Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Plays "Radio Stations" without a program Running


  • This topic is locked This topic is locked
23 replies to this topic

#1 joynern

joynern

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 07 May 2013 - 02:02 PM

Hello.  My daughters laptop has something weird going on.  I suspect it's a virus and/or malware.  I have done everything and you are my last hope.  I have run about six different virus/malware softwares and all of them say I am Virus (malware) FREE!!  Yeah!  But it still has this stupid radio station running the minute it connects to the internet.  Sometimes there are two or three stations running over top of each other... very annoying and she can hardly use it.  PLEASE, can you help me?  I am not all that computer educated and I need help!

It is a Dell Inspiron running Windows Vista Home Basic with Service Pack 2.  It has 3 GB of memory abd a 32-bit Operating system.

 

I previously wrote and was helped by Broni (Link to that post is:  http://www.bleepingcomputer.com/forums/t/493022/laptop-is-playing-radio-stations-with-no-program-showing/ )  He said that "It looks like you may have infected MBR. That will require elevated help." and told me to run these reports (attached in Zip form) and someone here can help me. I did everything he told me up tot his point... I am so frustrated and could REALLY use some help!!

Thanks SO MUCH for any help you can be.

 

 

Nancy

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:11 PM

Posted 07 May 2013 - 02:10 PM

Hi joynern,

 

Welcome to the forum.

 

Looks you have run many antivirus and antimalware programs. Let's see if FRST detects something.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 



#3 joynern

joynern
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 07 May 2013 - 02:35 PM

Hello Farbar, thanks so much for your prompt reply and for your help!!

 

I ran the scans here are the results:

 

FRST.txt Results:

 


Last Boot: 2013-05-01 16:25

==================== End Of Log ============================

 

 

 

 

 

Addition.txt Results:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2013
Ran by marianne at 2013-05-07 15:16:11 Run:
Running from C:\Users\marianne\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader 9.2 (Version: 9.2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Audials (Version: 8.0.54900.0)
AVG Free 9.0
BearShare (Version: 10.0.0.123802)
Brother MFL-Pro Suite MFC-J430W (Version: 1.0.19.0)
Browser Address Error Redirector (Version: 1.00.0000)
CaddieSync Express 1.1.13 (Version: 1.1.13)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.5.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9)
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.7.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.8.0.5)
Canon PowerShot SX230 HS and PowerShot SX220 HS Camera User Guide (Version: 1.0.1.2)
Canon Utilities CameraWindow DC 8 (Version: 8.5.0.7)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Map Utility (Version: 1.0.0.19)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.7.2.33)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.1.10)
Cisco EAP-FAST Module (Version: 2.1.3)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Complete Care Consumer Service Agreement (Version: 2.0.0)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Dell Best of Web (Version: 1.00.0000)
Dell DataSafe Online (Version: 1.1.0023)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.08267)
Dell Touchpad (Version: 7.1.103.4)
Dell Wireless WLAN Card Utility (Version: 4.170.77.17)
DELL0604 (Version: 1.0.0)
Digital Line Detect (Version: 1.21)
DivX Setup (Version: 2.6.1.22)
Download Updater (AOL LLC)
EarthLink Setup Files (Version: 2008.1.18.0)
EDocs
Files Opened (Version: 1.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Hallmark Card Studio 2010 (Version: 11.0.0.30)
Intel® Matrix Storage Manager
Java™ 6 Update 7 (Version: 1.6.0.70)
LoJack Factory Installer (Version: 1.00.0032)
Magic Desktop (Version: 3.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
McAfee SiteAdvisor (Version: 3.6.193)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mplayer 0.6.9 (Version: 0.6.9)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
My Web Search (IWON)
NetWaiting (Version: 2.5.53)
NetZeroInstallers (Version: 1.0.0)
Norton Security Scan (Version: 3.0.0.103)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Reader (Version: 6.00.0041)
Nuance PDF Viewer Plus (Version: 5.30.3290)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PaperPort Image Printer (Version: 1.00.0001)
PC Power Speed 1.0.0.24 (Version: 1.0.0.24)
QuickSet (Version: 8.2.20)
QuickTime (Version: 7.0.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
RegTask (Version: 1.0.1.1)
RegWork (Version: 1.0.4.12)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Scansoft PDF Professional
Terayon DOCSIS Modem
TotalRecipeSearch Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)

==================== Restore Points  =========================

29-04-2013 07:49:04 Restore Operation
30-04-2013 07:00:13 Windows Update
30-04-2013 20:27:24 Scheduled Checkpoint
02-05-2013 07:01:18 Windows Update
06-05-2013 19:54:42 Scheduled Checkpoint
07-05-2013 07:00:18 Windows Update

==================== Hosts content: ==========================

::1             localhost

127.0.0.1       localhost


==================== Faulty Device Manager Devices =============

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonwlh
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2013 03:15:49 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:15:49.019]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:15:13 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:15:13.878]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:14:38 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:14:38.769]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:14:03 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:14:03.630]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:13:28 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:13:28.499]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:12:53 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:12:53.384]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:12:18 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:12:18.168]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:11:42 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:11:42.993]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:04:04 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:04:04.842]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:03:29 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/05/07 15:03:29.617]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error


System errors:
=============
Error: (05/07/2013 03:11:40 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (05/07/2013 02:39:08 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DC787AC1-B2CF-4A1A-B434-3ABF84795681} because another computer on the network has the same name.  The server could not start.

Error: (05/07/2013 02:38:57 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.35, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (05/07/2013 02:38:56 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 169.254.200.204, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (05/07/2013 03:01:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Windows Vista (KB2813170){E42C8EC0-93D9-469E-9FDD-5D05113215E1}201

Error: (05/06/2013 03:11:20 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.35, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (05/06/2013 03:11:20 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (05/06/2013 03:11:19 PM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceRemote Access Connection Manager%%1056

Error: (05/06/2013 03:11:19 PM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceWindows Management Instrumentation%%1056

Error: (05/06/2013 00:59:54 PM) (Source: DCOM) (User: )
Description: {548E275F-0290-40E7-B454-738B0C61DE60}


Microsoft Office Sessions:
=========================
Error: (05/07/2013 03:15:49 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:15:49.019]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:15:13 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:15:13.878]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:14:38 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:14:38.769]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:14:03 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:14:03.630]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:13:28 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:13:28.499]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:12:53 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:12:53.384]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:12:18 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:12:18.168]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:11:42 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:11:42.993]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:04:04 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:04:04.842]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error

Error: (05/07/2013 03:03:29 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/05/07 15:03:29.617]: [00002124]: GetDeviceIpAddress: GetAddressByName [BRW0080928062A9] Error


CodeIntegrity Errors:
===================================
  Date: 2013-05-01 16:18:35.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:15.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:14.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:14.308
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:13.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:13.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:12.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:12.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:11.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 15:57:11.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 3061.31 MB
Available physical RAM: 950.86 MB
Total Pagefile: 6328.88 MB
Available Pagefile: 4040.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:136.74 GB) (Free:57.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.39 GB) NTFS
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 149 GB) (Disk ID: 92CD386F)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)
 

 

 

 

I hope I did that correctly.... the first one doesn't seem to show much information... but that's what it said....

 

Abyway, again, thanks for your help... I REALLY appreciate it!!

 

Nancy



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:11 PM

Posted 07 May 2013 - 02:40 PM

Hi Nancy,

The FRST log is not what it should be:

 

Last Boot: 2013-05-01 16:25

==================== End Of Log ============================

 

This is only the end of log. Please run FRST once more. This time it will make only FRST.txt log. Please post the content of that log.



#5 joynern

joynern
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 07 May 2013 - 03:32 PM

I'm sorry.... I ran it three more times and get the exact same outcome:


Last Boot: 2013-05-01 16:25

==================== End Of Log ============================

 

 

Sorry :(



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:11 PM

Posted 07 May 2013 - 04:41 PM

No need to apologize. :)

 

Please delete your copy of FRST and download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
 

 

 



#7 joynern

joynern
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 07 May 2013 - 05:13 PM

sorry this took so long... the CPU usage is at 100% and the Image Name using the resources is svchost.exe and it won't let me stop it...

 

Anyway,  it ran this time.... this is the log:


FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-05-2013
Ran by marianne (administrator) on 07-05-2013 17:48:59
Running from C:\Users\marianne\Desktop
Windows Vista ™ Home Basic Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(EasyBits Software AS) C:\Windows\System32\ezSharedSvcHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
(MyWebSearch.com) C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(COMPANYVERS_NAME) C:\PROGRA~1\TOTALR~2\bar\1.bin\14barsvc.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(MindSpark) C:\PROGRA~1\TOTALR~2\bar\1.bin\14medint.exe
(MindSpark) C:\PROGRA~1\TOTALR~2\bar\1.bin\14medint.exe
() C:\Program Files\TotalRecipeSearch_14\bar\1.bin\CrExtP14.exe
(MindSpark) C:\PROGRA~1\TOTALR~2\bar\1.bin\14srchmn.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(MusicLab, LLC) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\marianne\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-10-27] (Dell Inc.)
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-28] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [34336 2011-10-02] (MyWebSearch.com)
HKLM\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [38408 2011-10-02] (MyWebSearch.com)
HKLM\...\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup [385664 2011-09-27] (Crawler.com)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [273528 2011-11-03] (RealNetworks, Inc.)
HKLM\...\Run: [CaddieSyncConduit] C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2371960 2011-10-11] (SkyHawke)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Easy Dock]  [x]
HKLM\...\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM\...\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~1\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h [42536 2013-02-24] (MindSpark)
HKLM\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe [30096 2013-02-24] (VER_COMPANY_NAME)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe, [145592 2012-10-13] (EasyBits Software AS)
HKCU\...\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s [192000 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [38408 2011-10-02] (MyWebSearch.com)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-03] (Google Inc.)
HKCU\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [706776 2013-03-12] (Adobe Systems Incorporated)
MountPoints2: {6626b6d4-d483-11dd-9d37-0023ae0e6a2e} - G:\LaunchU3.exe -a
MountPoints2: {a8350703-b166-11e2-94a0-d592f8c10ca9} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk
ShortcutTarget: Event Planner Reminder 2010.lnk -> C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Acresso Software Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^YK^xdm133^YY^us&ptb=0E6C314A-E608-411C-81B9-5A768C338145
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081218
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
URLSearchHook: (No Name) - {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} -  No File
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -  No File
URLSearchHook: (No Name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=552&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6422597163914373&q={searchTerms}
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=883&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=552&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6422597163914373&q={searchTerms}
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
HKCU SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=552&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6422597163914373&q={searchTerms}
SearchScopes: HKCU - {04165756-BA41-499D-BC4A-389EEA7F9BC3} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=DIC2V5&o=13732&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D5&apn_dtid=gog187YYUS&apn_uid=6CF74BB6-6DCF-42B5-87D7-5E2D46DBD104&apn_sauid=489D6137-93D3-487A-BA29-DF8E50281613
SearchScopes: HKCU - {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=E99142B001CB196A0AE5FC80&install_time=2010-07-01T22:15:32Z&src_id=11077&camp_id=945&tb_version=2.5.12000.509
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=883&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=552&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6422597163914373&q={searchTerms}
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://www.ask.com/web?l=dis&o=APN10022&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4D&apn_uid=4006114089144234&p2=^A4D^YYYYYY^YY^US&q={searchTerms}
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82216&iwk=236&lng=en
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120417,17118,0,18,0
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Toolbar BHO - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\PROGRA~1\TOTALR~2\bar\1.bin\14bar.dll (MindSpark)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Search Assistant BHO - {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL No File
Toolbar: HKLM - Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - !!!{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} -  No File
Toolbar: HKLM - No Name - !!!{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - !{C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Toolbar: HKLM - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
Toolbar: HKCU -No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU -My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL No File
Toolbar: HKCU -TotalRecipeSearch - {A0154E07-2B48-475C-A82A-80EFD84EA33E} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
PDF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
PDF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
PDF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL [52920 2012-10-13] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\marianne\AppData\Roaming\Mozilla\Firefox\Profiles\pa53i6o0.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @TotalRecipeSearch_14.com/Plugin - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll (MindSpark)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: Bitdefender QuickScan - C:\Users\marianne\AppData\Roaming\Mozilla\Firefox\Profiles\pa53i6o0.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

========================== Services (Whitelisted) =================

R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-20] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-24] (Stardock Corporation)
R2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [95232 2012-12-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MyWebSearchService; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [34320 2011-10-02] (MyWebSearch.com)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 TotalRecipeSearch_14Service; C:\PROGRA~1\TOTALR~2\bar\1.bin\14barsvc.exe [42504 2013-02-24] (COMPANYVERS_NAME)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-10-27] (Dell Inc.)
S3 msiserver; %systemroot%\system32\msiexec /V [x]

==================== Drivers (Whitelisted) ====================

R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [216400 2010-07-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-07] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-10-27] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-09-30] (Avanquest Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 SkyhawkeUSBLan; C:\Windows\System32\DRIVERS\btblan.sys [40560 2010-04-15] (Belcarra Technologies)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-09-09] (RapidSolution Software AG)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 mbr; \??\C:\Users\marianne\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-07 17:48 - 2013-05-07 17:48 - 01313595 ____A (Farbar) C:\Users\marianne\Desktop\FRST.exe
2013-05-07 17:46 - 2013-05-07 17:46 - 01313595 ____A (Farbar) C:\Users\marianne\Downloads\FRST.exe
2013-05-07 15:37 - 2013-05-07 15:37 - 00000000 ____D C:\ProgramData\42C
2013-05-07 15:37 - 2013-05-07 15:37 - 00000000 ____D C:\ProgramData\42C
2013-05-07 15:16 - 2013-05-07 15:16 - 00016768 ____A C:\Users\marianne\Desktop\Addition.txt
2013-05-07 15:14 - 2013-05-07 15:14 - 00000000 ____D C:\FRST
2013-05-07 14:45 - 2013-05-07 14:45 - 00016572 ____A C:\Users\marianne\Desktop\dds.txt
2013-05-07 14:45 - 2013-05-07 14:45 - 00009512 ____A C:\Users\marianne\Desktop\attach.txt
2013-05-07 14:44 - 2013-05-07 14:44 - 00688992 ____R (Swearware) C:\Users\marianne\Downloads\dds.com
2013-05-06 14:52 - 2013-05-06 15:26 - 00000000 ____D C:\Users\marianne\Desktop\Programs  DO NOT MOVE
2013-05-06 12:24 - 2013-05-06 12:24 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-05-06 12:24 - 2013-05-06 12:24 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-05-06 11:22 - 2013-05-06 11:22 - 00000179 ____A C:\Users\marianne\Desktop\Removable Disk (F) - Shortcut.lnk
2013-04-30 12:00 - 2013-05-07 14:38 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-30 12:00 - 2013-05-07 14:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-30 12:00 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-30 10:50 - 2013-04-30 10:51 - 00890825 ____A C:\Users\marianne\Downloads\SecurityCheck.exe
2013-04-30 03:04 - 2013-02-21 23:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-30 03:04 - 2013-02-21 23:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-30 03:04 - 2013-02-21 23:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-30 03:04 - 2013-02-21 23:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-30 03:04 - 2013-02-21 23:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-30 03:03 - 2013-02-22 00:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-30 03:03 - 2013-02-21 23:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-30 03:03 - 2013-02-21 23:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-30 03:03 - 2013-02-21 23:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-30 03:03 - 2013-02-21 23:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-30 03:03 - 2013-02-21 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-30 03:03 - 2013-02-21 23:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-30 03:03 - 2013-02-21 23:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-30 03:03 - 2013-02-21 23:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-30 03:03 - 2013-02-21 23:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-30 03:03 - 2013-02-21 23:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-29 10:51 - 2013-03-07 23:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-29 10:50 - 2013-03-07 23:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-04-29 10:50 - 2013-03-04 21:40 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-29 10:49 - 2013-03-03 15:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-29 10:49 - 2013-02-11 21:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-04-29 03:27 - 2013-04-29 03:27 - 00000000 ____D C:\Users\marianne\AppData\Roaming\QuickScan
2013-04-29 03:03 - 2013-04-29 03:03 - 00003285 ____A C:\Users\marianne\Desktop\RKreport[1]_S_04292013_02d0303.txt
2013-04-29 02:35 - 2013-04-29 02:35 - 00000000 ____D C:\Users\marianne\AppData\Local\Mozilla
2013-04-29 02:34 - 2013-04-29 02:34 - 00000000 ____D C:\ProgramData\Mozilla
2013-04-29 02:34 - 2013-04-29 02:34 - 00000000 ____D C:\ProgramData\Mozilla
2013-04-29 02:34 - 2013-04-29 02:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-29 00:01 - 2013-04-29 01:42 - 00021384 ____A C:\Windows\Partizan.log
2013-04-28 23:51 - 2013-04-29 01:48 - 00000000 ____D C:\Program Files\UnHackMe
2013-04-28 23:51 - 2013-04-29 01:29 - 00000000 ____D C:\Users\marianne\Documents\RegRun2
2013-04-28 23:38 - 2013-04-28 23:38 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-04-28 23:32 - 2013-04-29 02:50 - 00000000 ____D C:\Program Files\Iminent
2013-04-28 23:31 - 2013-04-29 01:29 - 00000000 ____D C:\Program Files\LessTabs
2013-04-28 20:43 - 2013-04-28 20:43 - 00000000 ____D C:\Users\marianne\AppData\Local\Adobe
2013-04-28 20:22 - 2013-04-29 01:29 - 00000000 ____D C:\Users\marianne\Downloads\Qoofix
2013-04-28 20:21 - 2013-04-28 20:22 - 00085056 ____A C:\Users\marianne\Downloads\Qoofix.zip
2013-04-22 21:59 - 2013-04-22 22:01 - 00036649 ____A C:\Users\marianne\Downloads\image.jpeg
2013-04-20 22:55 - 2013-04-20 22:55 - 00000000 ____D C:\Windows\Sun
2013-04-18 21:11 - 2013-04-18 21:11 - 00000000 ____D C:\Users\marianne\AppData\Local\MapsGalaxy_39
2013-04-18 21:10 - 2013-04-18 21:10 - 00000000 ____D C:\Program Files\MapsGalaxy_39

==================== One Month Modified Files and Folders ========

2013-05-07 17:48 - 2013-05-07 17:48 - 01313595 ____A (Farbar) C:\Users\marianne\Desktop\FRST.exe
2013-05-07 17:46 - 2013-05-07 17:46 - 01313595 ____A (Farbar) C:\Users\marianne\Downloads\FRST.exe
2013-05-07 17:14 - 2011-03-12 10:39 - 00000416 ___AH C:\Windows\Tasks\Norton Security Scan for marianne.job
2013-05-07 17:09 - 2012-07-17 17:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-07 16:51 - 2011-11-03 20:02 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-07 16:35 - 2006-11-02 08:45 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-07 16:35 - 2006-11-02 08:45 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-07 16:19 - 2008-12-18 09:19 - 01894392 ____A C:\Windows\WindowsUpdate.log
2013-05-07 15:42 - 2012-05-09 20:32 - 00000000 ____D C:\Users\marianne\AppData\Local\BearShare
2013-05-07 15:37 - 2013-05-07 15:37 - 00000000 ____D C:\ProgramData\42C
2013-05-07 15:37 - 2013-05-07 15:37 - 00000000 ____D C:\ProgramData\42C
2013-05-07 15:16 - 2013-05-07 15:16 - 00016768 ____A C:\Users\marianne\Desktop\Addition.txt
2013-05-07 15:14 - 2013-05-07 15:14 - 00000000 ____D C:\FRST
2013-05-07 14:45 - 2013-05-07 14:45 - 00016572 ____A C:\Users\marianne\Desktop\dds.txt
2013-05-07 14:45 - 2013-05-07 14:45 - 00009512 ____A C:\Users\marianne\Desktop\attach.txt
2013-05-07 14:44 - 2013-05-07 14:44 - 00688992 ____R (Swearware) C:\Users\marianne\Downloads\dds.com
2013-05-07 14:39 - 2013-03-20 20:54 - 00000382 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_marianne.job
2013-05-07 14:39 - 2013-03-20 20:54 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateXML_marianne.job
2013-05-07 14:38 - 2013-04-30 12:00 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-07 14:38 - 2013-04-30 12:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-07 14:38 - 2009-10-09 22:22 - 00000437 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-05-06 19:51 - 2011-11-03 20:02 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-06 16:46 - 2010-11-01 19:28 - 00025864 ____A C:\Users\marianne\AppData\Roaming\wklnhst.dat
2013-05-06 15:26 - 2013-05-06 14:52 - 00000000 ____D C:\Users\marianne\Desktop\Programs  DO NOT MOVE
2013-05-06 15:15 - 2006-11-02 06:33 - 00690960 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-06 15:10 - 2013-03-20 20:54 - 00000388 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_marianne.job
2013-05-06 15:10 - 2012-09-16 21:45 - 00000368 ____A C:\Windows\Tasks\Regwork.job
2013-05-06 15:10 - 2011-11-10 18:57 - 00000320 ____A C:\Windows\Tasks\RegTask.job
2013-05-06 15:10 - 2006-11-02 08:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-06 15:09 - 2006-11-02 08:58 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-06 14:42 - 2013-03-25 14:39 - 00000449 ____A C:\Users\marianne\Desktop\Google.website
2013-05-06 12:24 - 2013-05-06 12:24 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-05-06 12:24 - 2013-05-06 12:24 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-05-06 11:27 - 2012-10-31 15:17 - 00004255 ____A C:\Windows\setupact.log
2013-05-06 11:22 - 2013-05-06 11:22 - 00000179 ____A C:\Users\marianne\Desktop\Removable Disk (F) - Shortcut.lnk
2013-05-01 16:18 - 2012-11-06 19:43 - 00055492 ____A C:\Windows\PFRO.log
2013-05-01 11:46 - 2011-01-20 18:05 - 00000000 ____D C:\Users\marianne\AppData\Roaming\Nuance
2013-05-01 11:45 - 2009-03-10 14:46 - 00000000 ____D C:\Users\marianne\AppData\Roaming\U3
2013-05-01 11:05 - 2008-12-26 01:15 - 00000000 ____D C:\users\marianne
2013-05-01 11:01 - 2011-01-15 16:31 - 00000000 ____D C:\Program Files\McAfee
2013-04-30 10:51 - 2013-04-30 10:50 - 00890825 ____A C:\Users\marianne\Downloads\SecurityCheck.exe
2013-04-30 03:22 - 2006-11-02 08:44 - 00520928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-30 03:01 - 2006-11-02 06:24 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-04-29 10:42 - 2011-10-24 10:25 - 00000000 ____D C:\ProgramData\PCPowerSpeed
2013-04-29 10:42 - 2011-10-24 10:25 - 00000000 ____D C:\ProgramData\PCPowerSpeed
2013-04-29 04:04 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-04-29 04:03 - 2006-11-02 06:22 - 37748736 ____A C:\Windows\System32\config\software_previous
2013-04-29 04:03 - 2006-11-02 06:22 - 36962304 ____A C:\Windows\System32\config\components_previous
2013-04-29 04:03 - 2006-11-02 06:22 - 22806528 ____A C:\Windows\System32\config\system_previous
2013-04-29 04:03 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-04-29 04:03 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-04-29 04:03 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2013-04-29 04:02 - 2009-11-03 11:16 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2013-04-29 04:02 - 2006-11-02 07:18 - 00000000 __RSD C:\Windows\Media
2013-04-29 04:02 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\System32\spool
2013-04-29 04:01 - 2013-03-18 17:51 - 00000000 ____D C:\2905a9709ca5c84e8801
2013-04-29 04:01 - 2011-01-02 20:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-04-29 04:01 - 2011-01-02 20:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-04-29 04:01 - 2009-08-20 21:46 - 00000000 ____D C:\Users\marianne\AppData\Local\AOL
2013-04-29 04:01 - 2009-08-20 21:45 - 00000000 ____D C:\Program Files\Common Files\Software Update Utility
2013-04-29 04:01 - 2009-06-28 16:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-04-29 04:00 - 2013-02-24 16:49 - 00000000 ____D C:\Users\marianne\AppData\Local\TotalRecipeSearch_14
2013-04-29 04:00 - 2013-01-19 18:17 - 00000000 ____D C:\Program Files\Mplayer
2013-04-29 04:00 - 2013-01-19 18:12 - 00000000 ____D C:\ProgramData\APN
2013-04-29 04:00 - 2013-01-19 18:12 - 00000000 ____D C:\ProgramData\APN
2013-04-29 04:00 - 2013-01-15 21:44 - 00000000 ____D C:\Program Files\DivX
2013-04-29 04:00 - 2013-01-15 21:44 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-04-29 04:00 - 2013-01-15 21:43 - 00000000 ____D C:\ProgramData\DivX
2013-04-29 04:00 - 2013-01-15 21:43 - 00000000 ____D C:\ProgramData\DivX
2013-04-29 04:00 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2013-04-29 03:27 - 2013-04-29 03:27 - 00000000 ____D C:\Users\marianne\AppData\Roaming\QuickScan
2013-04-29 03:03 - 2013-04-29 03:03 - 00003285 ____A C:\Users\marianne\Desktop\RKreport[1]_S_04292013_02d0303.txt
2013-04-29 02:50 - 2013-04-28 23:32 - 00000000 ____D C:\Program Files\Iminent
2013-04-29 02:35 - 2013-04-29 02:35 - 00000000 ____D C:\Users\marianne\AppData\Local\Mozilla
2013-04-29 02:35 - 2012-04-29 13:01 - 00000000 ____D C:\Users\marianne\AppData\Roaming\Mozilla
2013-04-29 02:34 - 2013-04-29 02:34 - 00000000 ____D C:\ProgramData\Mozilla
2013-04-29 02:34 - 2013-04-29 02:34 - 00000000 ____D C:\ProgramData\Mozilla
2013-04-29 02:34 - 2013-04-29 02:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-29 01:48 - 2013-04-28 23:51 - 00000000 ____D C:\Program Files\UnHackMe
2013-04-29 01:42 - 2013-04-29 00:01 - 00021384 ____A C:\Windows\Partizan.log
2013-04-29 01:31 - 2013-03-25 14:33 - 00000000 ____D C:\Program Files\Solid Savings
2013-04-29 01:31 - 2012-06-29 23:07 - 00000000 ____D C:\Windows\Minidump
2013-04-29 01:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-04-29 01:29 - 2013-04-28 23:51 - 00000000 ____D C:\Users\marianne\Documents\RegRun2
2013-04-29 01:29 - 2013-04-28 23:31 - 00000000 ____D C:\Program Files\LessTabs
2013-04-29 01:29 - 2013-04-28 20:22 - 00000000 ____D C:\Users\marianne\Downloads\Qoofix
2013-04-29 01:29 - 2013-03-25 14:34 - 00000000 ____D C:\Program Files\PCFixSpeed
2013-04-29 01:28 - 2013-03-25 14:33 - 00000000 ____D C:\Program Files\AOL Toolbar
2013-04-28 23:49 - 2006-11-02 07:18 - 00000000 ___RD C:\users\Public
2013-04-28 23:38 - 2013-04-28 23:38 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-04-28 22:25 - 2009-11-03 11:26 - 00000000 ____D C:\Windows\pss
2013-04-28 20:43 - 2013-04-28 20:43 - 00000000 ____D C:\Users\marianne\AppData\Local\Adobe
2013-04-28 20:22 - 2013-04-28 20:21 - 00085056 ____A C:\Users\marianne\Downloads\Qoofix.zip
2013-04-28 20:14 - 2012-09-16 21:53 - 00000000 ____D C:\ProgramData\FilesOpened
2013-04-28 20:14 - 2012-09-16 21:53 - 00000000 ____D C:\ProgramData\FilesOpened
2013-04-22 22:01 - 2013-04-22 21:59 - 00036649 ____A C:\Users\marianne\Downloads\image.jpeg
2013-04-20 22:55 - 2013-04-20 22:55 - 00000000 ____D C:\Windows\Sun
2013-04-20 22:51 - 2012-09-16 21:45 - 00000000 ____D C:\ProgramData\RegWork
2013-04-20 22:51 - 2012-09-16 21:45 - 00000000 ____D C:\ProgramData\RegWork
2013-04-18 21:11 - 2013-04-18 21:11 - 00000000 ____D C:\Users\marianne\AppData\Local\MapsGalaxy_39
2013-04-18 21:10 - 2013-04-18 21:10 - 00000000 ____D C:\Program Files\MapsGalaxy_39
2013-04-16 20:29 - 2011-10-24 10:25 - 00000000 ____D C:\Users\marianne\AppData\Roaming\PCPowerSpeed
2013-04-15 17:57 - 2011-06-09 21:38 - 00000000 ____D C:\Users\marianne\Desktop\Estimates
2013-04-15 09:20 - 2013-03-25 14:34 - 00000000 ____A C:\END

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-01 16:25

==================== End Of Log ============================



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:11 PM

Posted 07 May 2013 - 06:15 PM

We need to check the MBR.

First please uninstall the following programs:

My Web Search
TotalRecipeSearch Toolbar


Then open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Name it as fixlist.txt and save it in the same directory FRST is located.
 

start
SaveMbr: Drive=0
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [34336 2011-10-02] (MyWebSearch.com)
HKLM\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [38408 2011-10-02] (MyWebSearch.com)
HKCU\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [38408 2011-10-02] (MyWebSearch.com)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&
BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
Toolbar: HKLM - Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
R2 MyWebSearchService; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [34320 2011-10-02] (MyWebSearch.com)
C:\PROGRA~1\MYWEBS~1\bar\1.bin
C:\PROGRA~1\MYWEBS~1
end

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
Also there be be a MBRDUMP.txt file in the same directory where FRST is located. Please attach it to your reply.

FYI: It is too late here and we will continue tomorrow.



#9 joynern

joynern
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 07 May 2013 - 06:29 PM

When I go to uninstall My Web Search I get the following error....

Error loading C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll
The specified module could not be found.

                                                                              OK

 

 

When I click OK... it puts me back where I started and My Web is still there....

The total Recipe Search Bar deleted without an issue....

Do I continue without deleting this???

Again, THANK YOU for your patience and help.....

Nancy



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:11 PM

Posted 08 May 2013 - 02:50 AM

Please continue Nancy.



#11 joynern

joynern
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 08 May 2013 - 11:09 AM

OK, did what you said and put it in the same directory as FRST... when I clicked the Fix button, it immediately requested that I restart the computer, which I did... after it came back up, it relaunched FRST and the Fix button way grayed out and it said "fixing." It has been running for an hour and a half... is this "normal?" Did I do something wrong??



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:11 PM

Posted 08 May 2013 - 11:21 AM

You didn't do anything wrong.

 

The fix should not take more than a minute. So from the system tray terminate FRST.

 

See if there is a MBRDUMP.txt in the same directory FRST is located. If yes please attach it to your reply.



#13 joynern

joynern
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 08 May 2013 - 01:04 PM

I finally had to reboot to get the program to stop.... but it did have the files you were looking for...  :)

fixlog Results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-05-2013
Ran by marianne at 2013-05-08 10:46:36 Run:1
Running from C:\Users\marianne\Desktop
Boot Mode: Normal

==============================================

MBRDUMP.txt is made successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0} => Key deleted successfully.
HKCR\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} => Value deleted successfully.
HKCR\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} => Key not found.
HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin => Key deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll => Moved successfully.
MyWebSearchService => Service deleted successfully.
C:\PROGRA~1\MYWEBS~1\bar\1.bin => Moved successfully.

 

"C:\PROGRA~1\MYWEBS~1" directory move:

C:\PROGRA~1\MYWEBS~1\bar\Settings\s_pid.dat => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Overlay\COMMON.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\COMMON.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\DOG.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\FISH.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\KUNGFU.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\LIFEGARD.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\MAID.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\MAILBOX.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\OPERA.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\ROBOT.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\SEDUCT.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier\SURFER.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Message\COMMON.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\IE9Mesg\COMMON.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\icons\CM.ICO => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\icons\MFC.ICO => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\icons\PSS.ICO => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\icons\SMILEY.ICO => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\icons\WB.ICO => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\icons\ZWINKY.ICO => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Game\CHECKERS.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Game\CHESS.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Game\REVERSI.F3S => Moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Avatar\COMMON.F3S => Moved successfully.
Could not move "C:\PROGRA~1\MYWEBS~1" directory. => Scheduled to move on reboot.


=========== Result of Scheduled Files to move ===========

"C:\PROGRA~1\MYWEBS~1" directory move:

Could not move "C:\PROGRA~1\MYWEBS~1" directory. => Scheduled to move on reboot.


"C:\PROGRA~1\MYWEBS~1" directory move:

Could not move "C:\PROGRA~1\MYWEBS~1" directory. => Scheduled to move on reboot.


"C:\PROGRA~1\MYWEBS~1" directory move:

Could not move "C:\PROGRA~1\MYWEBS~1" directory. => Scheduled to move on reboot.


"C:\PROGRA~1\MYWEBS~1" directory move:

Could not move "C:\PROGRA~1\MYWEBS~1" directory. => Scheduled to move on reboot.


"C:\PROGRA~1\MYWEBS~1" directory move:

Could not move "C:\PROGRA~1\MYWEBS~1" directory. => Scheduled to move on reboot.


"C:\PROGRA~1\MYWEBS~1" directory move:

Could not move "C:\PROGRA~1\MYWEBS~1" directory. => Scheduled to move on reboot.
 

"C:\PROGRA~1\MYWEBS~1" directory move:



 

It repeats the same thing about a million more times.... too long to post... keeps locking up on me....

 

 

This is the MBRDUMP Results (worthless as it is)

3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~  |…ƒÅâñ͈V UÆFÆF ´A»ªUÍ]rûUªu    ÷Á tþFf`€~ t&fh    fÿvh  h |h h ´BŠV ‹ôÍŸƒÄžë¸» |ŠV ŠvŠNŠnÍfasþN… €~ €„Š ²€ë‚U2äŠV Í]ëœ>þ}Uªunÿv èŠ … °Ñædè °ßæ`èx °ÿædèq ¸ »Íf#Àu;fûTCPAu2ùr,fh»  fh   fh   fSfSfUfh    fh |  fah  ÍZ2öê |  Í ·ë ¶ë µ2ä ‹ð¬< tü» ´Íëò+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating sys em    bz™o8Í’   Þþ??   †9  êëÿ @  €8€þÿÿþÿÿ À9¨Ö þÿÿþÿÿ ˜Q øO Uª


Edited by Farbar, 08 May 2013 - 01:54 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:11 PM

Posted 08 May 2013 - 01:17 PM

Please attach the MBRDUMP.TXT to your reply.



#15 joynern

joynern
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 08 May 2013 - 01:20 PM

Sorry :(

Thank you for being so patient with me.... I'm trying to follow directions... not doing too well, but I'm trying

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users