Cling Clang\updateClingClang.exe -- (Update Cling Clang)
SRV - [2014/02/25 09:20:41 | 000,111,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Cling Clang\bin\utilClingClang.exe -- (Util Cling Clang)
SRV - [2014/02/20 22:24:30 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/18 23:04:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/01/29 12:36:12 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/10 22:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/02/19 10:51:45 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/18 23:04:20 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/18 23:04:20 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/18 23:04:20 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/02/18 23:04:20 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/18 23:04:20 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/02/18 23:04:20 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/09/10 22:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 22:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 22:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/24 15:31:08 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/01 13:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/12/17 17:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/11/23 17:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/09/30 12:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 12:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2004/08/14 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-yie8
IE - HKLM\..\SearchScopes,DefaultScope = {C2520061-D35C-43CB-BBFF-55F8856007F2}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{C2520061-D35C-43CB-BBFF-55F8856007F2}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\..\SearchScopes,DefaultScope = {C2520061-D35C-43CB-BBFF-55F8856007F2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{34938107-DEA4-4024-BAF3-28F17A0D1889}: "URL" = http://ca.search.yah...f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{78ABE21E-9201-4454-B830-681304F5CF46}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{C2520061-D35C-43CB-BBFF-55F8856007F2}: "URL" = http://www.google.co...1I7MXGB_enCA562
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2013/06/23 09:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2012/11/17 16:05:54 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/06/23 09:45:34 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2014/02/15 17:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions
[2013/06/24 13:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/06/24 13:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\extensions
[2013/01/30 10:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/12/13 12:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/01/26 17:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.0.540_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\crossrider
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.69_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk\10.26.0.540_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/15 17:44:44 | 000,000,074 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac
O2 - BHO: (KeyBar 1.13 Toolbar) - {02edb56b-9b33-435b-b7df-b2843273a694} - C:\Program Files\KeyBar_1.13\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {11111111-1111-1111-1111-110411411150} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Cling Clang) - {aa9aa36b-5b7b-4996-b083-83ef84d53b19} - C:\Program Files\Cling Clang\ClingClangBHO.dll (Cling Clang)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Discount Dragon BHO) - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} - C:\Program Files\Discount Dragon\FrameworkBHO.dll ()
O3 - HKLM\..\Toolbar: (KeyBar 1.13 Toolbar) - {02edb56b-9b33-435b-b7df-b2843273a694} - C:\Program Files\KeyBar_1.13\prxtbKeyB.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (KeyBar 1.13 Toolbar) - {02EDB56B-9B33-435B-B7DF-B2843273A694} - C:\Program Files\KeyBar_1.13\prxtbKeyB.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [fst_ca_39] File not found
O4 - HKLM..\Run: [upfst_ca_39.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\fst_ca_39\upfst_ca_39.exe -runhelper File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{084AD338-656F-441F-9565-75E3E6E8E40B}: DhcpNameServer = 192.168.1.254 75.153.176.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 00:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/26 23:34:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/02/26 23:12:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/02/26 23:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2014/02/26 23:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2014/02/26 23:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2014/02/26 23:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2014/02/19 10:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2014/02/18 23:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/02/18 23:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/17 23:10:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/02/15 18:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/02/15 17:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Cling Clang
[2014/02/15 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2014/02/15 17:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
[2014/02/15 17:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\BenchUpdater
[2014/02/15 17:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Discount Dragon
[2014/02/15 17:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bench
[2014/02/15 17:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerEnhance
[2014/02/15 17:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fst_ca_39
[2014/02/15 17:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\fst_ca_39
[2014/01/30 11:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2014/01/29 12:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/26 23:41:00 | 000,003,108 | ---- | M] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-chromeinstaller.job
[2014/02/26 23:41:00 | 000,002,392 | ---- | M] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-firefoxinstaller.job
[2014/02/26 23:41:00 | 000,001,560 | ---- | M] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-codedownloader.job
[2014/02/26 23:41:00 | 000,001,458 | ---- | M] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-enabler.job
[2014/02/26 23:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/02/26 23:30:12 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/26 23:30:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/26 23:29:26 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/26 23:29:25 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\Health-Check-auto.job
[2014/02/26 23:29:24 | 000,001,604 | ---- | M] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-updater.job
[2014/02/26 23:29:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/26 22:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/26 22:20:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\bench-sys.job
[2014/02/26 21:02:01 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\bench-S-1-5-21-1645522239-583907252-725345543-1003.job
[2014/02/26 18:45:15 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6EE35779-6B64-4A9A-955D-9B8C948635F2}.job
[2014/02/26 10:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\Health-Check.job
[2014/02/25 15:22:59 | 000,007,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Lynda Schwarz - Netfile Federal 2013.tax
[2014/02/25 13:14:34 | 000,094,866 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\angel3.jpg
[2014/02/25 13:10:57 | 000,104,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\angel2.jpg
[2014/02/25 13:03:56 | 000,050,497 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\angel.jpg
[2014/02/23 10:11:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/22 16:35:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/20 17:46:58 | 000,009,759 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Erin-2013taxes.tax
[2014/02/19 10:51:45 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/18 23:04:37 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/02/18 23:04:20 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/18 23:04:20 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/18 23:04:20 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/18 23:04:20 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/18 23:04:20 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/18 23:04:20 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/18 23:04:20 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/18 23:04:20 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/18 23:01:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2014/02/15 17:26:47 | 000,327,440 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Player Setup.exe
[2014/02/13 23:08:26 | 000,565,048 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/13 23:08:26 | 000,106,406 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/13 19:13:23 | 000,002,076 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Advanced Uninstaller PRO 11.lnk
[2014/02/13 16:25:54 | 000,003,523 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\erin_scheduler_resume_feb2014.odt
[2014/02/09 20:15:52 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpF6C1A.FOT
[2014/02/09 20:15:52 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp2FB1A.FOT
[2014/02/04 22:11:19 | 002,335,928 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\camp brochure 2014[1].pdf
[2014/02/04 17:04:42 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\A Look Back.url
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/25 15:22:59 | 000,007,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Lynda Schwarz - Netfile Federal 2013.tax
[2014/02/25 13:14:34 | 000,094,866 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\angel3.jpg
[2014/02/25 13:10:57 | 000,104,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\angel2.jpg
[2014/02/25 13:03:55 | 000,050,497 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\angel.jpg
[2014/02/20 17:46:55 | 000,009,759 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Erin-2013taxes.tax
[2014/02/16 00:17:31 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-583907252-725345543-1003-0.dat
[2014/02/16 00:17:30 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/02/15 17:44:40 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\bench-sys.job
[2014/02/15 17:44:40 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\bench-S-1-5-21-1645522239-583907252-725345543-1003.job
[2014/02/15 17:42:03 | 000,001,604 | ---- | C] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-updater.job
[2014/02/15 17:41:58 | 000,001,458 | ---- | C] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-enabler.job
[2014/02/15 17:41:54 | 000,001,560 | ---- | C] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-codedownloader.job
[2014/02/15 17:41:41 | 000,002,392 | ---- | C] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-firefoxinstaller.job
[2014/02/15 17:41:31 | 000,003,108 | ---- | C] () -- C:\WINDOWS\tasks\MediaPlayerEnhance-chromeinstaller.job
[2014/02/15 17:26:45 | 000,327,440 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Player Setup.exe
[2014/02/13 16:24:39 | 000,003,523 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\erin_scheduler_resume_feb2014.odt
[2014/02/09 20:15:52 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpF6C1A.FOT
[2014/02/09 20:15:52 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp2FB1A.FOT
[2014/02/04 22:11:19 | 002,335,928 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\camp brochure 2014[1].pdf
[2014/02/04 17:04:57 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\A Look Back.url
[2013/06/25 18:23:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/22 14:29:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/22 14:29:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/22 14:29:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/22 14:29:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/22 14:29:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/21 19:37:46 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/21 19:37:46 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/04/09 21:38:56 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/02/08 04:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/22 12:21:46 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/11/07 11:22:10 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Owner\Webmail.URL

========== ZeroAccess Check ==========

[2013/01/26 17:42:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/24 13:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/11/19 17:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\19196
[2010/11/28 13:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2014/02/18 23:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/25 14:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2012/01/20 23:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/01/09 14:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2013/12/03 14:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/05/22 19:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JuliettesFashionEmpire
[2011/02/07 22:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2012/03/03 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2013/12/01 22:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/04/17 17:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2012/11/10 14:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/01/23 23:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2013/06/24 13:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/11/10 17:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS
[2011/02/19 23:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2013/08/24 15:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/10/15 19:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/25 12:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/06 11:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artifex Mundi
[2014/02/19 10:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2013/06/21 17:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BabSolution
[2013/10/07 14:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2011/09/28 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\bsbandmltbpi
[2012/11/15 11:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ekidon
[2011/08/13 21:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2011/02/28 22:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2012/02/28 15:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2011/01/22 17:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameInvest
[2011/02/18 22:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2012/02/25 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2012/02/19 17:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Happy Artist Studio
[2012/01/20 21:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Happy Chef
[2013/01/30 11:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2012/05/16 13:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LegacyInteractive
[2012/04/23 22:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2012/02/25 14:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Maximize Games
[2010/11/29 17:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2012/11/17 17:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2012/03/03 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Games
[2011/02/18 22:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media
[2012/01/30 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ph03nixNewMedia
[2012/05/22 17:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2012/11/07 11:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Radialpoint
[2013/04/20 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2012/11/07 11:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TELUS
[2013/04/01 14:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TFP
[2011/04/25 10:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2012/01/30 21:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViquaSoft
[2012/03/13 11:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yly
[2014/02/26 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}

========== Purity Check ==========



< End of report >


  • 0

Advertisements


#2
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello islandcat,

My name is Teima and I'll be happy to assist you with this issue. Before we commence I'd like to ask that you take into careful thought of the points which I've listed below as they will beneficial to the guidance as to which I'll present yourself with here on Geekstogo. :)

Notes before we commence:

  • It's important that you reply within four days. If you haven't replied within that time, the thread will be closed.
  • As the process of malware removal is often challenging at times I'd like you to take into consideration that it may take multiple replies in order to resolve the issue/issues present.
  • If you are uncertain about any of the steps as to which I present yourself with. Please feel free to ask myself for further clarification.
  • It's important that you don't use tools which have been recommended for other users of the forum, failure to follow these guidelines will most likely result in an unbootable machine.
  • These steps only apply for the user "islandcat". If you're reading this thread and you're requiring assistance, then read this thread and follow the listed steps carefully.
  • The absence of symptoms does not necessarily mean that your system is clean. Please stick with me until I state that your system is clean.
  • If It's been a total of three days and you've yet to receive a response from myself. Please send myself a reminder by clicking here and attaching the appropriate thread link where I can respond.
Extra

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have two people examining your issue. Thanks for your consideration. :thumbsup:
  • 0

#3
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
Thanks you are all awesome.
  • 0

#4
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello islandcat. I hope all is well. I do notice that you have ran Combofix on your machine. Please note that Combofix is an advanced tool and shouldn't be run unless under the supervision of someone that's trained for its use. :)

Step One

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:Commands
[CREATERESTOREPOINT]

:OTL
MOD - [2014/02/25 09:51:03 | 000,111,904 | ---- | M] () -- C:\Program Files\Cling Clang\updateClingClang.exe
MOD - [2014/02/25 09:20:41 | 000,111,904 | ---- | M] () -- C:\Program Files\Cling Clang\bin\utilClingClang.exe
MOD - [2013/12/19 03:04:36 | 000,258,088 | ---- | M] () -- C:\Program Files\Discount Dragon\FrameworkBHO.dll
MOD - [2013/12/19 03:04:36 | 000,247,848 | ---- | M] () -- C:\Program Files\Discount Dragon\FrameworkEngine.exe
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fortunitas\updateFortunitas.exe -- (Update Fortunitas)
SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
O2 - BHO: (KeyBar 1.13 Toolbar) - {02edb56b-9b33-435b-b7df-b2843273a694} - C:\Program Files\KeyBar_1.13\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (no name) - {11111111-1111-1111-1111-110411411150} - No CLSID value found.
O2 - BHO: (Cling Clang) - {aa9aa36b-5b7b-4996-b083-83ef84d53b19} - C:\Program Files\Cling Clang\ClingClangBHO.dll (Cling Clang)
O2 - BHO: (Discount Dragon BHO) - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} - C:\Program Files\Discount Dragon\FrameworkBHO.dll ()
O3 - HKLM\..\Toolbar: (KeyBar 1.13 Toolbar) - {02edb56b-9b33-435b-b7df-b2843273a694} - C:\Program Files\KeyBar_1.13\prxtbKeyB.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (KeyBar 1.13 Toolbar) - {02EDB56B-9B33-435B-B7DF-B2843273A694} - C:\Program Files\KeyBar_1.13\prxtbKeyB.dll (Conduit Ltd.)
O4 - HKLM..\Run: [fst_ca_39] File not found
O4 - HKLM..\Run: [upfst_ca_39.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\fst_ca_39\upfst_ca_39.exe -runhelper File not found
[2014/02/15 18:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/02/15 17:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Cling Clang
[2014/02/15 17:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Discount Dragon
[2014/02/15 17:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bench
[2014/02/15 17:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerEnhance
[2014/02/15 17:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fst_ca_39
[2014/02/15 17:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\fst_ca_39
[2014/02/15 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\predm

:Commands
[emptytemp]
[resethosts]
  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.

Step Two

Download AdwCleaner from here to your desktop.

Run AdwCleaner and select Delete.

Posted Image

Once done it will ask to reboot, allow this.

On reboot a log will be produced please attach that for me to review.
  • 0

#5
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
Thanks will get this done. Combo fix is there from the last time i was helped.
  • 0

#6
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
How long shld this take? Have bad feeling its doing nothing. Had to disable avast. I did not run otl as had previously. Just opened it and copied and pasted. And hit fix. Its been half hour and see no action. Did i do it wrong?
  • 0

#7
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
Had to uninstall malwarebytes to get it to work. reports as requested. It think I can see a difference already.

Attached Files


  • 0

#8
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
gonna save reports as follows

Attached Files


  • 0

#9
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello! Sorry about the delay. I've had quite a big week due to University Studies. :) I'm glad to hear that that you notice a difference with your machine. What we'll do is re-install Malwarebytes and follow through with a custom OTL scan. We are almost done. :thumbsup:

Step One

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware from here.

  • Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click scan.
  • When the scan is complete, click OK, then show results to view the scan results.
  • If anything is found make sure that everything is checked, and then click remove selected.
  • Once the scan has completed, a log will open in Notepad and you may be prompted to restart.
  • Please note the log is automatically saved and can be viewed by clicking the logs tab within Malwarebytes.
  • Copy and paste the entire content of that report within your next response.

Step Two

I would assume you still have OTL on your machine. Right-click on OTL.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.

  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your reply. If both log won't fit in the same post, you may post them in two separate posts.

  • 0

#10
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
OTL Report

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Releasing module C:\Program Files\Cling Clang\updateClingClang.exe
C:\Program Files\Cling Clang\updateClingClang.exe moved successfully.
Releasing module C:\Program Files\Cling Clang\bin\utilClingClang.exe
C:\Program Files\Cling Clang\bin\utilClingClang.exe moved successfully.
Releasing module C:\Program Files\Discount Dragon\FrameworkBHO.dll
File move failed. C:\Program Files\Discount Dragon\FrameworkBHO.dll scheduled to be moved on reboot.
Service Update Fortunitas stopped successfully!
Service Update Fortunitas deleted successfully!
File C:\Program Files\Fortunitas\updateFortunitas.exe not found.
Service BackupStack stopped successfully!
Service BackupStack deleted successfully!
File C:\Program Files\MyPC Backup\BackupStack.exe not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02edb56b-9b33-435b-b7df-b2843273a694}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02edb56b-9b33-435b-b7df-b2843273a694}\ deleted successfully.
C:\Program Files\KeyBar_1.13\prxtbKeyB.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa9aa36b-5b7b-4996-b083-83ef84d53b19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa9aa36b-5b7b-4996-b083-83ef84d53b19}\ deleted successfully.
File move failed. C:\Program Files\Cling Clang\ClingClangBHO.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}\ deleted successfully.
File move failed. C:\Program Files\Discount Dragon\FrameworkBHO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{02edb56b-9b33-435b-b7df-b2843273a694} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02edb56b-9b33-435b-b7df-b2843273a694}\ not found.
File C:\Program Files\KeyBar_1.13\prxtbKeyB.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{02EDB56B-9B33-435B-B7DF-B2843273A694} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02EDB56B-9B33-435B-B7DF-B2843273A694}\ not found.
File C:\Program Files\KeyBar_1.13\prxtbKeyB.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_ca_39 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\upfst_ca_39.exe deleted successfully.
C:\Program Files\Uninstaller folder moved successfully.
C:\Program Files\Cling Clang\bin\plugins folder moved successfully.
C:\Program Files\Cling Clang\bin folder moved successfully.
Folder move failed. C:\Program Files\Cling Clang scheduled to be moved on reboot.
C:\Program Files\Discount Dragon\icons folder moved successfully.
C:\Program Files\Discount Dragon\framework-ui\theme\bubble folder moved successfully.
C:\Program Files\Discount Dragon\framework-ui\theme folder moved successfully.
C:\Program Files\Discount Dragon\framework-ui folder moved successfully.
C:\Program Files\Discount Dragon\framework folder moved successfully.
C:\Program Files\Discount Dragon\CanvasFramework folder moved successfully.
C:\Program Files\Discount Dragon\assets folder moved successfully.
C:\Program Files\Discount Dragon\AppFramework folder moved successfully.
Folder move failed. C:\Program Files\Discount Dragon scheduled to be moved on reboot.
C:\Program Files\Bench\Wd folder moved successfully.
C:\Program Files\Bench\Updater\1.7.0.0 folder moved successfully.
C:\Program Files\Bench\Updater folder moved successfully.
C:\Program Files\Bench\NmHost\data\installer folder moved successfully.
C:\Program Files\Bench\NmHost\data folder moved successfully.
C:\Program Files\Bench\NmHost folder moved successfully.
C:\Program Files\Bench\BService folder moved successfully.
C:\Program Files\Bench folder moved successfully.
C:\Program Files\MediaPlayerEnhance folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\fst_ca_39 folder moved successfully.
C:\Program Files\fst_ca_39 folder moved successfully.
C:\Program Files\predm folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.DISCOVERY_OEM

User: Administrator.DISCOVERY_OEM.000

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 943255 bytes

User: Owner
->Temp folder emptied: 4067407 bytes
->Temporary Internet Files folder emptied: 46454602 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4399 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131072 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 437210637 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 87210 bytes

Total Files Cleaned = 466.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03012014_114701

Files\Folders moved on Reboot...
C:\Program Files\Discount Dragon\FrameworkBHO.dll moved successfully.
C:\Program Files\Cling Clang\ClingClangBHO.dll moved successfully.
C:\Program Files\Cling Clang folder moved successfully.
C:\Program Files\Discount Dragon folder moved successfully.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF57B0.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF57CE.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5942.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5965.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5A92.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5AB0.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WPGU5VL0\gsd[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DQIS34DI\getData[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CW3YPGP5\337471-think-i-am-hit-by-a-virus-again[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CW3YPGP5\gsd[2].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\41AKP8XU\gsd[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\41AKP8XU\userData[2].htm moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_468.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#11
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
OTL Reports

OTL Extras logfile created on: 05/03/2014 3:22:17 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.23% Memory free
4.82 Gb Paging File | 4.19 Gb Available in Paging File | 86.94% Paging File free
Paging file location(s): C:\pagefile.sys 3046 5092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 265.00 Gb Free Space | 88.90% Space Free | Partition Type: NTFS

Computer Name: DISCOVERY_OEM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1645522239-583907252-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/01/2006 3:22:50 AM | Computer Name = DISCOVERY_OEM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 05/11/2013 5:04:37 PM | Computer Name = DISCOVERY_OEM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 13/11/2013 11:13:05 PM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/11/2013 12:01:36 AM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/11/2013 12:43:12 AM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/11/2013 6:58:52 PM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/11/2013 1:10:16 PM | Computer Name = DISCOVERY_OEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module prxtbkeyb.dll, version 6.13.3.505, fault address 0x00002660.

Error - 23/11/2013 12:47:26 AM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/11/2013 1:16:38 PM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/11/2013 1:15:41 PM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 01/01/2006 3:22:50 AM | Computer Name = DISCOVERY_OEM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 05/11/2013 5:04:37 PM | Computer Name = DISCOVERY_OEM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 13/11/2013 11:13:05 PM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/11/2013 12:01:36 AM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/11/2013 12:43:12 AM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/11/2013 6:58:52 PM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/11/2013 1:10:16 PM | Computer Name = DISCOVERY_OEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module prxtbkeyb.dll, version 6.13.3.505, fault address 0x00002660.

Error - 23/11/2013 12:47:26 AM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/11/2013 1:16:38 PM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/11/2013 1:15:41 PM | Computer Name = DISCOVERY_OEM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 01/03/2014 3:47:02 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 01/03/2014 3:47:02 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7031
Description = The Util Cling Clang service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 01/03/2014 3:55:43 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7000
Description = The Update Cling Clang service failed to start due to the following
error: %%2

Error - 01/03/2014 3:55:43 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7000
Description = The Util Cling Clang service failed to start due to the following
error: %%3

Error - 01/03/2014 4:21:39 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 01/03/2014 4:21:39 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 01/03/2014 4:21:39 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 01/03/2014 4:21:39 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 01/03/2014 4:21:39 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 01/03/2014 4:21:39 PM | Computer Name = DISCOVERY_OEM | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

#12
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
Malware report

AdwCleaner v3.020 - Report created 01/03/2014 at 12:21:39
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - DISCOVERY_OEM
# Running from : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Z0YM46OO\adwcleaner[1].exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Cling Clang
[#] Service Deleted : Util Cling Clang

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\BearShare Applications
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\pc speed up
Folder Deleted : C:\Program Files\tuguu sl
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\BenchUpdater
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\iMesh
Folder Deleted : C:\Documents and Settings\Owner\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\user.js
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\WINDOWS\Tasks\bench-sys.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291326
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90609D82-77C3-4391-8915-CF5638CF4605}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA9AA36B-5B7B-4996-B083-83EF84D53B19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [7983 octets] - [01/03/2014 12:00:50]
AdwCleaner[S0].txt - [7360 octets] - [01/03/2014 12:21:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7420 octets]

Edited by islandcat, 05 March 2014 - 06:08 PM.

  • 0

#13
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello islandcat. Were you able to follow my latest series of instructions?
  • 0

#14
islandcat

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
Yes. As you can see on above posts, one malwarebytes report and two OTL reports. I do not know what they tell us. Thanks
  • 0

#15
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello. I can only see the former OTL instructions + an AdwCleaner log. Would you be able to re-run the instructions included within post nine for me please? :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP