Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I screwed up...Gringo-pr please help


  • This topic is locked This topic is locked
41 replies to this topic

#1 rondatm

rondatm

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:pennsylvania..USA
  • Local time:02:37 PM

Posted 12 June 2013 - 09:52 AM

Hello,

I got malware when I downloaded some files from OTorrent.  My computer was freezing when left on overnight. 

I saw the post that Cherylc522 posted on May 4, 2013 & followed the first 3 steps of the fix...so I downloaded & ran Adware, Rogue KIller & Combofix....Yes, I screwd up & ran Combofix without supervision & now I am having a problem.  

 

The computer seemed to be better...no more freezes & the Yontoo & Default Search Tab files seem to be gone (I can send the log reports.)  NOW I am have some trouble with getting some of my email...the error message the senders receive is   Mail server for "verizon.net" unreachable for too long   One sender is from Yahoo, the other from ptd.net.   This is confounding because I still get lots of email.

 

I know that I should have listened to your warning...Please feel free to make an example of my bold but stupid mistake.

 

PLEASE HELP.

Sincerely,

Ronda
 

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:37 AM

Posted 17 June 2013 - 08:55 AM

Greetings Ronda and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

We typically select the person who has been waiting the longest so that is why I will be helping you rather than Gringo.

We all make mistakes out of frustration and concern. Don't beat yourself up and you are not worthy of being made an example of in a negative way. We are fine and I trust we will laugh about this in due time.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please commplete these things for me.

===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 rondatm

rondatm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:pennsylvania..USA
  • Local time:02:37 PM

Posted 20 June 2013 - 05:28 PM

Hi Gary,
Here is the ComboFix file log

ComboFix 13-05-23.02 - RTM 05/23/2013 13:44:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1242 [GMT -4:00]
Running from: c:\documents and settings\RTM\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\544B450798.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\BPM\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\RTM\Application Data\95B2D0
c:\documents and settings\RTM\Application Data\Antimalware PC Safety
c:\documents and settings\RTM\Application Data\Antimalware PC Safety\Instructions.ini
c:\documents and settings\RTM\g2mdlhlpx.exe
c:\documents and settings\RTM\GoToAssistDownloadHelper.exe
c:\documents and settings\RTM\My Documents\DPE.DUS
c:\documents and settings\RTM\WINDOWS
c:\program files\CouponAlert_2pEI
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\Cache\06087F3C
c:\program files\TelevisionFanatic\bar\Cache\060880B3
c:\program files\TelevisionFanatic\bar\Cache\0608814F.bmp
c:\program files\TelevisionFanatic\bar\Cache\060882D6.bmp
c:\program files\TelevisionFanatic\bar\Cache\0608840E.bmp
c:\program files\TelevisionFanatic\bar\Cache\06088518.bmp
c:\program files\TelevisionFanatic\bar\Cache\06088595.bmp
c:\program files\TelevisionFanatic\bar\Cache\060885F3.bmp
c:\program files\TelevisionFanatic\bar\Cache\files.ini
c:\program files\TelevisionFanatic\bar\History\search3
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\prevcfg2.htm
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\program files\TelevisionFanatic\Shared\Cache\PopupProperties100046855.html
c:\program files\TelevisionFanatic\Shared\Cache\PopupProperties100046857.html
c:\program files\TelevisionFanatic\Shared\Cache\PopupProperties100046859.html
c:\program files\TelevisionFanatic\Shared\Cache\VideosAffinityBtn.html
c:\program files\TelevisionFanaticEI
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TELEVISIONFANATICSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 )))))))))))))))))))))))))))))))
.
.
2013-05-23 18:01 . 2013-05-23 18:01 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-05-23 18:01 . 2013-05-23 18:01 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-05-23 18:01 . 2013-05-23 18:01 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-05-23 18:01 . 2013-05-23 18:01 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-05-23 18:01 . 2013-05-23 18:01 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-05-23 18:01 . 2013-05-23 18:01 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-05-23 18:01 . 2013-05-23 18:01 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-05-23 18:01 . 2013-05-23 18:01 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-05-23 18:01 . 2013-05-23 18:01 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-05-23 18:01 . 2013-05-23 18:01 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-05-23 18:01 . 2013-05-23 18:01 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-05-23 18:01 . 2013-05-23 18:01 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-05-23 18:00 . 2013-05-23 18:00 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-05-23 18:00 . 2013-05-23 18:00 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-05-23 18:00 . 2013-05-23 18:00 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-05-23 18:00 . 2013-05-23 18:00 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-05-23 18:00 . 2013-05-23 18:00 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-05-22 18:49 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76B708EA-F58C-4931-ADB3-05ECFA592C98}\mpengine.dll
2013-05-21 17:36 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-13 20:53 . 2013-05-13 20:53 -------- d-----w- c:\program files\CCleaner
2013-05-13 08:11 . 2013-05-13 08:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SearchProtect
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 21:24 . 2012-04-03 15:40 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 21:24 . 2011-05-19 15:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2011-09-02 17:28 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 14:46 . 2013-04-23 14:46 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 14:46 . 2013-02-07 00:09 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-23 14:46 . 2012-07-31 20:45 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-23 14:46 . 2010-06-03 01:25 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-16 22:17 . 2007-12-18 15:55 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2007-12-18 15:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2007-12-18 15:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2007-12-18 15:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2007-12-18 15:55 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2012-03-13 03:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 20:54 . 2013-03-23 20:54 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2013-03-23 20:54 . 2013-03-23 20:54 256 ----a-w- c:\windows\system32\MSIevent.bat
2013-03-14 22:14 . 2011-12-11 20:45 57344 ----a-r- c:\documents and settings\RTM\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2013-03-14 22:08 . 2003-03-18 23:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2013-03-08 08:36 . 2007-12-18 15:55 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-03 23:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 10:38 . 2011-06-11 05:58 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-06 10:38 . 2011-06-11 05:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-27 07:56 . 2007-12-18 17:09 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-19 999424]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2003-02-27 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2003-02-27 40960]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\RTM\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2006-12-11 2332264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-8-3 221247]
Button Manager v1.874.lnk - c:\program files\INITIO\Button Manager v1.874\inihid.exe [2009-6-11 200704]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-10-28 270336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Studio\\FRegister.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Studio\\BCGUpdate.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Studio\\Summitsoft Products.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Studio\\BCGFonts.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\RTM\\Application Data\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [9/16/2011 7:13 PM 39528]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [8/3/2012 4:22 PM 352248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/11/2012 2:03 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/12/2012 11:16 PM 701512]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 2:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 2:01 AM 399416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/12/2012 11:16 PM 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S1 MpKsle8cba2bd;MpKsle8cba2bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76B708EA-F58C-4931-ADB3-05ECFA592C98}\MpKsle8cba2bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76B708EA-F58C-4931-ADB3-05ECFA592C98}\MpKsle8cba2bd.sys [?]
S2 gupdate1c9eb6e6a2cf652;Google Update Service (gupdate1c9eb6e6a2cf652);c:\program files\Google\Update\GoogleUpdate.exe [6/12/2009 10:59 AM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 07:19 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:25]
.
2013-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-05-23 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2010-10-28 19:24]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 14:59]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 14:59]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1858955132-4051103515-2010181815-1004Core.job
- c:\documents and settings\RTM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 22:04]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1858955132-4051103515-2010181815-1004UA.job
- c:\documents and settings\RTM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 22:04]
.
2013-05-23 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-05-23 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2011-02-14 19:33]
.
2013-05-23 c:\windows\Tasks\User_Feed_Synchronization-{42B34B0C-FFEC-4ADA-A4EF-B9A7AFE9D3CD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://headlines.verizon.com/headlines/portals/head
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.nero.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\uTorrentControl_v2\prxtbuTo0.dll
Toolbar-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\uTorrentControl_v2\prxtbuTo0.dll
HKLM-Run-SearchProtectAll - c:\program files\SearchProtect\bin\cltmng.exe
AddRemove-SearchProtect - c:\program files\SearchProtect\bin\uninstall.exe
AddRemove-Surf Canyon - c:\program files\Surf Canyon\uninstall.exe
AddRemove-uTorrentControl_v2 Toolbar - c:\program files\uTorrentControl_v2\uninstall.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\documents and settings\All Users\Application Data\BrowserProtect\2.6.1184.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-23 14:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2188)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Verizon\IHA_MessageCenter\bin\IHAMCNotify.exe
.
**************************************************************************
.
Completion time: 2013-05-23 14:12:46 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-23 18:12
.
Pre-Run: 206,098,583,552 bytes free
Post-Run: 206,698,172,416 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1C04CBB6DB4407739CC833FB5613B792


Here is theFRST.txt


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013
Ran by RTM (administrator) on 20-06-2013 18:13:11
Running from C:\Documents and Settings\RTM\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) c:\Program Files\Zune\ZuneBusEnum.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Roxio) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\INITIO\Button Manager v1.874\inihid.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [999424 2005-07-19] (SoftThinks)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [205480 2007-08-30] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [86960 2006-09-11] (Macrovision Corporation)
HKLM\...\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2003-02-27] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2003-02-27] (ScanSoft, Inc.)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [684032 2002-12-17] (Roxio)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [205480 2007-08-30] (Macrovision Corporation)
HKCU\...\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKU\BPM\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
HKU\BPM\...\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [ 2006-05-16] (OLYMPUS IMAGING CORP.)
HKU\BPM\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Button Manager v1.874.lnk
ShortcutTarget: Button Manager v1.874.lnk -> C:\Program Files\INITIO\Button Manager v1.874\inihid.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
Startup: C:\Documents and Settings\RTM\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe (Nuance Communications, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://headlines.verizon.com/headlines/portals/head
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
URLSearchHook: (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=42102&bs=true&tid=2876&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=42102&bs=true&tid=2876&q={searchTerms}
SearchScopes: HKLM - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm00360us&ptb=9FC627C6-1D3B-4AAA-865A-6520867BC7DE&psa=&ind=2011020314&ptnrS=XPxdm00360us&si=&st=sb&n=77ddbc1a&searchfor={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {1E5E0196-78CF-4C96-A4F1-B7972F60E7ED} URL = http://search.lycos.com/?query={searchTerms}
SearchScopes: HKCU - {1E8F7567-ED83-4814-9747-73650C0AA607} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKCU - {4FFCB51B-E5F5-4463-AAF6-FD53CD201458} URL = http://umibozu.net/index.php?q={searchTerms}
SearchScopes: HKCU - {52CEDE12-5ECE-4FAD-857E-D7503A45BA6B} URL = http://search.about.com/fullsearch.htm?TopNode=/&terms={searchTerms}&SUName=
SearchScopes: HKCU - {655859CF-C315-44BC-B8E7-0AA126C844BA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=1812E77E-0F5C-4AE9-93AB-E72BF428D2B8&apn_sauid=03B61675-6D1E-4385-B5F1-4456EAD5F046
SearchScopes: HKCU - {6BCE5F7C-0BEE-40FF-BD31-343E29DD21AA} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {6C353D22-663F-4067-B98C-F26E3B244A9C} URL = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm00360us&ptb=9FC627C6-1D3B-4AAA-865A-6520867BC7DE&psa=&ind=2011020314&ptnrS=XPxdm00360us&si=&st=sb&n=77ddbc1a&searchfor={searchTerms}
SearchScopes: HKCU - {ADF69B31-A517-4653-B596-A60D26F58178} URL = http://www.ted.com/search?q={searchTerms}
SearchScopes: HKCU - {C07CC363-CCF4-46B5-ABCE-3C894CE5B9F8} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {C160E6D3-FBD0-4D86-972E-EA85E16FAD74} URL = http://search.certified-toolbar.com?si=42102&bs=true&tid=2876&q={searchTerms}
SearchScopes: HKCU - {F28AEF20-F45E-40B7-90E3-3DFE8FF08B21} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20121040,6901,0,8,0
SearchScopes: HKCU - {FA29C134-57B7-4E88-9962-6FA11DD1EDBB} URL = http://www.shopzilla.com/{searchTerms}/search
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://headlines.verizon.com/%C2%ADheadlines/%C2%ADportals/%C2%ADheadlines.%C2%ADportal"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (TelevisionFanatic Plugin Stub) - C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: () - C:\Documents and Settings\RTM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon\1.0.0.1
CHR Extension: () - C:\Documents and Settings\RTM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.5
CHR Extension: (PlayBryte) - C:\Documents and Settings\RTM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohhaedikakmefakggjigmmbcmopoocbn\1.1_0
========================== Services (Whitelisted) =================
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [39528 2011-09-16] (ArcSoft Inc.)
R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176193 2005-12-12] (American Power Conversion Corporation)
S2 gupdate1c9eb6e6a2cf652; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-12] (Google Inc.)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [61424 2002-12-17] (Roxio)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [23436 2002-12-17] (Roxio)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [241152 2002-12-17] (Roxio)
R2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [41984 2005-07-06] (DeviceGuys, Inc.)
R3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [25898 2009-09-07] (Roxio)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [30630 2009-09-07] (Roxio)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [143834 2009-09-07] (Roxio)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [98944 2007-08-07] (Realtek Semiconductor Corporation )
R1 UdfReadr_xp; C:\Windows\System32\Drivers\UdfReadr_xp.sys [206464 2009-09-07] (Roxio)
R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S2 MCSTRM; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb.sys [x]
S3 RT61; system32\DRIVERS\RT61.sys [x]
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-20 18:12 - 2013-06-20 18:12 - 00000000 ____D C:\FRST
2013-06-20 18:11 - 2013-06-20 18:12 - 01368343 ____A (Farbar) C:\Documents and Settings\RTM\Desktop\FRST.exe
2013-06-20 18:08 - 2013-06-20 18:08 - 01929604 ____A (Farbar) C:\Documents and Settings\RTM\Desktop\FRST64.exe
2013-06-13 09:33 - 2013-06-13 09:33 - 00065536 ____A C:\Windows\Minidump\Mini061313-01.dmp
2013-06-12 03:11 - 2013-06-12 03:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-12 03:04 - 2013-06-12 03:11 - 00013110 ____A C:\Windows\iis6.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00005642 ____A C:\Windows\tsoc.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00004054 ____A C:\Windows\comsetup.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00003678 ____A C:\Windows\msmqinst.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00002460 ____A C:\Windows\ntdtcsetup.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00002166 ____A C:\Windows\netfxocm.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00000850 ____A C:\Windows\MedCtrOC.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00000684 ____A C:\Windows\ocmsn.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00000622 ____A C:\Windows\tabletoc.log
2013-06-12 03:04 - 2013-06-12 03:11 - 00000618 ____A C:\Windows\msgsocm.log
2013-06-12 03:04 - 2013-06-12 03:04 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-12 03:04 - 2013-06-12 03:04 - 00000000 ____A C:\Windows\setuperr.log
2013-06-12 03:04 - 2013-06-12 03:04 - 00000000 ____A C:\Windows\setupact.log
2013-06-12 03:03 - 2013-06-12 03:11 - 00012318 ____A C:\Windows\FaxSetup.log
2013-06-12 03:03 - 2013-06-12 03:11 - 00005912 ____A C:\Windows\ocgen.log
2013-06-12 03:03 - 2013-06-12 03:03 - 00002746 ____A C:\Windows\updspapi.log
2013-06-12 03:01 - 2013-06-12 03:04 - 00011242 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 02:29 - 2013-06-12 03:11 - 00014198 ____A C:\Windows\KB2839229.log
2013-06-09 19:17 - 2013-06-09 19:17 - 00001604 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2013-05-23 14:12 - 2013-05-23 14:12 - 00022727 ____A C:\ComboFix.txt
2013-05-23 13:57 - 2013-05-23 13:57 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-05-23 13:57 - 2013-05-23 13:57 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-05-23 13:57 - 2013-05-23 13:57 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-05-23 13:57 - 2013-05-23 13:57 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-05-23 13:56 - 2013-05-23 13:56 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-05-23 13:41 - 2013-01-30 13:05 - 00000211 ____A C:\Boot.bak
2013-05-23 13:40 - 2013-05-23 13:41 - 00000000 RASHD C:\cmdcons
2013-05-23 13:40 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr
2013-05-23 13:37 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-23 13:37 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-23 13:37 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-23 13:37 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-23 13:37 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-23 13:37 - 2000-08-30 20:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-05-23 13:37 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-23 13:37 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-23 13:37 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-23 13:36 - 2013-05-23 14:12 - 00000000 ___AD C:\Qoobox
2013-05-23 13:33 - 2013-05-23 13:32 - 05070388 ____R (Swearware) C:\Documents and Settings\RTM\Desktop\ComboFix.exe
2013-05-23 13:32 - 2013-05-23 14:09 - 00000000 ____D C:\Windows\erdnt
2013-05-23 13:16 - 2013-05-23 13:16 - 00002116 ____A C:\Documents and Settings\RTM\My Documents\RKreport[2]_D_05232013_02d1315.txt 5 23 13.txt
2013-05-23 13:15 - 2013-05-23 13:16 - 00002116 ____A C:\Documents and Settings\RTM\Desktop\RKreport[2]_D_05232013_02d1315.txt
2013-05-23 13:11 - 2013-05-23 13:11 - 00002443 ____A C:\Documents and Settings\RTM\Desktop\RKreport[1]_S_05232013_02d1311.txt
2013-05-23 13:06 - 2013-05-23 13:14 - 00000000 ____D C:\Documents and Settings\RTM\Desktop\RK_Quarantine
2013-05-23 12:29 - 2013-05-23 12:29 - 00019810 ____A C:\Documents and Settings\RTM\My Documents\AdwCleaner[S1].txt report 5 23 13.txt
2013-05-23 12:20 - 2013-05-23 12:28 - 00019810 ____A C:\AdwCleaner[S1].txt
2013-05-23 12:16 - 2013-05-23 12:16 - 00019416 ____A C:\Documents and Settings\RTM\My Documents\AdwCleaner[R1].txt 5 23 13.txt
2013-05-23 12:15 - 2013-05-23 12:15 - 00019416 ____A C:\AdwCleaner[R1].txt
2013-05-23 12:13 - 2013-05-23 12:13 - 00632031 ____A C:\Documents and Settings\RTM\Desktop\adwcleaner.exe
2013-05-23 12:10 - 2013-05-23 12:10 - 00001201 ____A C:\Documents and Settings\RTM\My Documents\checkup.txt 5 23 13.txt
==================== One Month Modified Files and Folders ========
2013-06-20 18:13 - 2007-12-18 13:10 - 01731960 ____A C:\Windows\WindowsUpdate.log
2013-06-20 18:12 - 2013-06-20 18:12 - 00000000 ____D C:\FRST
2013-06-20 18:12 - 2013-06-20 18:11 - 01368343 ____A (Farbar) C:\Documents and Settings\RTM\Desktop\FRST.exe
2013-06-20 18:08 - 2013-06-20 18:08 - 01929604 ____A (Farbar) C:\Documents and Settings\RTM\Desktop\FRST64.exe
2013-06-20 18:00 - 2009-06-23 18:31 - 00000450 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{42B34B0C-FFEC-4ADA-A4EF-B9A7AFE9D3CD}.job
2013-06-20 17:24 - 2009-06-30 01:54 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 17:19 - 2012-10-02 18:04 - 00001034 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1858955132-4051103515-2010181815-1004UA.job
2013-06-20 17:19 - 2012-04-03 11:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 13:45 - 2012-08-14 13:42 - 00000406 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-06-20 08:53 - 2007-12-18 13:14 - 00032418 ____A C:\Windows\SchedLgU.Txt
2013-06-20 06:19 - 2012-10-02 18:04 - 00000982 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1858955132-4051103515-2010181815-1004Core.job
2013-06-20 02:24 - 2009-06-30 01:54 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 22:33 - 2012-08-12 22:20 - 00000422 ____A C:\Windows\Tasks\ProgramUpdateCheck.job
2013-06-19 05:29 - 2012-08-14 13:17 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-18 15:49 - 2007-12-18 05:08 - 00000254 ____A C:\Windows\wiadebug.log
2013-06-18 15:48 - 2009-06-11 14:20 - 00002243 ____A C:\Documents and Settings\RTM\Desktop\PaperPort.lnk
2013-06-18 11:45 - 2011-02-03 14:10 - 00000000 ____D C:\Documents and Settings\RTM\My Documents\recipes
2013-06-17 12:57 - 2012-04-19 13:55 - 00000000 ____D C:\Documents and Settings\RTM\Application Data\Canon Easy-WebPrint EX
2013-06-16 01:37 - 2013-02-13 12:56 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-15 23:29 - 2010-11-28 18:52 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-06-13 11:08 - 2009-06-10 14:37 - 00000062 __ASH C:\Documents and Settings\RTM\Local Settings\desktop.ini
2013-06-13 11:08 - 2007-12-18 11:55 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-06-13 09:34 - 2007-12-18 05:08 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-13 09:33 - 2013-06-13 09:33 - 00065536 ____A C:\Windows\Minidump\Mini061313-01.dmp
2013-06-13 09:33 - 2010-01-18 19:53 - 00000000 ____D C:\Windows\Minidump
2013-06-13 09:33 - 2009-03-03 12:22 - 197668864 ____A C:\Windows\MEMORY.DMP
2013-06-13 09:33 - 2007-12-18 13:14 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-13 09:33 - 2007-12-18 13:14 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-13 09:33 - 2007-12-18 13:14 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-12 07:19 - 2012-04-03 11:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 07:19 - 2011-05-19 11:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 03:28 - 2009-06-10 14:37 - 00000178 ___SH C:\Documents and Settings\RTM\ntuser.ini
2013-06-12 03:13 - 2007-12-18 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-06-12 03:11 - 2013-06-12 03:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-12 03:11 - 2013-06-12 03:04 - 00013110 ____A C:\Windows\iis6.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00005642 ____A C:\Windows\tsoc.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00004054 ____A C:\Windows\comsetup.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00003678 ____A C:\Windows\msmqinst.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00002460 ____A C:\Windows\ntdtcsetup.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00002166 ____A C:\Windows\netfxocm.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00000850 ____A C:\Windows\MedCtrOC.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00000684 ____A C:\Windows\ocmsn.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00000622 ____A C:\Windows\tabletoc.log
2013-06-12 03:11 - 2013-06-12 03:04 - 00000618 ____A C:\Windows\msgsocm.log
2013-06-12 03:11 - 2013-06-12 03:03 - 00012318 ____A C:\Windows\FaxSetup.log
2013-06-12 03:11 - 2013-06-12 03:03 - 00005912 ____A C:\Windows\ocgen.log
2013-06-12 03:11 - 2013-06-12 02:29 - 00014198 ____A C:\Windows\KB2839229.log
2013-06-12 03:05 - 2009-06-15 13:55 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 03:04 - 2013-06-12 03:04 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-12 03:04 - 2013-06-12 03:04 - 00000000 ____A C:\Windows\setuperr.log
2013-06-12 03:04 - 2013-06-12 03:04 - 00000000 ____A C:\Windows\setupact.log
2013-06-12 03:04 - 2013-06-12 03:01 - 00011242 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 03:03 - 2013-06-12 03:03 - 00002746 ____A C:\Windows\updspapi.log
2013-06-12 03:03 - 2009-06-23 17:01 - 00000000 ____D C:\Windows\ie8updates
2013-06-09 19:42 - 2013-03-23 16:59 - 00002401 ____A C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
2013-06-09 19:42 - 2013-03-23 16:59 - 00000920 ____A C:\Windows\Output.txt
2013-06-09 19:17 - 2013-06-09 19:17 - 00001604 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2013-06-09 19:17 - 2009-06-11 15:06 - 00000000 ____D C:\Program Files\QuickTime
2013-06-09 19:16 - 2010-12-13 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2013-06-06 15:56 - 2009-06-10 21:53 - 00000000 ____D C:\Documents and Settings\RTM\My Documents\RT's saved email
2013-05-30 19:51 - 2009-06-11 14:42 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-23 16:39 - 2013-03-06 14:17 - 00015872 ____A C:\Documents and Settings\RTM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-23 14:12 - 2013-05-23 14:12 - 00022727 ____A C:\ComboFix.txt
2013-05-23 14:12 - 2013-05-23 13:36 - 00000000 ___AD C:\Qoobox
2013-05-23 14:09 - 2013-05-23 13:32 - 00000000 ____D C:\Windows\erdnt
2013-05-23 14:02 - 2007-12-18 11:55 - 00000264 ____A C:\Windows\system.ini
2013-05-23 14:01 - 2010-10-28 17:52 - 00000000 ____D C:\Program Files\FreeFileViewer
2013-05-23 13:58 - 2007-12-18 05:04 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-05-23 13:58 - 2007-12-18 05:04 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-05-23 13:58 - 2007-12-18 05:03 - 54001664 ____A C:\Windows\System32\config\software.bak
2013-05-23 13:58 - 2007-12-18 05:03 - 09699328 ____A C:\Windows\System32\config\system.bak
2013-05-23 13:58 - 2007-12-18 05:03 - 05242880 ____A C:\Windows\System32\config\default.bak
2013-05-23 13:57 - 2013-05-23 13:57 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-05-23 13:57 - 2013-05-23 13:57 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-05-23 13:57 - 2013-05-23 13:57 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-05-23 13:57 - 2013-05-23 13:57 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-05-23 13:56 - 2013-05-23 13:56 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-05-23 13:41 - 2013-05-23 13:40 - 00000000 RASHD C:\cmdcons
2013-05-23 13:41 - 2007-12-18 11:59 - 00000327 _RASH C:\boot.ini
2013-05-23 13:32 - 2013-05-23 13:33 - 05070388 ____R (Swearware) C:\Documents and Settings\RTM\Desktop\ComboFix.exe
2013-05-23 13:16 - 2013-05-23 13:16 - 00002116 ____A C:\Documents and Settings\RTM\My Documents\RKreport[2]_D_05232013_02d1315.txt 5 23 13.txt
2013-05-23 13:16 - 2013-05-23 13:15 - 00002116 ____A C:\Documents and Settings\RTM\Desktop\RKreport[2]_D_05232013_02d1315.txt
2013-05-23 13:14 - 2013-05-23 13:06 - 00000000 ____D C:\Documents and Settings\RTM\Desktop\RK_Quarantine
2013-05-23 13:11 - 2013-05-23 13:11 - 00002443 ____A C:\Documents and Settings\RTM\Desktop\RKreport[1]_S_05232013_02d1311.txt
2013-05-23 12:29 - 2013-05-23 12:29 - 00019810 ____A C:\Documents and Settings\RTM\My Documents\AdwCleaner[S1].txt report 5 23 13.txt
2013-05-23 12:28 - 2013-05-23 12:20 - 00019810 ____A C:\AdwCleaner[S1].txt
2013-05-23 12:16 - 2013-05-23 12:16 - 00019416 ____A C:\Documents and Settings\RTM\My Documents\AdwCleaner[R1].txt 5 23 13.txt
2013-05-23 12:15 - 2013-05-23 12:15 - 00019416 ____A C:\AdwCleaner[R1].txt
2013-05-23 12:13 - 2013-05-23 12:13 - 00632031 ____A C:\Documents and Settings\RTM\Desktop\adwcleaner.exe
2013-05-23 12:10 - 2013-05-23 12:10 - 00001201 ____A C:\Documents and Settings\RTM\My Documents\checkup.txt 5 23 13.txt
2013-05-23 11:21 - 2013-04-14 18:33 - 00000000 ____D C:\Windows\System32\NtmsData
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================



Here is the Addition.txt


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2013
Ran by RTM at 2013-06-20 18:16:34 Run:
Running from C:\Documents and Settings\RTM\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
µTorrent (Version: 3.3.0.29126)
2007 Microsoft Office system (Version: 12.0.6612.1000)
Acrobat.com (Version: 0.0.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Amazon Kindle
APC PowerChute Personal Edition (Version: 2.0)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 6 (Version: 6.0.0.92)
ArcSoft TotalMedia Backup & Record
Audio Creator LE (Version: 1.0)
Bing Bar (Version: 7.0.850.0)
Business Card Studio (Version: 1.6.0)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Button Manager v1.874 (Version: 1.8.7.004)
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-WebPrint EX
Canon MG6100 series MP Drivers
Canon MG6100 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 4.01)
Coupon Printer for Windows (Version: 5.0.0.1)
Critical Update for Windows Media Player 11 (KB959772)
Defraggler (Version: 2.10)
Dragon NaturallySpeaking 9 (Version: 9.10.0)
Easy CD Creator 5 Basic (Version: 5.3.4.21)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
File Type Assistant
Free File Viewer 2012
Free Internet Tuner v1.0.0.5 (Version: 1.0.0.5)
Free Windows Tuner v2.0.0.8 (Version: 2.0.0.8)
Google Chrome (Version: 65.61.49249)
Google Earth (Version: 6.2.0.5905)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
IHA_MessageCenter (Version: 1.8.70)
ImageMixer VCD/DVD2 for OLYMPUS (Version: 2.01.081)
Intel® Graphics Media Accelerator Driver
inTuneMP3 (Version: 1.5.0)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 45 (Version: 6.0.450)
LightScribe 1.6.45.1 (Version: 1.6.45.1)
Logo Design Studio (Version: 3.5.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Journal Viewer (Version: 1.5.2315.3)
Microsoft XML Parser (Version: 8.70.1104.04)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Music Manager
Music Transfer Utility Ver.2 (Version: 1.01.006)
Nero 7 Essentials (Version: 7.02.9463)
neroxml (Version: 1.0.0)
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.7.0)
OCA Client history tool install (Version: 8.3.0980)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OLYMPUS Master (Version: 1.31.2000)
PaperPort 9.0 (Version: 9.00.0000)
Picture Control Utility (Version: 1.4.10)
QuickTime (Version: 7.74.80.86)
Readiris Pro 9
Realtek High Definition Audio Driver (Version: 5.10.0.5473)
Revo Uninstaller 1.94 (Version: 1.94)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
SmarThru 4
SmarThru PC Fax
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
Spell Checker For OE 2.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
ViewNX 2 (Version: 2.7.2)
Vz In Home Agent (Version: 8.03.71)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
==================== Restore Points =========================
23-03-2013 15:28:27 Software Distribution Service 3.0
23-03-2013 20:53:34 Installed Vz In Home Agent.
24-03-2013 06:18:59 Software Distribution Service 3.0
24-03-2013 20:45:06 Software Distribution Service 3.0
25-03-2013 22:00:04 System Checkpoint
26-03-2013 14:46:44 Software Distribution Service 3.0
27-03-2013 14:45:38 Software Distribution Service 3.0
28-03-2013 16:42:19 System Checkpoint
29-03-2013 04:21:03 Software Distribution Service 3.0
30-03-2013 15:54:40 Software Distribution Service 3.0
31-03-2013 05:33:48 Software Distribution Service 3.0
31-03-2013 15:57:51 Software Distribution Service 3.0
01-04-2013 21:01:40 System Checkpoint
02-04-2013 15:02:40 Software Distribution Service 3.0
03-04-2013 15:42:31 System Checkpoint
03-04-2013 17:41:08 Software Distribution Service 3.0
04-04-2013 17:51:57 System Checkpoint
04-04-2013 23:03:05 Software Distribution Service 3.0
05-04-2013 23:44:12 System Checkpoint
06-04-2013 13:07:12 Software Distribution Service 3.0
07-04-2013 06:07:08 Software Distribution Service 3.0
07-04-2013 17:20:26 Software Distribution Service 3.0
08-04-2013 18:13:45 System Checkpoint
08-04-2013 23:24:27 Software Distribution Service 3.0
10-04-2013 00:09:13 System Checkpoint
10-04-2013 07:00:39 Software Distribution Service 3.0
10-04-2013 07:45:44 Software Distribution Service 3.0
11-04-2013 07:49:16 Software Distribution Service 3.0
12-04-2013 08:26:00 System Checkpoint
12-04-2013 14:03:50 Software Distribution Service 3.0
13-04-2013 14:09:22 System Checkpoint
13-04-2013 19:00:48 Software Distribution Service 3.0
14-04-2013 22:04:01 Software Distribution Service 3.0
15-04-2013 23:34:25 System Checkpoint
16-04-2013 14:49:47 Software Distribution Service 3.0
17-04-2013 14:45:56 Software Distribution Service 3.0
18-04-2013 16:18:01 Software Distribution Service 3.0
19-04-2013 16:48:47 System Checkpoint
19-04-2013 17:14:45 Software Distribution Service 3.0
20-04-2013 22:39:24 Revo Uninstaller's restore point - PlayBryte
20-04-2013 23:10:08 Software Distribution Service 3.0
22-04-2013 00:36:07 System Checkpoint
23-04-2013 01:28:46 System Checkpoint
23-04-2013 12:53:19 Software Distribution Service 3.0
24-04-2013 12:55:06 Software Distribution Service 3.0
26-04-2013 12:55:29 Software Distribution Service 3.0
27-04-2013 13:18:35 System Checkpoint
28-04-2013 05:37:18 Software Distribution Service 3.0
29-04-2013 06:00:49 Software Distribution Service 3.0
30-04-2013 06:02:13 Software Distribution Service 3.0
01-05-2013 06:47:50 System Checkpoint
01-05-2013 14:20:19 Software Distribution Service 3.0
02-05-2013 15:02:06 System Checkpoint
02-05-2013 23:33:13 Software Distribution Service 3.0
03-05-2013 23:52:55 System Checkpoint
04-05-2013 10:03:15 Software Distribution Service 3.0
05-05-2013 05:54:11 Software Distribution Service 3.0
05-05-2013 10:02:25 Software Distribution Service 3.0
06-05-2013 10:01:35 Software Distribution Service 3.0
07-05-2013 11:00:31 System Checkpoint
08-05-2013 01:12:46 Software Distribution Service 3.0
09-05-2013 01:11:18 Software Distribution Service 3.0
10-05-2013 02:04:06 System Checkpoint
10-05-2013 22:14:08 Software Distribution Service 3.0
12-05-2013 15:59:42 Software Distribution Service 3.0
13-05-2013 15:59:09 Software Distribution Service 3.0
13-05-2013 20:48:37 Revo Uninstaller's restore point - CCleaner
13-05-2013 22:31:11 Revo Uninstaller's restore point - Free Registry Tuner v1.0.0.7
13-05-2013 22:32:37 Revo Uninstaller's restore point - Free Registry Tuner v1.0.0.7
13-05-2013 22:50:49 Revo Uninstaller's restore point - Windows Media Player 11
14-05-2013 15:57:27 Software Distribution Service 3.0
15-05-2013 07:00:48 Software Distribution Service 3.0
16-05-2013 07:55:06 Software Distribution Service 3.0
18-05-2013 07:55:07 Software Distribution Service 3.0
20-05-2013 07:57:34 Software Distribution Service 3.0
21-05-2013 17:36:09 Software Distribution Service 3.0
22-05-2013 18:07:49 System Checkpoint
22-05-2013 18:49:22 Software Distribution Service 3.0
23-05-2013 22:00:55 System Checkpoint
24-05-2013 18:13:52 Software Distribution Service 3.0
25-05-2013 18:13:32 Software Distribution Service 3.0
26-05-2013 06:06:24 Software Distribution Service 3.0
26-05-2013 18:13:58 Software Distribution Service 3.0
27-05-2013 18:11:43 Software Distribution Service 3.0
28-05-2013 18:14:07 Software Distribution Service 3.0
29-05-2013 18:13:59 Software Distribution Service 3.0
30-05-2013 18:13:55 Software Distribution Service 3.0
31-05-2013 18:14:19 Software Distribution Service 3.0
01-06-2013 18:11:38 Software Distribution Service 3.0
02-06-2013 06:06:36 Software Distribution Service 3.0
02-06-2013 18:14:14 Software Distribution Service 3.0
03-06-2013 18:30:19 System Checkpoint
03-06-2013 23:51:44 Software Distribution Service 3.0
04-06-2013 23:49:25 Software Distribution Service 3.0
05-06-2013 23:51:17 Software Distribution Service 3.0
06-06-2013 23:54:32 Software Distribution Service 3.0
08-06-2013 01:29:58 System Checkpoint
08-06-2013 14:52:57 Software Distribution Service 3.0
09-06-2013 06:10:12 Software Distribution Service 3.0
09-06-2013 14:50:53 Software Distribution Service 3.0
10-06-2013 14:50:45 Software Distribution Service 3.0
11-06-2013 14:51:05 Software Distribution Service 3.0
12-06-2013 07:01:09 Software Distribution Service 3.0
13-06-2013 07:45:22 Software Distribution Service 3.0
14-06-2013 09:38:11 System Checkpoint
14-06-2013 13:48:42 Software Distribution Service 3.0
15-06-2013 13:48:30 Software Distribution Service 3.0
16-06-2013 05:40:47 Software Distribution Service 3.0
16-06-2013 13:48:41 Software Distribution Service 3.0
17-06-2013 13:48:35 Software Distribution Service 3.0
18-06-2013 13:46:25 Software Distribution Service 3.0
19-06-2013 13:48:33 Software Distribution Service 3.0
20-06-2013 13:48:37 Software Distribution Service 3.0
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/12/2013 09:45:01 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.2.223.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL
Error: (05/23/2013 00:20:53 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcShutting down. (Error: 997)
Error: (05/23/2013 07:39:47 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry policy file, C:\Documents and Settings\RTM\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).
Error: (05/23/2013 07:39:47 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry information at C:\Documents and Settings\RTM\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).
Error: (05/23/2013 07:39:47 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
Error: (05/23/2013 05:59:42 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry policy file, C:\Documents and Settings\RTM\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).
Error: (05/23/2013 05:59:42 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry information at C:\Documents and Settings\RTM\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).
Error: (05/23/2013 05:59:37 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
Error: (05/23/2013 04:17:27 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry policy file, C:\Documents and Settings\RTM\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).
Error: (05/23/2013 04:17:27 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry information at C:\Documents and Settings\RTM\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).
System errors:
=============
Error: (06/13/2013 11:11:28 AM) (Source: System Error) (User: )
Description: Error code 40000080, parameter1 8a7f8ad0, parameter2 8a0d7058, parameter3 805511dc, parameter4 00000001.
Error: (06/13/2013 09:34:18 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2
Error: (06/12/2013 03:32:00 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2
Error: (06/07/2013 10:38:40 AM) (Source: Service Control Manager) (User: )
Description: The Fax service failed to start due to the following error:
%%1053
Error: (06/07/2013 10:38:40 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Fax service to connect.
Error: (06/07/2013 10:38:35 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2
Error: (06/02/2013 07:39:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (06/02/2013 07:39:24 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
Error: (06/02/2013 07:39:23 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2
Error: (05/29/2013 11:05:50 AM) (Source: Print) (User: RONDA)
Description: The document Directions to Funeral Home -- Located near the major Long Island Jewish Cemeteries owned by RTM failed to print on printer Canon MG6100 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3145728. Number of bytes printed: 2471188. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\RONDA. Win32 error code returned by the print processor: Directions to Funeral Home -- Located near the major Long Island Jewish Cemeteries0. Directions to Funeral Home -- Located near the major Long Island Jewish Cemeteries1
Microsoft Office Sessions:
=========================
Error: (02/20/2013 03:10:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 181 seconds with 180 seconds of active time. This session ended with a crash.
Error: (02/20/2013 03:07:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7626 seconds with 5940 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 75%
Total physical RAM: 2037.8 MB
Available physical RAM: 497.23 MB
Total Pagefile: 3930.64 MB
Available Pagefile: 2284.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:290.7 GB) (Free:192.45 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:7.38 GB) (Free:0.48 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: A6597145)
Partition 1: (Active) - (Size=291 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=0C)
==================== End Of Log ============================



We are now complete on the steps you suggested & the info you requested.
I await your reply.
Thank you for working with me on this problem.
Sincerely,
Rondatm

Edited by Oh My, 20 June 2013 - 05:50 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:37 AM

Posted 20 June 2013 - 06:32 PM

Greetings Ronda,

Thank you for posting the information.

I do not see an antivirus program installed on your computer. I don't have Verizon so it may be that somehow they are providing it for you but if not please consider the information I am posting below. In addition I would like for you to do the following for me.

Also, can you clarify the email problem you are having. Is it that other people using Yahoo and ptd.net are receiving those errors when they try to send an email to your Verizon email account?

===================================================

No Antivirus Program Installed

-------------------
  • Please download and install an antivirus program, and make sure that you keep it updated.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Two good antivirus programs free for non-commercial home use are avast! Free Antivirus and Avira AntiVir Personal - Free Antivirus.
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you now have an antivirus program installed and working properly?
  • AdwCleaner log
  • Junkware log
  • Email clarification

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 rondatm

rondatm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:pennsylvania..USA
  • Local time:02:37 PM

Posted 20 June 2013 - 09:55 PM

Hi Gary,

 

I have Microsoft Security Essentials as my antivirus.

 

 

 The email problem I am having is intermittant....it happened over a 2-3 week period ...I only know of 2 people having this issue 1 using Yahoo and 1 using ptd.net ...they received failure notices when they tried to send an email to my Verizon email account.(Please see the failure notice below sent to me from the yahoo user...we were preparing & discussing an event, so there were several failure notices from them.) I use Outlook Express...the Verizon server sends my email to its own email box & forwards the mail to my Outlook Express box...the mail that received failure notices was not in either the Verizon or Outlook Express in boxes....at first we thought it only occurred as replies to my emails were failed, but that proved to be untrue...I did however, receive many other emails when these few had failed....might this be a Verizon problem???

 

Email address removed by Oh My.

 

 Here is the AdwCleaner

 

 

 

# AdwCleaner v2.301 - Logfile created 05/23/2013 at 12:20:53
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : rtm - R
# Boot Mode : Normal
# Running from : C:\Documents and Settings\rtm\Local Settings\Temporary Internet Files\Content.IE5\C4WI2M27\adwcleaner[1].exe
# Option [Delete]

 

***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Deleted on reboot : C:\Documents and Settings\rtm\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Documents and Settings\rtm\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\rtm\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\uTorrentControl_v2
Folder Deleted : C:\Documents and Settings\rtm\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\rtm\Application Data\file scout
Folder Deleted : C:\Documents and Settings\rtm\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\rtm\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\rtm\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\rtm\Application Data\SpeedanAlysis
Folder Deleted : C:\Documents and Settings\rtm\Application Data\StatusWinks
Folder Deleted : C:\Documents and Settings\rtm\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\rtm\Local Settings\Application Data\simplytech
Folder Deleted : C:\Documents and Settings\rtm\Local Settings\Application Data\uTorrentControl_v2
Folder Deleted : C:\Documents and Settings\rtm\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Surf Canyon
Folder Deleted : C:\Program Files\uTorrentControl_v2
Folder Deleted : C:\Program Files\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\a28bdab339ed45
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B278D9F8-0FA9-465E-9938-0C392605D8E3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\a28bdab339ed45
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3197087
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\iWon
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E0CB510-A89E-432F-837C-4A8422B2ADA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFFEBCD2-4739-454E-9714-130491D23DED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Surf Canyon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\uTorrentControl_v2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=42102&bs=true&tid=2876&q=%s --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=42102&bs=true&tid=2876&q=%s --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876 --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\rtm\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1815] : homepage = "hxxp://www.delta-search.com/?affID=121284&tt=0112_8&babsrc=HP_ss&mntrId=a4e37514000[...]

*************************

AdwCleaner[R1].txt - [19416 octets] - [23/05/2013 12:15:04]
AdwCleaner[S1].txt - [19679 octets] - [23/05/2013 12:20:53]

########## EOF - C:\AdwCleaner[S1].txt - [19740 octets] ##########

 

 

Junkware Removal tool

 

I downloaded Junkware Removal Tool onto my desktop but could not run it as administrator because I could not remember my password for it...can I reset the password or should I just run it as rtm???

 

Am stopping to get some sleep now...be back tomorrow.

 

Sincerely,

rondatm


Edited by Oh My, 20 June 2013 - 09:59 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:37 AM

Posted 20 June 2013 - 10:11 PM

Hi Ronda,

 

Feel free to pick this up tomorrow, I know it is late there.  Sorry I see Security Essentials now.

 

might this be a Verizon problem???

 

Based on your explanation and the information you provided that I have since removed because of the email addresses, I think you are correct.  I am not seeing any evidence of malicious software which would cause what you are describing.

 

Please run Junkware in whatever fashion you need to.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 rondatm

rondatm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:pennsylvania..USA
  • Local time:02:37 PM

Posted 21 June 2013 - 11:15 AM

Hi Gary,

Thank you for your oversight & insight.

 

Here is the Junkware log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by rtmon Fri 06/21/2013 at 12:03:44.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\surfcanyon.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axshdocvw.axwebbrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\surfcanyon.bhosite
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\surfcanyon.bhosite.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\surfcanyon.showsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\surfcanyon.showsettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3197087
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3277370
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1E5E0196-78CF-4C96-A4F1-B7972F60E7ED}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{655859CF-C315-44BC-B8E7-0AA126C844BA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C353D22-663F-4067-B98C-F26E3B244A9C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C160E6D3-FBD0-4D86-972E-EA85E16FAD74}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

 

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\ronda throne-murray\Local Settings\Application Data\iac"
Successfully deleted: [Folder] "C:\Documents and Settings\ronda throne-murray\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\coupons"

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/21/2013 at 12:06:42.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

That's it for now.

Best wishes,

Rondatm

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:37 AM

Posted 21 June 2013 - 12:39 PM

Good Day Ronda,

Lot's of stuff removed.  Let's run the below scans to look for leftover malware.

===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon 1208__malwarebytes.png and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes results
  • ESET results (no log if nothing found)
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 rondatm

rondatm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:pennsylvania..USA
  • Local time:02:37 PM

Posted 21 June 2013 - 08:09 PM

Hi Gary,

I hope that all is well with you.

 

I ran Malware & Eset as instructed.

 

Here is the Malware log

 

2013/06/21 11:04:04 -0400 R rtm MESSAGE Executing scheduled update:  Daily
2013/06/21 11:04:26 -0400 R rtm MESSAGE Starting database refresh
2013/06/21 11:04:26 -0400 R rtm MESSAGE Stopping IP protection
2013/06/21 11:04:26 -0400 R rtm MESSAGE IP Protection stopped successfully
2013/06/21 11:04:26 -0400 R rtm MESSAGE Scheduled update executed successfully:  database updated from version v2013.06.20.07 to version v2013.06.21.04
2013/06/21 11:04:39 -0400 R rtm MESSAGE Database refreshed successfully
2013/06/21 11:04:39 -0400 R rtm MESSAGE Starting IP protection
2013/06/21 11:04:51 -0400 R rtm MESSAGE IP Protection started successfully
2013/06/21 12:00:52 -0400 R rtm MESSAGE Stopping IP protection
2013/06/21 12:00:52 -0400 R rtm MESSAGE IP Protection stopped successfully
2013/06/21 12:01:19 -0400 R rtm MESSAGE Stopping protection
2013/06/21 12:01:19 -0400 R rtm MESSAGE Protection stopped successfully
2013/06/21 12:09:51 -0400 R rtm MESSAGE Starting protection
2013/06/21 12:09:51 -0400 R rtm MESSAGE Protection started successfully
2013/06/21 12:09:52 -0400 R rtm MESSAGE Starting IP protection
2013/06/21 12:10:01 -0400 R rtm MESSAGE IP Protection started successfully
2013/06/21 15:43:19 -0400 R rtm MESSAGE Starting database refresh
2013/06/21 15:43:19 -0400 R rtm MESSAGE Stopping IP protection
2013/06/21 15:43:19 -0400 R rtm MESSAGE IP Protection stopped successfully
2013/06/21 15:43:34 -0400 R rtm MESSAGE Database refreshed successfully
2013/06/21 15:43:34 -0400 R rtm MESSAGE Starting IP protection
2013/06/21 15:43:45 -0400 R rtm MESSAGE IP Protection started successfully
2013/06/21 18:53:03 -0400 R rtm MESSAGE Starting database refresh
2013/06/21 18:53:03 -0400 R rtm MESSAGE Stopping IP protection
2013/06/21 18:53:03 -0400 R rtm MESSAGE IP Protection stopped successfully
2013/06/21 18:53:19 -0400 R rtm MESSAGE Database refreshed successfully
2013/06/21 18:53:19 -0400 R rtm MESSAGE Starting IP protection
2013/06/21 18:53:30 -0400 R rtm MESSAGE IP Protection started successfully

 

 

 

Here is the Eset log

 

 

 C:\Documents and Settings\ronda throne-murray\Application Data\Free Internet Tuner\fituner.exe multiple threats
C:\Documents and Settings\ronda throne-murray\Application Data\Free Registry Tuner\frtuner.exe multiple threats
C:\Documents and Settings\ronda throne-murray\Local Settings\Temporary Internet Files\Content.IE5\9JREKZHD\metrics[1].htm HTML/Iframe.B.Gen virus
C:\Documents and Settings\ronda throne-murray\My Documents\My Downloads\Downloads2\InternetTurbo-BitTorrent-a\InternetTurboSetup__1814_i1675065_il1537.exe Win32/Amonetize.A.Gen application
C:\Documents and Settings\ronda throne-murray\My Documents\My Downloads\myers\Update.exe a variant of Win32/AirAdInstaller.A application


 

 

 

How my computer is running

 

I have not spent much time at the computer other than running these scans ...

I have received email (I have not gotten any info from anyone about failure notices, but you may be the only person I have communicated with by computer). I have not emailled with the 2 problem people since we started...I will do so over the weekend.

 

Also, my speed seems slow ...loading internet pages, opening word docs (loading the program before the word doc opens)...not sure why...any thoughts?

 

That's it for now, Gary.

I really appreciate your help & guidance.

Sincerely,

Rondatm

 

 

 

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:37 AM

Posted 21 June 2013 - 08:41 PM

Hi Ronda,

Doing great, thanks. Hope the same for you
 
Did you scan your computer with Malwarebytes?
 
Please run this program for me.
 
===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop. 
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE:  It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.  TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================
  • Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 rondatm

rondatm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:pennsylvania..USA
  • Local time:02:37 PM

Posted 22 June 2013 - 10:55 PM

Hi Gary,

Checking back in...

I have emailed back & forth with the person using ptd.net & things seem to be good there.  I emailed the yahoo user, but have not had a reply yet (& they are the one that I had the most occurrances with the failed mail delivery).

 

TFC

 

I had trouble running TFC (I tried 3 times). 

The first time I hit run program...it turned off Microsoft Security Essentials...the warning box came up & I tried to close it (That may have been my mistake)...the computer froze (the clock stopped). I had to unplug the power to get the computer to shut down & restart. After it restarted there was a new icon on the desktop called "Thumbs.db" when I moved the pointer over the name the info box said it was a database file...modified12/13/09...13.0kb.

 

The second try I turned off Microsoft Security Essentials before I ran TFC...the warning box came up & the computer also froze shortly after that ... the info box about TFC's progress said "stopping running processes"    Once again I unplugged the power to get the computer to shut down & restart.

 

The third time I turned off  Microsoft Security Essentials, the firewall & Malware before I ran TFC...the warning box came up again & the computer froze again shortly after that ... the info box about TFC's progress said "stopping running processes" but did get 1 step further & said "getting user folders" before it froze.  I thought that maybe I was being impatient so I left it for 7hrs but no change/progress occurred as far as I could tell...I came back at 6:15pm & the clock still said 11:20am...the progress loading bar never got 1 green bar...some clearing of the temp folder must have occurred because I was no long signed in to Bleeping Computer when I tried to hit the "reply to this post" button to give you a report.

 

The difference

 

The computer was running faster after the Eset scan (before the TFC scan attempts)...once again the comuter is slow to connect to the internet & to load pages.

 

 

 

I was happy to be making progress but now am feeling a little frustrated     :smash:

so I took a bit of a break before touching base with you. 

 

Sincerely,

Rondatm

 

 

 

 

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:37 AM

Posted 23 June 2013 - 08:39 AM

Hi Ronda,

That is unique behavior and frustrating I am sure. Thanks for the hard work. Please try to run it in Safe Mode. It generally takes a little bit to run but if it seems like it is stuck don't wait too long. If you see no progress for 5 minutes shut it down and let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 rondatm

rondatm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:pennsylvania..USA
  • Local time:02:37 PM

Posted 23 June 2013 - 01:06 PM

Hi Gary,

I got into safe mode but the TFC.exe icon was no longer on the desktop ...I tried to do a search but going to the start button then all programs... windows search but the search would not turn on.

I even tried to work from start button...run...TFC,exe but that was also unsuccessful.

 

 

 

It seems that I need some direction here. :blink:

Sincerely,

Ronda 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:37 AM

Posted 23 June 2013 - 02:14 PM

Boot into Safe Mode with Networking and download the program again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 rondatm

rondatm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:pennsylvania..USA
  • Local time:02:37 PM

Posted 23 June 2013 - 09:08 PM

Hi Gary,

Hooray...I was finally able to run TFC!

 

I also have emailed back & forth with the yahoo user who had received the multiple failed mail delivery notices...sending & receiving email seems to be good now. 

 

Also, the connection & page loading speeds have sped up & seem good now.! :bananas:

 

My desktop has gotten rather crowded with copies of the reports/logs for all the programs I have loaded & run to fix  my computer issues as well as the program icons...i.e. Adware cleaner, ComboFix, Junkware remover,FRST, TFC, Eset Smart Installer, Rogue Killer quarantine, & the Thumbs.db...I guess that I can get rid of the logs/reports but what about these downloaded programs?  As far as I can tell, they are only located on my desktop (no sign of them in my downloads or downloaded program files or in the All Programs menu that pops up from the start button).

 

Also, I had been using a program called Free Internet Tuner to speed up my internet speed...should I discontinue its use?

Are there any other programs that you think that I should or shouldn't use in the future?

 

I am really thankful for all your patience & help.

Best wishes always,

Rondatm

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users