Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer won't run. Computer super slow. PUP.inbox.toolbar found.


  • This topic is locked This topic is locked
31 replies to this topic

#1 mediamom

mediamom

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 31 December 2013 - 11:23 PM

Computer (XP) is painfully slow. Internet Explorer 8 will not run even after reinstall.  Opens and freezes.  Chrome runs but is super slow.  Malwarebytes found PUP.Optional.inbox.toolbar A. Thank you for your help!

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by WE at 22:59:49 on 2013-12-31
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.301 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\OnlineVault\OVTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.net
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://att.net
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = 127.0.0.1
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DSS] c:\windows\bbstore\dss\dssagent.exe
mRun: [Online Vault] "c:\program files\onlinevault\OVTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster platinum 18.1\Remind.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1313771123718
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{23F0D695-5889-44D9-A475-E6C67B618A52} : DHCPNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - 
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-2-29 188272]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-21 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-14 701512]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-2-29 64080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-14 22856]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\drivers\tdx.sys --> c:\windows\system32\drivers\tdx.sys [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\system32\svchost.exe -k NetSvcs [2005-8-16 14336]
S3 WinDefend;Windows Defender;c:\windows\system32\svchost.exe -k secsvcs [2005-8-16 14336]
.
=============== Created Last 30 ================
.
2013-12-31 19:53:05 -------- dc-h--w- c:\windows\ie8
2013-12-31 19:17:50 -------- d-----w- c:\windows\_ISTMP1.DIR
.
==================== Find3M  ====================
.
2013-12-10 21:31:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:31:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-06 17:53:19 1409 ----a-w- c:\windows\QTFont.for
2013-10-17 02:36:59 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 02:36:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 23:00:31.46 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 05 January 2014 - 11:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519203 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 06 January 2014 - 08:55 AM

Thank you for your help.  The computer is still very slow and Internet Explorer 8 will not run.  It opens and freezes.  Chrome works but is very slow.  I do not have the windows CD for this computer.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by WE at 8:46:28 on 2014-01-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.567 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\OnlineVault\OVTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehRec.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.net
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://att.net
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = 127.0.0.1
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DSS] c:\windows\bbstore\dss\dssagent.exe
mRun: [Online Vault] "c:\program files\onlinevault\OVTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1313771123718
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{23F0D695-5889-44D9-A475-E6C67B618A52} : DHCPNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - 
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R? iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200
R? tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004
R? WinDefend;Windows Defender
S? Amsp;Trend Micro Solution Platform
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? McrdSvc;Media Center Extender Service
S? PMBDeviceInfoProvider;PMBDeviceInfoProvider
S? tmevtmgr;tmevtmgr
.
=============== Created Last 30 ================
.
2013-12-31 19:53:05 -------- dc-h--w- c:\windows\ie8
2013-12-31 19:17:50 -------- d-----w- c:\windows\_ISTMP1.DIR
.
==================== Find3M  ====================
.
2013-12-10 21:31:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:31:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-06 17:53:19 1409 ----a-w- c:\windows\QTFont.for
2013-10-17 02:36:59 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 02:36:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH:  8:49:31.42 ===============


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 PM

Posted 07 January 2014 - 10:18 AM

Greetings mediamom and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run these programs for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Clean and close programs if necessary
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 08 January 2014 - 02:38 PM

Hi Gary! 

Thanks for helping me!  Adcleaner ran but error-ed out when I tried to clean.  Everything else ran fine.

 

Adcleaner

# AdwCleaner v3.016 - Report created 08/01/2014 at 14:12:13
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : WE - RB
# Running from : C:\Documents and Settings\WE\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\searchplugins\askcomsearch.xml
File Found : C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\searchplugins\MyStart Search.xml
Folder Found : C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Found C:\Documents and Settings\WE\Application Data\24x7 help
Folder Found C:\Documents and Settings\WE\Application Data\Inbox Toolbar
Folder Found C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\ConduitCommon
Folder Found C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\CT2724386
Folder Found C:\Documents and Settings\WE\Local Settings\Application Data\Conduit
Folder Found C:\Program Files\Conduit
 
***** [ Shortcuts ] *****
 
Shortcut Found : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar\Help.lnk ( /showurl hxxp://toolbar.inbox.com/faq.aspx )
Shortcut Found : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk ( /showurl hxxp://www.inbox.com/homepage.aspx?tbid=80114&iwk=258&lng=en )
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\CToolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CD10120B-C165-4F8D-8C74-639629E238FF}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Found : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\CToolbar
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\prefs.js ]
 
Line Found : user_pref("CT2724386..clientLogIsEnabled", false);
Line Found : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2724386.BrowserCompStateIsOpen_129464706887642629", true);
Line Found : user_pref("CT2724386.BrowserCompStateIsOpen_129681655908744368", true);
Line Found : user_pref("CT2724386.BrowserCompStateIsOpen_129723002078767475", true);
Line Found : user_pref("CT2724386.CT2724407.CommunityChanged", true);
Line Found : user_pref("CT2724386.CT2724407.alertChannelId", "1116673");
Line Found : user_pref("CT2724386.CT2724431.CommunityChanged", true);
Line Found : user_pref("CT2724386.CT2724431.alertChannelId", "1116697");
Line Found : user_pref("CT2724386.CT2727162.CommunityChanged", true);
Line Found : user_pref("CT2724386.CT2727162.alertChannelId", "1119424");
Line Found : user_pref("CT2724386.CT2727622.CommunityChanged", true);
Line Found : user_pref("CT2724386.CT2727622.alertChannelId", "1119884");
Line Found : user_pref("CT2724386.CT2727646.CommunityChanged", true);
Line Found : user_pref("CT2724386.CT2727646.alertChannelId", "1119908");
Line Found : user_pref("CT2724386.CT2727678.CommunityChanged", true);
Line Found : user_pref("CT2724386.CT2727678.alertChannelId", "1119940");
Line Found : user_pref("CT2724386.CT2727750.CommunityChanged", true);
Line Found : user_pref("CT2724386.CT2727750.alertChannelId", "1120012");
Line Found : user_pref("CT2724386.CTID", "CT2724386");
Line Found : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Fri Jan 13 2012 13:14:09 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT2724407,CT2724431,CT2727162,CT2727622,CT2727646,CT2727678,CT2727750[...]
Line Found : user_pref("CT2724386.CommunityChanged", true);
Line Found : user_pref("CT2724386.CurrentServerDate", "13-6-2012");
Line Found : user_pref("CT2724386.DSInstall", false);
Line Found : user_pref("CT2724386.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2724386.DialogsGetterLastCheckTime", "Mon Jun 11 2012 12:02:35 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.DownloadReferralCookieData", "");
Line Found : user_pref("CT2724386.FirstServerDate", "16-12-2011");
Line Found : user_pref("CT2724386.FirstTime", true);
Line Found : user_pref("CT2724386.FirstTimeFF3", true);
Line Found : user_pref("CT2724386.FixPageNotFoundErrors", false);
Line Found : user_pref("CT2724386.GroupingLastCheckTime", "Fri Jan 13 2012 13:14:09 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2724386.GroupingLastErrorCode", "");
Line Found : user_pref("CT2724386.GroupingLastResponse", true);
Line Found : user_pref("CT2724386.GroupingLastServerUpdateTime", "129707049990000000");
Line Found : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2724386.HPInstall", false);
Line Found : user_pref("CT2724386.HasUserGlobalKeys", true);
Line Found : user_pref("CT2724386.HomePageProtectorEnabled", false);
Line Found : user_pref("CT2724386.HomepageBeforeUnload", "hxxp://mystart.incredimail.com/?a=1pcrjNOs89S");
Line Found : user_pref("CT2724386.Initialize", true);
Line Found : user_pref("CT2724386.InitializeCommonPrefs", true);
Line Found : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2724386.InstallationId", "ConduitStubGeneric");
Line Found : user_pref("CT2724386.InstallationType", "ConduitStubIntegration");
Line Found : user_pref("CT2724386.InstalledDate", "Fri Dec 16 2011 10:30:45 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2724386.InvalidateCache", false);
Line Found : user_pref("CT2724386.IsAlertDBUpdated", true);
Line Found : user_pref("CT2724386.IsGrouping", false);
Line Found : user_pref("CT2724386.IsInitSetupIni", true);
Line Found : user_pref("CT2724386.IsMulticommunity", false);
Line Found : user_pref("CT2724386.IsOpenThankYouPage", false);
Line Found : user_pref("CT2724386.IsOpenUninstallPage", true);
Line Found : user_pref("CT2724386.LanguagePackLastCheckTime", "Wed Jun 13 2012 13:38:49 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2724386.LastLogin_3.10.0.1", "Mon Jun 11 2012 12:02:35 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.LastLogin_3.13.0.6", "Wed Jun 13 2012 13:38:47 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.LastLogin_3.8.0.8", "Wed Dec 28 2011 10:01:51 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2724386.LastLogin_3.8.1.0", "Wed Feb 08 2012 20:12:03 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2724386.LastLogin_3.9.0.3", "Mon Apr 16 2012 10:23:16 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.LatestVersion", "3.13.0.6");
Line Found : user_pref("CT2724386.Locale", "en");
Line Found : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2724386.OriginalFirstVersion", "3.8.0.8");
Line Found : user_pref("CT2724386.RadioIsPodcast", false);
Line Found : user_pref("CT2724386.RadioLastCheckTime", "Wed Jun 13 2012 13:38:47 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2724386.RadioLastUpdateServer", "129249036863500000");
Line Found : user_pref("CT2724386.RadioMediaID", "21080102");
Line Found : user_pref("CT2724386.RadioMediaType", "Media Player");
Line Found : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102");
Line Found : user_pref("CT2724386.RadioShrinkedFromSetup", false);
Line Found : user_pref("CT2724386.RadioStationName", "Mix%201620%20Am");
Line Found : user_pref("CT2724386.RadioStationURL", "hxxp://69.115.65.9:8000");
Line Found : user_pref("CT2724386.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT2724386.SearchCaption", "IncrediMail MediaBar 2 Customized Web Search");
Line Found : user_pref("CT2724386.SearchEngineBeforeUnload", "MyStart Search");
Line Found : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724386&SearchSource=2&q=");
Line Found : user_pref("CT2724386.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Wed Jun 13 2012 13:38:47 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2724386.SearchProtectorEnabled", false);
Line Found : user_pref("CT2724386.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT2724386.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2724386.ServiceMapLastCheckTime", "Wed Jun 13 2012 13:38:47 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.SettingsLastCheckTime", "Wed Jun 13 2012 13:38:46 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.SettingsLastUpdate", "1337862673");
Line Found : user_pref("CT2724386.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2724386&SearchSource=13");
Line Found : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Mon Jun 11 2012 12:02:32 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1331805997");
Line Found : user_pref("CT2724386.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386");
Line Found : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2724386.UserID", "UN03906237285862413");
Line Found : user_pref("CT2724386.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2724386.WeatherNetwork", "");
Line Found : user_pref("CT2724386.WeatherPollDate", "Mon Jun 11 2012 12:34:48 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.WeatherUnit", "F");
Line Found : user_pref("CT2724386.alertChannelId", "1116652");
Line Found : user_pref("CT2724386.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e.:2z527", "2423");
Line Found : user_pref("CT2724386.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e06cg5el8:", "6E6D6F6B6F6E736E6E77");
Line Found : user_pref("CT2724386.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757175747974747D242F4B49474F42357D5D5C3D");
Line Found : user_pref("CT2724386.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A3951485367756363677575676B65527D7275624B645453515[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("CT2724386.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Found : user_pref("CT2724386.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Line Found : user_pref("CT2724386.backendstorage./9b-0?3g>d", "6A6C6B6A733E6D6F7A4244464A207B494C4C254C4F7B7E2A2427252B2C25255A2C5D5D30");
Line Found : user_pref("CT2724386.backendstorage./9b-0?3g@6:5;", "");
Line Found : user_pref("CT2724386.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232C2F30313237425C6453685A64536C56685C5C676264523B6F756B65745D");
Line Found : user_pref("CT2724386.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Found : user_pref("CT2724386.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Line Found : user_pref("CT2724386.backendstorage./9b5ba==9cjag", "6A6E3E706A6F426E7A7171737549497E7A7C212124");
Line Found : user_pref("CT2724386.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6B6F6E736D7777757275");
Line Found : user_pref("CT2724386.backendstorage./9b9643g3/9e", "6A");
Line Found : user_pref("CT2724386.backendstorage./9b<:222h64<", "393F352F3E");
Line Found : user_pref("CT2724386.backendstorage./9b=+03eh8h8j?:", "4443");
Line Found : user_pref("CT2724386.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("CT2724386.backendstorage./9b?b0d:8aj62<h", "6D");
Line Found : user_pref("CT2724386.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Line Found : user_pref("CT2724386.backendstorage.cb_firstuse0100", "31");
Line Found : user_pref("CT2724386.backendstorage.cb_user_id_000", "43423438343533353938363337315F46697265666F78");
Line Found : user_pref("CT2724386.backendstorage.cbcountry_000", "5553");
Line Found : user_pref("CT2724386.backendstorage.cbfirsttime", "5765642046656220303120323031322032303A30393A313320474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api16_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "31613632326335386131656661333530");
Line Found : user_pref("CT2724386.backendstorage.shoppingapp.gk.exipres", "536174204A756E20313620323031322031323A30323A333820474D542D3034303020284561737465726E204461796C696768742054696D6529");
Line Found : user_pref("CT2724386.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Line Found : user_pref("CT2724386.backendstorage.url_history", "687474703A2F2F726573312E77696E646F77732E6D6963726F736F66742E636F6D2F726573626F782F656E2F57696E646F7773253230372F6D61696E2F30313864666462352D323731342[...]
Line Found : user_pref("CT2724386.backendstorage.url_history0001", "687474703A2F2F77696E646F77732E6D6963726F736F66742E636F6D2F656E2D55532F77696E646F77732F646F776E6C6F6164732F706572736F6E616C697A652F77616C6C7061706[...]
Line Found : user_pref("CT2724386.backendstorage.url_history_time", "31333238313435303232343239");
Line Found : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Mon Jun 11 2012 12:02:35 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2724386.initDone", true);
Line Found : user_pref("CT2724386.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2724386.isFirstRadioInstallation", false);
Line Found : user_pref("CT2724386.myStuffEnabled", true);
Line Found : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2724386.oldAppsList", "129248961427290040,129248961427290041,111,129681805661586396,129682450357013079,1000082,129822434187259743,129464706887642629,129464706887955131,1000234,12924896406[...]
Line Found : user_pref("CT2724386.revertSettingsEnabled", false);
Line Found : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2724386.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2724386.testingCtid", "");
Line Found : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Wed Jun 13 2012 13:38:49 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Mon Jun 11 2012 12:02:36 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2724386.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2724386/CT2724386", "\"efb11611f5fb4966407251270dde566a1\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", "\"1329747516\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:145a\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:145a\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:127c\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"801a319dd78ccc1:12da\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386", "\"d76323372b05c3748a3d6b1c93a98292\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\WE\\Application Data\\Mozilla\\Firefox\\Profiles\\dooawzly.default\\conduitCommon\\modules\\3.13.0.6");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1pcrjNOs89S&search=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2724386");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2724386");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2724386");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jun 11 2012 12:02:35 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "19e736de-1e5b-47f7-9aa3-268e175d3d93");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 11 2012 12:02:35 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 11 2012 12:02:42 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jun 13 2012 13:38:50 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "d0c6a655-728c-4897-8547-36f36acfc1df");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredimail.com/?a=1pcrjNOs89S");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", """);
 
-\\ Google Chrome v32.0.1700.72
 
[ File : C:\Documents and Settings\WE\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
 
*************************
 
AdwCleaner[R0].txt - [33829 octets] - [08/01/2014 14:12:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [33890 octets] ##########
 
JUNKWARE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by WE on Wed 01/08/2014 at 14:17:25.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\online vault
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.appserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.ibx404
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2724386
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D9DD0B96-39A0-493E-B923-0F0D6D8CA3BC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Documents and Settings\WE\Local Settings\Application Data\{0B4BE3C4-B34A-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]
Successfully deleted: [File] C:\Documents and Settings\WE\Local Settings\Application Data\{6F185CE9-AF01-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\WE\Application Data\onlinevault"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\onlinevault"
Successfully deleted: [Folder] C:\Documents and Settings\WE\Local Settings\Application Data\{0B4BE3C4-B34A-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]
Successfully deleted: [Folder] C:\Documents and Settings\WE\Local Settings\Application Data\{6F185CE9-AF01-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/08/2014 at 14:27:39.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01
Ran by WE (administrator) on RB on 08-01-2014 14:29:02
Running from C:\Documents and Settings\WE\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [EPSON Stylus CX3800 Series] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACA.EXE [98304 2005-02-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [116752 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [98304 2007-01-04] (Apple Computer, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DSS] - C:\WINDOWS\BBStore\DSS\dssagent.exe
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [OE_OEM] - "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)
HKU\Default User\...\Run: [OE_OEM] - "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
ShortcutTarget: AT&T Self Support Tool.lnk -> C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files\PrintMaster Platinum 18.1\Remind.exe (Broderbund Properties LLC)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope {A6AC6053-970E-4686-9740-B05DCEF5325D} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKCU - {04B8B81F-BDD9-4149-B466-75893FF8DF21} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {A6AC6053-970E-4686-9740-B05DCEF5325D} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKCU - {F0BCBBCE-6AC5-4638-AD7D-D85F0C619604} URL = http://delicious.com/search?p={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\
FF HKCU\...\Firefox\Extensions: [{6F185CE9-AF01-11E1-8270-B8AC6F996F26}] - C:\Documents and Settings\WE\Local Settings\Application Data\{6F185CE9-AF01-11E1-8270-B8AC6F996F26}\
FF HKCU\...\Firefox\Extensions: [{0B4BE3C4-B34A-11E1-8270-B8AC6F996F26}] - C:\Documents and Settings\WE\Local Settings\Application Data\{0B4BE3C4-B34A-11E1-8270-B8AC6F996F26}\
 
Chrome: 
=======
CHR HomePage: hxxp://att.yahoo.com/
CHR RestoreOnStartup: "hxxp://att.yahoo.com/"
CHR DefaultSearchKeyword: inbox.com
CHR DefaultSearchProvider: Inbox
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\WE\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\WE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Documents and Settings\WE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\WE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\WE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\WE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\WE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 ELService; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [180224 2006-06-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 [x]
S2 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2007-01-04] (Windows ® 2000 DDK provider)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)
R3 ELacpi; C:\Windows\System32\DRIVERS\ELacpi.sys [9728 2006-05-09] (Intel Corporation)
R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-09] (Intel Corporation)
R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-09] (Intel Corporation)
R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-09] (Intel Corporation)
R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-09] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2004-11-22] (Motive, Inc.)
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2004-11-22] (Motive, Inc.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation )
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-07-24] (SigmaTel, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2012-02-29] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2012-02-29] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2012-02-29] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2012-02-29] (Trend Micro Inc.)
S3 bvrp_pci; No ImagePath
U5 Messenger; C:\Windows\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 tdx; system32\DRIVERS\tdx.sys [x]
U2 TMAgent; 
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U3 mbr; \??\C:\DOCUME~1\WE\LOCALS~1\Temp\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
2014-01-08 14:29 - 2014-01-08 14:29 - 00017858 _____ C:\Documents and Settings\WE\Desktop\FRST.txt
2014-01-08 14:28 - 2014-01-08 14:28 - 00000000 ____D C:\FRST
2014-01-08 14:27 - 2014-01-08 14:27 - 00006072 _____ C:\Documents and Settings\WE\Desktop\JRT.txt
2014-01-08 14:17 - 2014-01-08 14:17 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-08 14:11 - 2014-01-08 14:15 - 00000000 ____D C:\AdwCleaner
2014-01-08 14:11 - 2014-01-08 14:07 - 01065947 _____ (Farbar) C:\Documents and Settings\WE\Desktop\FRST.exe
2014-01-08 14:11 - 2014-01-08 14:06 - 01233962 _____ C:\Documents and Settings\WE\Desktop\AdwCleaner.exe
2014-01-08 14:11 - 2014-01-08 14:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\WE\Desktop\JRT.exe
2014-01-06 08:49 - 2014-01-06 08:49 - 00017523 _____ C:\Documents and Settings\WE\Desktop\attach.txt
2014-01-06 08:49 - 2014-01-06 08:49 - 00008671 _____ C:\Documents and Settings\WE\Desktop\dds.txt
2013-12-31 23:00 - 2013-12-31 23:00 - 00018068 _____ C:\Documents and Settings\WE\Desktop\attach1.txt
2013-12-31 23:00 - 2013-12-31 23:00 - 00009641 _____ C:\Documents and Settings\WE\Desktop\dds1.txt
2013-12-31 18:54 - 2013-12-31 18:48 - 00688992 ____R (Swearware) C:\Documents and Settings\WE\Desktop\dds.com
2013-12-31 17:04 - 2013-12-31 17:04 - 00010103 _____ C:\Documents and Settings\WE\Desktop\hijackthis.log
2013-12-31 14:54 - 2013-12-31 14:57 - 00007481 _____ C:\WINDOWS\spupdsvc.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00006789 _____ C:\WINDOWS\iis6.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00006160 _____ C:\WINDOWS\FaxSetup.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00002956 _____ C:\WINDOWS\ocgen.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00002822 _____ C:\WINDOWS\tsoc.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00002061 _____ C:\WINDOWS\comsetup.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00001934 _____ C:\WINDOWS\msmqinst.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00001083 _____ C:\WINDOWS\netfxocm.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000689 _____ C:\WINDOWS\plusoc.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000430 _____ C:\WINDOWS\MedCtrOC.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000342 _____ C:\WINDOWS\ocmsn.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000338 _____ C:\WINDOWS\ehOCGen.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000311 _____ C:\WINDOWS\tabletoc.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000309 _____ C:\WINDOWS\msgsocm.log
2013-12-31 14:53 - 2013-12-31 14:53 - 00000000 __HDC C:\WINDOWS\ie8
2013-12-31 14:52 - 2013-12-31 14:54 - 00086091 _____ C:\WINDOWS\ie8.log
2013-12-31 14:40 - 2013-12-31 14:54 - 00079114 _____ C:\WINDOWS\updspapi.log
2013-12-31 14:40 - 2013-12-31 14:41 - 00046272 _____ C:\WINDOWS\ie8Uninst.log
2013-12-31 14:17 - 2013-12-31 14:21 - 00000000 ____D C:\WINDOWS\_ISTMP1.DIR
2013-12-23 13:47 - 2013-12-23 13:47 - 00024576 _____ C:\Documents and Settings\WE\My Documents\Arizona Spaghetti.lbl
2013-12-22 12:14 - 2013-12-22 12:14 - 00023040 _____ C:\Documents and Settings\WE\My Documents\Phase 10.lbl
 
==================== One Month Modified Files and Folders =======
 
2014-01-08 14:29 - 2014-01-08 14:29 - 00017858 _____ C:\Documents and Settings\WE\Desktop\FRST.txt
2014-01-08 14:29 - 2012-05-14 07:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-08 14:28 - 2014-01-08 14:28 - 00000000 ____D C:\FRST
2014-01-08 14:27 - 2014-01-08 14:27 - 00006072 _____ C:\Documents and Settings\WE\Desktop\JRT.txt
2014-01-08 14:17 - 2014-01-08 14:17 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-08 14:15 - 2014-01-08 14:11 - 00000000 ____D C:\AdwCleaner
2014-01-08 14:07 - 2014-01-08 14:11 - 01065947 _____ (Farbar) C:\Documents and Settings\WE\Desktop\FRST.exe
2014-01-08 14:06 - 2014-01-08 14:11 - 01233962 _____ C:\Documents and Settings\WE\Desktop\AdwCleaner.exe
2014-01-08 14:06 - 2014-01-08 14:11 - 01037068 _____ (Thisisu) C:\Documents and Settings\WE\Desktop\JRT.exe
2014-01-08 14:05 - 2012-09-06 20:38 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 09:05 - 2012-09-06 20:38 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-08 01:05 - 2005-08-16 05:49 - 00032512 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-07 20:06 - 2013-03-23 16:49 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-06 08:50 - 2013-03-11 11:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ATTYToolbar
2014-01-06 08:49 - 2014-01-06 08:49 - 00017523 _____ C:\Documents and Settings\WE\Desktop\attach.txt
2014-01-06 08:49 - 2014-01-06 08:49 - 00008671 _____ C:\Documents and Settings\WE\Desktop\dds.txt
2014-01-06 08:46 - 2005-08-16 05:38 - 00000000 ____D C:\WINDOWS\Registration
2014-01-06 08:45 - 2007-01-04 08:35 - 00039472 _____ C:\WINDOWS\system32\nvapps.xml
2014-01-06 08:45 - 2005-08-16 05:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-06 08:45 - 2005-08-16 05:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-06 08:45 - 2005-08-16 05:35 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-01-06 08:45 - 2005-08-16 05:18 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-31 23:00 - 2013-12-31 23:00 - 00018068 _____ C:\Documents and Settings\WE\Desktop\attach1.txt
2013-12-31 23:00 - 2013-12-31 23:00 - 00009641 _____ C:\Documents and Settings\WE\Desktop\dds1.txt
2013-12-31 22:54 - 2013-08-01 21:02 - 00000738 _____ C:\WINDOWS\setupact.log
2013-12-31 22:49 - 2007-01-22 20:16 - 00000278 ___SH C:\Documents and Settings\WE\ntuser.ini
2013-12-31 22:49 - 2005-08-16 05:40 - 01267447 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-31 22:48 - 2007-01-04 08:50 - 00000000 ____D C:\Program Files\Dell
2013-12-31 22:48 - 2007-01-04 08:50 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-12-31 22:48 - 2007-01-04 08:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2013-12-31 22:46 - 2007-07-27 08:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2013-12-31 22:46 - 2007-07-27 08:08 - 00000000 ____D C:\Program Files\Canon
2013-12-31 22:42 - 2007-01-04 08:57 - 00000000 ____D C:\WINDOWS\occache
2013-12-31 22:38 - 2007-01-24 19:53 - 00000000 ____D C:\Program Files\Web Publish
2013-12-31 22:38 - 2005-08-16 05:40 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-31 22:38 - 2005-08-16 05:22 - 00000000 ____D C:\WINDOWS\Help
2013-12-31 18:52 - 2013-06-29 19:47 - 00059655 _____ C:\WINDOWS\setupapi.log
2013-12-31 18:51 - 2007-01-26 18:14 - 00002497 _____ C:\Documents and Settings\WE\Desktop\Microsoft Office Word 2003.lnk
2013-12-31 18:48 - 2013-12-31 18:54 - 00688992 ____R (Swearware) C:\Documents and Settings\WE\Desktop\dds.com
2013-12-31 17:04 - 2013-12-31 17:04 - 00010103 _____ C:\Documents and Settings\WE\Desktop\hijackthis.log
2013-12-31 15:10 - 2010-12-29 10:49 - 00000000 ____D C:\Documents and Settings\WE\Desktop\Unused Desktop Shortcuts
2013-12-31 14:57 - 2013-12-31 14:54 - 00007481 _____ C:\WINDOWS\spupdsvc.log
2013-12-31 14:56 - 2007-01-22 20:16 - 00000803 _____ C:\Documents and Settings\WE\Start Menu\Programs\Internet Explorer.lnk
2013-12-31 14:56 - 2005-08-16 05:22 - 00000000 ____D C:\WINDOWS\Media
2013-12-31 14:54 - 2013-12-31 14:54 - 00006789 _____ C:\WINDOWS\iis6.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00006160 _____ C:\WINDOWS\FaxSetup.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00002956 _____ C:\WINDOWS\ocgen.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00002822 _____ C:\WINDOWS\tsoc.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00002061 _____ C:\WINDOWS\comsetup.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00001934 _____ C:\WINDOWS\msmqinst.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00001083 _____ C:\WINDOWS\netfxocm.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000689 _____ C:\WINDOWS\plusoc.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000430 _____ C:\WINDOWS\MedCtrOC.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000342 _____ C:\WINDOWS\ocmsn.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000338 _____ C:\WINDOWS\ehOCGen.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000311 _____ C:\WINDOWS\tabletoc.log
2013-12-31 14:54 - 2013-12-31 14:54 - 00000309 _____ C:\WINDOWS\msgsocm.log
2013-12-31 14:54 - 2013-12-31 14:52 - 00086091 _____ C:\WINDOWS\ie8.log
2013-12-31 14:54 - 2013-12-31 14:40 - 00079114 _____ C:\WINDOWS\updspapi.log
2013-12-31 14:54 - 2013-11-27 13:33 - 00063859 _____ C:\WINDOWS\ie8_main.log
2013-12-31 14:53 - 2013-12-31 14:53 - 00000000 __HDC C:\WINDOWS\ie8
2013-12-31 14:46 - 2007-01-04 08:58 - 00000000 ____D C:\Program Files\Google
2013-12-31 14:41 - 2013-12-31 14:40 - 00046272 _____ C:\WINDOWS\ie8Uninst.log
2013-12-31 14:32 - 2007-01-22 20:16 - 00000000 ____D C:\Documents and Settings\WE\Local Settings\Application Data\Google
2013-12-31 14:21 - 2013-12-31 14:17 - 00000000 ____D C:\WINDOWS\_ISTMP1.DIR
2013-12-25 22:57 - 2005-08-16 05:49 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2013-12-23 13:54 - 2009-12-02 16:36 - 00000000 ____D C:\Documents and Settings\WE\My Documents\Address Lables
2013-12-23 13:47 - 2013-12-23 13:47 - 00024576 _____ C:\Documents and Settings\WE\My Documents\Arizona Spaghetti.lbl
2013-12-23 13:27 - 2013-06-29 19:46 - 00002273 _____ C:\Documents and Settings\All Users\Desktop\PrintMaster Platinum 18.1.lnk
2013-12-23 13:27 - 2005-08-16 05:38 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-12-22 12:14 - 2013-12-22 12:14 - 00023040 _____ C:\Documents and Settings\WE\My Documents\Phase 10.lbl
2013-12-14 16:04 - 2011-01-07 22:35 - 00000000 ____D C:\Documents and Settings\WE\My Documents\RECIPES
2013-12-10 16:31 - 2012-05-14 07:32 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-10 16:31 - 2012-05-14 07:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
 
ZeroAccess:
C:\Windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}
 
ZeroAccess:
C:\Documents and Settings\WE\Local Settings\Application Data\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}
 
Some content of TEMP:
====================
C:\Documents and Settings\WE\Local Settings\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-01-2014 01
Ran by WE at 2014-01-08 14:29:54
Running from C:\Documents and Settings\WE\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {7D2296BC-32CC-4519-917E-52E652474AF5}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
American Greetings CreataCard Select 6 (Version:  - )
AOLIcon (Version: 1.00.0000 - Dell) Hidden
AT&T Self Support Tool (Version:  - )
att.net Toolbar (Version:  - )
ATT-AACE (Version:  - )
ATT-RC Self Support Tool (Version:  - )
BroadJump Client Foundation (Version:  - )
Canon Digital Camera USB WIA Driver (Version:  - )
CCleaner (Version: 3.19 - Piriform)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (Version:  - )
Consumer Complete Care Services Agreement (Version: 1.10.0000 - Dell)
Critical Update for Windows Media Player 11 (KB959772) (Version:  - Microsoft Corporation)
Dell Driver Reset Tool (Version: 1.02.0000 - Dell Inc.)
Dell Support 3.2.1 (Version: 5.5.2087 - Dell)
Dell System Restore (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (Version: 1.00.0000 - Dell)
Digital Line Detect (Version: 1.10 - BVRP Software, Inc)
Documentation & Support Launcher (Version: 1.00.0000 - Dell Inc.)
EarthLink Setup Files (Version: 2005.2.178.0.2.2 - EarthLink, Inc.)
EPSON CX 3800 Guide (Version:  - )
EPSON Printer Software (Version:  - )
EPSON Scan (Version:  - )
Games, Music, & Photos Launcher (Version: 1.00.0000 - Dell Inc.)
GemMaster Mystic (Version:  - )
Google Chrome (Version: 32.0.1700.72 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (Version: 1.0.0 - Trend Micro)
Intel® Matrix Storage Manager (Version:  - )
Intel® PRO Network Connections (Version:  - Dell)
Intel® Quick Resume Technology Drivers (Version:  - )
Intel® Viiv™ Software (Version: 1.0.3.2019 - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656353) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Basic Edition 2003 (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation) Hidden
Modem Helper (Version: 2.40 - BVRP Software)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (Version:  - )
Online Vault (Version:  - Crawler.com)
PMB (Version: 5.2.00.03250 - Sony Corporation)
PrintMaster Platinum 18.1 (Version: 18.01.0000 - Broderbund Software)
Qualxserve Service Agreement (Version: 1.11.0000 - Dell)
QuickTime (Version:  - )
RealPlayer Basic (Version:  - )
Roxio DLA (Version: 5.2.0 - Roxio)
Roxio Express Labeler (Version: 2.1.0 - Roxio)
Roxio MyDVD LE (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (Version: 2.0.4 - Roxio)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sonic Encoders (Version: 1.00 - Sonic Solutions)
Sonic Update Manager (Version: 3.0.0 - Sonic Solutions)
Trend Micro Titanium Maximum Security (Version: 3.1.1109 - Trend Micro Inc.)
Trend Micro™ Titanium™ Maximum Security (Version: 3.00 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB910393) (Version:  - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB913800) (Version:  - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB926251) (Version:  - Microsoft Corporation) Hidden
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (Version:  - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (Version:  - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 10 (Version: 9.00.3636 - Microsoft Corporation) Hidden
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (Version:  - Microsoft Corporation)
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Detect (Version:  - )
Yahoo! Install Manager (Version:  - )
Yahoo! Software Update (Version:  - )
 
==================== Restore Points  =========================
 
01-01-2014 03:48:02 Removed Dell CinePlayer
06-01-2014 14:32:33 System Checkpoint
07-01-2014 14:45:09 System Checkpoint
08-01-2014 15:35:10 System Checkpoint
 
==================== Hosts content: ==========================
 
2005-08-16 05:18 - 2012-06-14 06:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Disk Cleanup.job => C:\WINDOWS\system32\cleanmgr.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-29 13:38 - 2012-02-29 13:34 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2012-02-29 13:38 - 2012-02-29 13:34 - 00057344 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2012-02-29 13:38 - 2012-02-29 13:34 - 00442368 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2012-02-29 13:38 - 2012-02-29 13:34 - 01081344 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2012-02-29 13:35 - 2012-02-29 13:35 - 00174432 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2005-08-16 05:18 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-08-16 05:18 - 2011-11-03 10:28 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2005-08-16 05:18 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-16 05:18 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/31/2013 10:52:17 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed
 
Error: (12/31/2013 02:47:11 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (12/31/2013 02:47:11 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (12/31/2013 02:47:11 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (12/31/2013 02:47:11 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (12/25/2013 09:35:13 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\WE\MY DOCUMENTS\MY PICTURES\IMG001.~TM> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/24/2013 10:08:56 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\WE\MY DOCUMENTS\MY PICTURES\IMG001.~TM> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/13/2013 09:20:44 PM) (Source: Application Error) (User: )
Description: Faulting application pmw.exe, version 18.1.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.
Processing media-specific event for [pmw.exe!ws!]
 
Error: (11/13/2013 09:18:04 PM) (Source: Application Error) (User: )
Description: Faulting application pmw.exe, version 18.1.0.0, faulting module pmwtruetype.dll, version 18.1.0.0, fault address 0x00011ec1.
Processing media-specific event for [pmw.exe!ws!]
 
Error: (09/12/2013 05:49:57 AM) (Source: Media Center Scheduler) (User: )
Description: Guide load caused an exception.
 
 
System errors:
=============
Error: (01/06/2014 08:46:31 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/06/2014 08:45:48 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service failed to start due to the following error: 
%%1290
 
Error: (01/06/2014 08:45:48 AM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: nsi
 
Error: (01/06/2014 08:45:48 AM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start due to the following error: 
%%2
 
Error: (12/31/2013 10:52:25 PM) (Source: Service Control Manager) (User: )
Description: The COM+ System Application service failed to start due to the following error: 
%%1053
 
Error: (12/31/2013 10:52:25 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
 
Error: (12/31/2013 10:52:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service COMSysApp with arguments ""
in order to run the server:
{ECABAFBC-7F19-11D2-978E-0000F8757E2A}
 
Error: (12/31/2013 10:51:46 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/31/2013 10:51:42 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service failed to start due to the following error: 
%%1290
 
Error: (12/31/2013 10:51:42 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: nsi
 
 
Microsoft Office Sessions:
=========================
Error: (12/31/2013 10:52:17 PM) (Source: COM+)(User: )
Description: Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed
 
Error: (12/31/2013 02:47:11 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (12/31/2013 02:47:11 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (12/31/2013 02:47:11 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (12/31/2013 02:47:11 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (12/25/2013 09:35:13 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\WE\MY DOCUMENTS\MY PICTURES\IMG001.~TM
 
Error: (12/24/2013 10:08:56 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\WE\MY DOCUMENTS\MY PICTURES\IMG001.~TM
 
Error: (11/13/2013 09:20:44 PM) (Source: Application Error)(User: )
Description: pmw.exe18.1.0.0ntdll.dll5.1.2600.605500011780
 
Error: (11/13/2013 09:18:04 PM) (Source: Application Error)(User: )
Description: pmw.exe18.1.0.0pmwtruetype.dll18.1.0.000011ec1
 
Error: (09/12/2013 05:49:57 AM) (Source: Media Center Scheduler)(User: )
Description: Guide load caused an exception.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 1021.85 MB
Available physical RAM: 516 MB
Total Pagefile: 2459.66 MB
Available Pagefile: 1916.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:293.39 GB) (Free:272.98 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PM18PLATINST) (CDROM) (Total:4.21 GB) (Free:0 GB) CDFS
Drive j: (LEXAR MEDIA) (Fixed) (Total:0.48 GB) (Free:0.06 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=DB)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 496 MB) (Disk ID: 0AF78602)
Partition 1: (Not Active) - (Size=495 MB) - (Type=04)
 
==================== End Of Log ============================
 
Thanks again!
 
de
 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 PM

Posted 08 January 2014 - 04:33 PM

Greetings and glad we are working together. I have some things for you to do but I must advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Run: [DSS] - C:\WINDOWS\BBStore\DSS\dssagent.exe
C:\WINDOWS\BBStore\DSS\dssagent.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 bvrp_pci; No ImagePath
C:\Windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}
C:\Documents and Settings\WE\Local Settings\Application Data\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}
C:\Documents and Settings\WE\Local Settings\temp\Quarantine.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlog
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 08 January 2014 - 05:20 PM

Oh boy.  The infected computer belongs to friends of mine (older couple).  The conduct all their banking and bill paying on it.  I found a similar Trojan on their laptop about 6 months ago. I had them stop using it until I had time to run the logs by you guys. So I think we should just reformat.  I have a couple of questions:

 

  1. Are any of my machines at risk because I connected their computer to my home network?
  2. Can we save any of the files from the computer or at they at risk of being infected?
  3. Is the jumpdrive I used in the computer at risk of infection?
  4. Can you remind me how to reformat and reload windows as it has been over a decade since I have had to do so.  :)
  5. Would you recommend reformatting their laptop as well?


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 PM

Posted 08 January 2014 - 05:25 PM

Have to run out for a bit but I will respond as soon as I return.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 PM

Posted 08 January 2014 - 07:45 PM

Hi and thanks for your patience.
 

Are any of my machines at risk because I connected their computer to my home network?

I don't think you have to worry unless you are experiencing symptoms.
 
----------
 

Can we save any of the files from the computer or at they at risk of being infected?

The data files should be OK.  I would suggest we continue to clean the computer even if you decide a reformat/reinstall is necessary.  Have your friends noticed any financial institution irregularities or any compromises on sites they log into using a user name and password?
 
----------
 

Is the jumpdrive I used in the computer at risk of infection?

I doubt it but it can be scanned if you want.
 
----------
 

Can you remind me how to reformat and reload windows as it has been over a decade since I have had to do so

Of course.
 
----------
 

Would you recommend reformatting their laptop as well?

If they haven't see any irregularities as I described above I wouldn't worry about it.
 
---------
 
I don't know if this would help or hurt but often times people ask what they should do in response to a backdoor trojan.  Here is my reply:
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.


If you need some time to digest this and speak with your friends by all means do not feel rushed to let me know. I have lots of other work to do while you decide. :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 09 January 2014 - 05:28 PM

Ok Gary.  Thanks!  I'd probably feel safer just reformatting. Should we go ahead and clean it first? I can follow your previous instructions tonight.  Then I'll be out of town until Sunday.

 

malwarebytes found a backdoor Trojan on the laptop too.  :( So I should probably reformat that for them too.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 PM

Posted 09 January 2014 - 06:09 PM

Greetings,

 

If you are going to save and transfer data files after reformat and OS reinstall I would recommend cleaning everything first.  It is up to you.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 09 January 2014 - 06:57 PM

OK.  I will work on cleaning it now.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 PM

Posted 09 January 2014 - 07:09 PM

Sounds good. I think the added work will result in a little more peace of mind.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 09 January 2014 - 08:31 PM

Hi Gary,

 

Here are the logs thus far.  Combofix ran without a problem.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-01-2014 01
Ran by WE at 2014-01-09 20:00:17 Run:1
Running from C:\Documents and Settings\WE\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [DSS] - C:\WINDOWS\BBStore\DSS\dssagent.exe
C:\WINDOWS\BBStore\DSS\dssagent.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 bvrp_pci; No ImagePath
C:\Windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}
C:\Documents and Settings\WE\Local Settings\Application Data\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}
C:\Documents and Settings\WE\Local Settings\temp\Quarantine.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DSS => Value deleted successfully.
"C:\WINDOWS\BBStore\DSS\dssagent.exe" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
bvrp_pci => Service deleted successfully.
C:\Windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d} => Moved successfully.
C:\Documents and Settings\WE\Local Settings\Application Data\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d} => Moved successfully.
C:\Documents and Settings\WE\Local Settings\temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

 

ComboFix 14-01-08.03 - WE 01/09/2014  20:07:43.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.366 [GMT -5:00]
Running from: c:\documents and settings\WE\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\WE\WINDOWS
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-10 to 2014-01-10  )))))))))))))))))))))))))))))))
.
.
2014-01-08 19:28 . 2014-01-08 19:28 -------- d-----w- C:\FRST
2014-01-08 19:17 . 2014-01-08 19:17 -------- d-----w- c:\windows\ERUNT
2014-01-08 19:11 . 2014-01-08 19:15 -------- d-----w- C:\AdwCleaner
2013-12-31 19:53 . 2013-12-31 19:53 -------- dc-h--w- c:\windows\ie8
2013-12-31 19:17 . 2013-12-31 19:21 -------- d-----w- c:\windows\_ISTMP1.DIR
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 21:31 . 2012-05-14 12:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:31 . 2012-05-14 12:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-06 17:53 . 2013-11-06 17:53 1409 ----a-w- c:\windows\QTFont.for
2013-10-17 02:36 . 2013-10-17 02:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 02:36 . 2013-10-17 02:37 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2013-07-10 1508120]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-04 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe -boot [2007-9-22 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-4 24576]
Event Reminder.lnk - c:\program files\PrintMaster Platinum 18.1\Remind.exe [2010-4-7 344064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 11:51 442455 ----a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-03-24 20:42 599328 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-01-04 13:56 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [2/29/2012 1:38 PM 188272]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/21/2013 7:37 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/14/2012 9:16 AM 701512]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/29/2012 1:39 PM 64080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/14/2012 9:16 AM 22856]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/16/2005 5:18 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-08 01:06 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 21:31]
.
2013-12-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-07 01:38]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-07 01:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-SmileboxTray - c:\documents and settings\WE\Application Data\Smilebox\SmileboxTray.exe
AddRemove-{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1 - c:\program files\OnlineVault\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-09 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1560)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\windows\system32\dllhost.exe
c:\windows\SoftwareDistribution\Download\Install\NDP20SP2-KB2686828-x86.exe
c:\ef0069f0946a26541f011a55883289b4\HotFixInstaller.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2014-01-09  20:28:10 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-10 01:28
.
Pre-Run: 293,010,624,512 bytes free
Post-Run: 293,521,072,128 bytes free
.
- - End Of File - - 4672A117DE024B582C19F0D2B22BC854
5CB90281D1A59B251F6603134774EEC3

 

I will check back here on Sunday night.  Thanks!

 

de
 

 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 PM

Posted 09 January 2014 - 10:32 PM

Welcome back :)

Do you have the Windows XP installation disk?

Let's run one more program.

===================================================

Run TDSSKiller by Kaspersky on XP

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


tdss2.png


  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


tdss4.png


  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users