Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

in my Email accounts, aweber marketing links get redirected


  • This topic is locked This topic is locked
12 replies to this topic

#1 TonyinTexas

TonyinTexas

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 03 April 2014 - 08:17 PM

I have whitelisted several marketing leaders that send me emails every day and I welcome them. However their aweber links are gettting redirected to minisites that are all make money  online from home type of spam ads. I know the market formats the leaders use and the landing pages are not their work.

 

So I think I have malware that is grabbing aweber links and redirecting. This does not happen with raw links or direct links

 

This forum saved my behind 2 years ago and I come back with full trust and appreciation. I know there are some steps to manage and I am up for that and replete with patience toward completion. I also know that these steps  may already exist and it may be me walking therough the steps. I am willing to do either.

 

So ,,,  Sensai   what is first step?

 

Tony   aka  McAllenMobile


Edited by McAllenMobile, 03 April 2014 - 08:19 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:24 AM

Posted 08 April 2014 - 08:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 TonyinTexas

TonyinTexas
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 12 April 2014 - 09:56 AM

Thank you I will take action today and report.



#4 TonyinTexas

TonyinTexas
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 13 April 2014 - 04:38 PM

Reports according to your directive

  1. Copy and paste Malware Log
  2. Copy and paste AdwCleaner[S1].txt
  3. Copy and paste FRST.txt
  4. Attach Addition.txt

 

  1. Copy and paste Malware Log

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 4/13/2014 2:10:16 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malware Protection, Starting,
Protection, 4/13/2014 2:10:16 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malware Protection, Started,
Protection, 4/13/2014 2:10:16 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Starting,
Protection, 4/13/2014 2:10:23 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Started,
Update, 4/13/2014 2:11:50 PM, SYSTEM, OWNER-A18C7AA1D, Scheduler, Malware Database, 2014.4.6.4, 2014.4.13.6,
Protection, 4/13/2014 2:11:52 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Refresh, Starting,
Protection, 4/13/2014 2:11:52 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Stopping,
Protection, 4/13/2014 2:11:53 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Stopped,
Protection, 4/13/2014 2:13:03 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Refresh, Success,
Protection, 4/13/2014 2:13:03 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Starting,
Protection, 4/13/2014 2:13:17 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Started,
Protection, 4/13/2014 2:46:34 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Stopping,
Protection, 4/13/2014 2:46:34 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Stopped,
Protection, 4/13/2014 2:46:34 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Starting,
Protection, 4/13/2014 2:46:52 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Started,
Protection, 4/13/2014 3:55:25 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malware Protection, Starting,
Protection, 4/13/2014 3:55:26 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malware Protection, Started,
Protection, 4/13/2014 3:55:26 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Starting,
Protection, 4/13/2014 3:55:37 PM, SYSTEM, OWNER-A18C7AA1D, Protection, Malicious Website Protection, Started,

(end)

        Copy and Paste ADWCleanerS1.txt

 

# AdwCleaner v3.023 - Report created 13/04/2014 at 15:24:22
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - OWNER-A18C7AA1D
# Running from : C:\Documents and Settings\Owner\desktop\Support Programs\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\MyStart Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\QuickSet
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FinalMediaPlayer
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Program Files\FinalMediaPlayer
Folder Deleted : C:\Program Files\Mega Browse
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\FileTypeAssistant
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\FinalMediaPlayer
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Owner\Application Data\FinalMediaPlayer
Folder Deleted : C:\Documents and Settings\Owner\My Documents\Mobogenie
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\user.js
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uqt87fsz.default\user.js
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{992177A5-DF3C-4EC2-B779-6A5F94704CCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFBAF9B2-2093-4D16-9D1F-348AE68408E4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7A55CBB2-2B2E-4A41-9DE1-6AC5D2C2BE0A}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\mystarttb\dtuser.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\mystarttb\ToolbarCleaner.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\File Type Assistant\tsassist.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\prefs.js ]

Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Line Deleted : user_pref("extensions.s4fToolbar.si-blekko-domainlinks", true);
Line Deleted : user_pref("extensions.s4fToolbar.si-blekko-rank", true);

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uqt87fsz.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fjpdfj3k.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [72492 octets] - [03/11/2013 18:20:02]
AdwCleaner[R1].txt - [7413 octets] - [13/04/2014 15:09:47]
AdwCleaner[S0].txt - [71135 octets] - [03/11/2013 18:23:31]
AdwCleaner[S1].txt - [7492 octets] - [13/04/2014 15:24:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7552 octets] ##########
 

  1. Copy and paste FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014
Ran by Owner (administrator) on OWNER-A18C7AA1D on 13-04-2014 15:44:42
Running from C:\Documents and Settings\Owner\desktop\Support Programs\FRST
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Apache Software Foundation) C:\Documents and Settings\Owner\My Documents\WEBSITE\Mobile\XAMPP\apache\bin\httpd.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(FileZilla Project) C:\Documents and Settings\Owner\My Documents\WEBSITE\Mobile\XAMPP\filezillaftp\filezillaserver.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Documents and Settings\Owner\My Documents\WEBSITE\Mobile\XAMPP\mysql\bin\mysqld.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apache Software Foundation) C:\Documents and Settings\Owner\My Documents\WEBSITE\Mobile\XAMPP\apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
(GuideTrade LLC) E:\Documents\Website\LeadFinderJack\ConnectingJack.exe
(Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-05] (RealNetworks, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-1177238915-261903793-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2010-09-30] (Google Inc.)
HKU\S-1-5-21-1177238915-261903793-725345543-1003\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1177238915-261903793-725345543-1003\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2014-02-03] (Siber Systems)
HKU\S-1-5-21-1177238915-261903793-725345543-1003\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 4\StartupManager.exe [37152 2014-04-01] (Glarysoft Ltd)
HKU\S-1-5-21-1177238915-261903793-725345543-1003\...\Run: [ConnectingJack] => E:\Documents\Website\LeadFinderJack\ConnectingJack.exe [194560 2014-03-21] (GuideTrade LLC)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {197C20BA-686F-4E4D-82A1-44FE293495E5} URL = http://www.cnet.com/4244-5_1-0.html?query={searchTerms}&tag=srch&target=nw
SearchScopes: HKCU - {D539E144-734D-4980-B2C0-907613ED8556} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {EC35FDDA-C370-4A09-B30D-DA5E891D7794} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - &RoboForm - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281
FF Homepage: https://accounts.google.com/ServiceLogin?service=oz&passive=1209600&continue=https://plus.google.com/?gpsrc%3Dgplp0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @UtilityChest_49.com/Plugin - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: WordOv - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\exjzanej@rsligfihubxtiyrwg.org [2013-11-02]
FF Extension: Pocket - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\isreaditlater@ideashower.com [2013-09-02]
FF Extension: LastPass - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\support@lastpass.com [2014-03-21]
FF Extension: SeoQuake - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-10-15]
FF Extension: ReminderFox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-02-11]
FF Extension: DownloadHelper - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Autofill Forms - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\autofillForms@blueimp.net.xpi [2013-09-01]
FF Extension: RankChecker - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\rankchecker@seobook.com.xpi [2013-07-11]
FF Extension: SEO For Firefox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\seo4firefox@seobook.com.xpi [2013-07-11]
FF Extension: Seo Toolbar - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\seotoolbar@seobook.com.xpi [2013-07-11]
FF Extension: socialmonkee - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\sm@submitter.net.xpi [2013-11-23]
FF Extension: WiseStamp - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\wisestamp@wisestamp.com.xpi [2013-09-01]
FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\exjzanej@rsligfihubxtiyrwg.org [2014-04-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-04-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: AI Roboform Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-02-03]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com.mx/
CHR Extension: (Mobile Website Builder) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\afjlicpdajmlidgbgjibklaahmfjmjog [2013-11-04]
CHR Extension: (SimplyCast SMS Marketing) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aikcgicjpbkoghdolchlamglbcmpogoc [2013-11-04]
CHR Extension: (Xmarks Bookmark Sync) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-02-08]
CHR Extension: (Uberflip) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amkplagjgodcjhobcbblkjhngfdgacgo [2013-11-04]
CHR Extension: (Mobile & Tablet Emulator) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aoncepgjhkfeapbalkebdoiialgofpan [2014-03-08]
CHR Extension: (MindMeister) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2013-11-04]
CHR Extension: (Get Me On Page 1) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdeohghenkjdnfcbphagfnckkmbebega [2013-11-04]
CHR Extension: (iPad Simulator) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2013-11-04]
CHR Extension: (Less Annoying CRM) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjiddacoabcloecailojkglecpliblik [2013-11-04]
CHR Extension: (WinWeb Contractors) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjpghhkhpcmhnpneagpemdpikanfdnmi [2013-11-04]
CHR Extension: (newsletter.ie) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmbaajgphfaboknnopdocdnjafojafki [2013-11-04]
CHR Extension: (Max Capacity Training) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpnmgihbpgolnjcciglbhklaabhkogin [2013-11-04]
CHR Extension: (UNITY Mobile Websites) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djmhcnaclgamnihgioaciekfkbkeeelm [2013-11-04]
CHR Extension: (Proto.io) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\egkfpedhmbnghpjkccfalikkmgooboln [2013-11-04]
CHR Extension: (SEO SERP Workbench) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2013-11-04]
CHR Extension: (MindMap) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdaeohpmcenmffofpikllphdhlkkocfa [2013-11-04]
CHR Extension: (LogMyCalls) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gnnnninjnjjknlmcikbngchbenobhmde [2013-11-04]
CHR Extension: (EWC Presenter) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdginhbdpekijhadlcniofmnmpbgdkjd [2013-11-04]
CHR Extension: (Appbistro) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdmmecmjfadcndffmnakmadeonpddgon [2013-11-04]
CHR Extension: (FreshBooks) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjbblejpnpdjplgcpfkaacnifipgejjm [2013-11-04]
CHR Extension: (Realtimeboard for Education) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgbminfdblackehpaaiemmkceciacpke [2013-11-04]
CHR Extension: (Free SEO Deal of the Week) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgnekndlomccgljphjjcmhgmbbbeeklm [2013-11-04]
CHR Extension: (Google Forms) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2013-11-04]
CHR Extension: (Feedback Sign) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjailcbiomnhcnlnakkkppcnnheimmom [2013-11-04]
CHR Extension: (Kontest) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kaffngbijbbghifpjmdagblgadkephpa [2013-11-04]
CHR Extension: (Grammarly Lite - Smart Spellchecker) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2013-11-04]
CHR Extension: (800mobileapps) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lehnfcbfdnpnlkijgnmfaalmmclehaok [2013-11-04]
CHR Extension: (Simplebooklet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lhfhnhfkmicpmbafobnpegjhaihjinph [2013-11-04]
CHR Extension: (Drum web meetings) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkkmpdfaablfchmmnlophhogecfgcgii [2013-11-04]
CHR Extension: (CHROMIFIED Google Translate [BBmod]) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mddinjaeleehccjagphnmkcjafhidhmc [2013-11-04]
CHR Extension: (QR Code Generator) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nanmadekhdoofgmhichkcjlgiofmofbl [2013-11-04]
CHR Extension: (Mobile App Maker) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhfejclehdjkifklomhfgjobieidomhb [2013-11-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR Extension: (Wunderlist for Chrome) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2013-11-04]
CHR Extension: (BMI Calculator) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ooeflcfkahgdppkccmlacmjedohiclki [2013-11-04]
CHR Extension: (Mobile app builder) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oofakfnadenbcfgnhbbnjlijggdnopmi [2013-11-04]
CHR HKLM\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files\mystarttb\chrome-newtab-search.crx [2013-11-04]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2011-10-10]
CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 Apache2.2; C:\Documents and Settings\Owner\My Documents\WEBSITE\Mobile\XAMPP\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 FileZilla Server; C:\Documents and Settings\Owner\My Documents\WEBSITE\Mobile\XAMPP\filezillaftp\filezillaserver.exe [630272 2011-06-07] (FileZilla Project)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [285184 2001-01-23] (Lexmark International, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 mysql; C:\Documents and Settings\Owner\My Documents\WEBSITE\Mobile\XAMPP\mysql\bin\mysqld.exe [8158720 2011-09-09] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
S2 BBUpdate; No ImagePath

==================== Drivers (Whitelisted) ====================

R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
R0 BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [14784 2014-03-31] (Glarysoft Ltd)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2013-05-07] (Windows ® Win 7 DDK provider)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 ManyCam; C:\WINDOWS\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\WINDOWS\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 PD0620VID; C:\WINDOWS\System32\DRIVERS\P0620Vid.sys [91577 2004-07-29] (Creative Technology Ltd.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-04-08] (StdLib)
S1 edrgejcj; \??\C:\WINDOWS\system32\drivers\edrgejcj.sys [X]
S3 GEARAspiWDM; No ImagePath
S1 kqkiitqy; \??\C:\WINDOWS\system32\drivers\kqkiitqy.sys [X]
S1 lqjfonfy; \??\C:\WINDOWS\system32\drivers\lqjfonfy.sys [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S4 s24trans; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr;
S3 UIUSys; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 15:43 - 2014-04-13 15:44 - 00000000 ___DC () C:\FRST
2014-04-13 14:01 - 2014-04-13 14:01 - 00000949 _____ () C:\Documents and Settings\Owner\desktop\Continue CCleaner Free Download Installation.lnk
2014-04-12 18:49 - 2014-04-13 12:08 - 00012783 _____ () C:\Documents and Settings\Owner\debug.log
2014-04-12 18:34 - 2014-04-13 02:31 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\ConnectingJack
2014-04-12 18:34 - 2014-04-12 18:47 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Jack
2014-04-11 13:56 - 2014-04-11 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-10 22:05 - 2014-04-10 22:05 - 00000934 _____ () C:\Documents and Settings\Owner\desktop\Continue Adobe Reader Free Download Installation.lnk
2014-04-10 20:54 - 2014-04-10 20:54 - 00000696 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
2014-04-10 20:53 - 2014-04-10 20:54 - 00000000 ____D () C:\Program Files\Market Samurai
2014-04-08 22:49 - 2014-04-08 22:49 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys
2014-04-08 21:26 - 2014-04-13 15:33 - 00000394 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-04-08 21:26 - 2014-04-13 15:33 - 00000386 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2014-04-08 21:26 - 2014-04-12 21:28 - 00000450 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2014-04-08 21:26 - 2014-04-08 21:26 - 00000778 _____ () C:\Documents and Settings\All Users\Start Menu\FinalMediaPlayer.lnk
2014-04-08 21:17 - 2014-04-08 21:17 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\cache
2014-04-08 21:17 - 2014-04-08 21:17 - 00000000 ____D () C:\Documents and Settings\Owner\.android
2014-04-08 21:17 - 2014-04-08 21:17 - 00000000 _____ () C:\Documents and Settings\Owner\daemonprocess.txt
2014-04-06 21:12 - 2014-04-06 21:13 - 00000972 _____ () C:\Documents and Settings\Owner\desktop\WalkAnalyst..lnk
2014-04-05 21:41 - 2014-04-05 21:41 - 00000581 _____ () C:\Documents and Settings\Owner\desktop\Shortcut to Prospect Websites.lnk
2014-04-05 17:17 - 2014-04-13 15:39 - 00035071 _____ () C:\WINDOWS\system32\RegFile3.txt
2014-04-05 13:11 - 2014-04-05 13:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-05 13:09 - 2014-04-05 13:09 - 00000724 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-04-05 13:00 - 2014-04-13 14:11 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 12:53 - 2014-04-13 15:34 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1177238915-261903793-725345543-1003.job
2014-04-05 12:53 - 2014-04-13 15:33 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1177238915-261903793-725345543-1003.job
2014-04-05 12:53 - 2014-04-05 12:53 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\RealNetworks
2014-04-05 12:51 - 2014-04-05 12:51 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-04-05 12:51 - 2014-04-05 12:51 - 00000000 ____D () C:\Program Files\RealNetworks
2014-04-05 12:50 - 2014-04-05 12:50 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\rmoc3260.dll
2014-04-05 12:50 - 2014-04-05 12:50 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-04-05 12:49 - 2014-04-05 12:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
2014-04-05 12:49 - 2014-04-05 12:49 - 00272896 _____ (Progressive Networks) C:\WINDOWS\system32\pncrt.dll
2014-04-05 12:49 - 2014-04-05 12:49 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\pndx5016.dll
2014-04-05 12:49 - 2014-04-05 12:49 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\pndx5032.dll
2014-04-05 12:40 - 2014-04-05 13:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-05 12:40 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-05 12:33 - 2014-04-05 12:33 - 00001663 _____ () C:\Documents and Settings\All Users\desktop\FileZilla Client.lnk
2014-04-05 12:12 - 2014-04-01 03:04 - 00101664 _____ (Glarysoft Ltd) C:\WINDOWS\system32\BootDefrag.exe
2014-04-05 12:12 - 2014-03-31 02:33 - 00014784 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\BootDefragDriver.sys
2014-04-03 21:58 - 2014-04-03 21:58 - 00000218 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
2014-04-01 07:26 - 2014-04-01 07:26 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\DropboxMaster
2014-03-18 22:32 - 2014-03-23 15:07 - 00000000 ____D () C:\Program Files\AVS4YOU

==================== One Month Modified Files and Folders =======

2014-04-13 15:44 - 2014-04-13 15:43 - 00000000 ___DC () C:\FRST
2014-04-13 15:43 - 2010-09-30 03:37 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-261903793-725345543-1003UA.job
2014-04-13 15:39 - 2014-04-05 17:17 - 00035071 _____ () C:\WINDOWS\system32\RegFile3.txt
2014-04-13 15:37 - 2013-05-18 22:06 - 00000000 ___RD () C:\Documents and Settings\Owner\My Documents\Dropbox
2014-04-13 15:37 - 2011-02-15 13:40 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
2014-04-13 15:35 - 2013-11-23 17:46 - 00000320 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job
2014-04-13 15:35 - 2013-11-23 17:46 - 00000000 ____D () C:\Program Files\Glary Utilities 4
2014-04-13 15:34 - 2014-04-05 12:53 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1177238915-261903793-725345543-1003.job
2014-04-13 15:33 - 2014-04-08 21:26 - 00000394 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-04-13 15:33 - 2014-04-08 21:26 - 00000386 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2014-04-13 15:33 - 2014-04-05 12:53 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1177238915-261903793-725345543-1003.job
2014-04-13 15:33 - 2013-01-29 22:03 - 00000282 _____ () C:\WINDOWS\Tasks\Go for FilesUpdate.job
2014-04-13 15:33 - 2011-05-08 19:25 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-261903793-725345543-1003.job
2014-04-13 15:33 - 2010-05-15 18:07 - 01996645 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-13 15:32 - 2010-05-15 18:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-13 15:32 - 2010-05-15 12:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-13 15:32 - 2010-05-15 12:47 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-13 15:28 - 2013-08-10 07:37 - 00032448 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-13 15:28 - 2013-03-09 11:20 - 01582118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-261903793-725345543-1003-0.dat
2014-04-13 15:28 - 2013-03-07 21:44 - 00401542 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-13 15:28 - 2010-10-19 17:50 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2014-04-13 15:28 - 2010-05-15 18:15 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-04-13 15:25 - 2013-11-03 18:19 - 00000000 ___DC () C:\AdwCleaner
2014-04-13 15:22 - 2012-10-20 02:25 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-13 14:54 - 2014-02-03 20:07 - 00000514 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1177238915-261903793-725345543-1003.job
2014-04-13 14:51 - 2010-06-09 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2014-04-13 14:11 - 2014-04-05 13:00 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 14:01 - 2014-04-13 14:01 - 00000949 _____ () C:\Documents and Settings\Owner\desktop\Continue CCleaner Free Download Installation.lnk
2014-04-13 13:51 - 2014-02-17 22:04 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\LastPass
2014-04-13 12:08 - 2014-04-12 18:49 - 00012783 _____ () C:\Documents and Settings\Owner\debug.log
2014-04-13 12:07 - 2010-05-17 07:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-13 08:02 - 2012-01-23 12:46 - 00015884 _____ () C:\WINDOWS\Website.VUE
2014-04-13 02:31 - 2014-04-12 18:34 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\ConnectingJack
2014-04-12 21:28 - 2014-04-08 21:26 - 00000450 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2014-04-12 19:31 - 2013-02-16 17:32 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\inkscape
2014-04-12 19:24 - 2010-05-15 18:15 - 00000000 ____D () C:\Documents and Settings\Owner
2014-04-12 18:47 - 2014-04-12 18:34 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Jack
2014-04-12 18:39 - 2010-12-14 03:44 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-04-12 18:36 - 2013-08-17 18:02 - 00000000 ____D () C:\Program Files\Common Files\Leenders Shared
2014-04-12 18:34 - 2014-02-02 11:16 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\LeadFinder
2014-04-12 11:42 - 2013-07-12 18:55 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-261903793-725345543-1003Core1ce7f5b3ceac676.job
2014-04-12 08:55 - 2004-08-04 05:00 - 00000849 _____ () C:\WINDOWS\win.ini
2014-04-12 08:42 - 2012-04-25 06:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-11 14:02 - 2014-04-11 13:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-10 22:05 - 2014-04-10 22:05 - 00000934 _____ () C:\Documents and Settings\Owner\desktop\Continue Adobe Reader Free Download Installation.lnk
2014-04-10 20:54 - 2014-04-10 20:54 - 00000696 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
2014-04-10 20:54 - 2014-04-10 20:53 - 00000000 ____D () C:\Program Files\Market Samurai
2014-04-09 22:24 - 2013-08-16 22:24 - 00000284 _____ () C:\WINDOWS\Tasks\WinZipDriverUpdater_UPDATES.job
2014-04-08 22:54 - 2013-11-04 01:30 - 00000000 ____D () C:\Documents and Settings\Owner\desktop\Edit Tools
2014-04-08 22:54 - 2013-04-16 21:07 - 00000000 ____D () C:\Documents and Settings\Owner\desktop\Progam Shortcuts
2014-04-08 22:53 - 2013-11-04 01:28 - 00000000 ____D () C:\Documents and Settings\Owner\desktop\Lead Tools
2014-04-08 22:53 - 2012-01-24 19:27 - 00000000 ____D () C:\Documents and Settings\Owner\desktop\Video Tools
2014-04-08 22:49 - 2014-04-08 22:49 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys
2014-04-08 22:49 - 2010-05-15 18:13 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-08 21:28 - 2010-05-15 18:13 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-08 21:26 - 2014-04-08 21:26 - 00000778 _____ () C:\Documents and Settings\All Users\Start Menu\FinalMediaPlayer.lnk
2014-04-08 21:17 - 2014-04-08 21:17 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\cache
2014-04-08 21:17 - 2014-04-08 21:17 - 00000000 ____D () C:\Documents and Settings\Owner\.android
2014-04-08 21:17 - 2014-04-08 21:17 - 00000000 _____ () C:\Documents and Settings\Owner\daemonprocess.txt
2014-04-08 21:01 - 2010-09-30 03:40 - 00002284 _____ () C:\Documents and Settings\Owner\desktop\Google Chrome.lnk
2014-04-08 01:02 - 2010-08-18 03:09 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-261903793-725345543-1003.job
2014-04-07 19:22 - 2010-08-05 13:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WalkAide Patient Data
2014-04-07 07:45 - 2010-05-15 12:45 - 00793948 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-07 07:18 - 2012-12-19 22:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-06 21:13 - 2014-04-06 21:12 - 00000972 _____ () C:\Documents and Settings\Owner\desktop\WalkAnalyst..lnk
2014-04-06 19:15 - 2011-02-19 16:24 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Paint.NET
2014-04-06 18:53 - 2010-06-13 22:06 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\FileZilla
2014-04-05 21:41 - 2014-04-05 21:41 - 00000581 _____ () C:\Documents and Settings\Owner\desktop\Shortcut to Prospect Websites.lnk
2014-04-05 18:22 - 2011-10-12 03:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-04-05 17:01 - 2013-11-03 22:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-05 13:11 - 2014-04-05 13:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-05 13:11 - 2014-04-05 12:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-05 13:09 - 2014-04-05 13:09 - 00000724 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-04-05 13:09 - 2011-04-01 15:00 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-05 12:53 - 2014-04-05 12:53 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\RealNetworks
2014-04-05 12:52 - 2010-05-15 20:49 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Real
2014-04-05 12:51 - 2014-04-05 12:51 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-04-05 12:51 - 2014-04-05 12:51 - 00000000 ____D () C:\Program Files\RealNetworks
2014-04-05 12:51 - 2014-04-05 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
2014-04-05 12:51 - 2011-06-02 19:58 - 00000000 ____D () C:\Program Files\real
2014-04-05 12:50 - 2014-04-05 12:50 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\rmoc3260.dll
2014-04-05 12:50 - 2014-04-05 12:50 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-04-05 12:50 - 2010-05-15 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-04-05 12:49 - 2014-04-05 12:49 - 00272896 _____ (Progressive Networks) C:\WINDOWS\system32\pncrt.dll
2014-04-05 12:49 - 2014-04-05 12:49 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\pndx5016.dll
2014-04-05 12:49 - 2014-04-05 12:49 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\pndx5032.dll
2014-04-05 12:40 - 2011-03-20 16:13 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Malwarebytes
2014-04-05 12:40 - 2011-03-20 16:12 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-05 12:36 - 2013-05-18 21:58 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2014-04-05 12:33 - 2014-04-05 12:33 - 00001663 _____ () C:\Documents and Settings\All Users\desktop\FileZilla Client.lnk
2014-04-05 12:33 - 2011-10-08 23:38 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-04-05 12:33 - 2010-05-16 12:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
2014-04-05 12:32 - 2012-06-01 12:04 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-05 12:32 - 2011-05-13 21:00 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-05 12:31 - 2013-05-18 21:59 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-05 12:17 - 2014-01-10 23:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PIXresizer
2014-04-05 12:17 - 2013-12-25 16:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Zint Bar  Code
2014-04-05 12:17 - 2013-12-01 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ManyCam
2014-04-05 12:17 - 2013-03-02 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeMind
2014-04-05 12:17 - 2013-02-23 03:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Little Red Snapper v1.0
2014-04-05 12:17 - 2012-11-10 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WOW Slider
2014-04-05 12:17 - 2012-07-17 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spinner Pro Writer
2014-04-05 12:17 - 2012-06-28 16:57 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\XMind
2014-04-05 12:17 - 2011-08-01 23:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Artisteer 3
2014-04-05 12:17 - 2011-03-21 10:16 - 00000000 ___SD () C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
2014-04-05 12:17 - 2010-08-12 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KompoZer
2014-04-05 12:17 - 2010-06-06 16:26 - 00000000 ___HD () C:\Documents and Settings\Owner\Start Menu\Programs\Startup-Disabled
2014-04-05 12:12 - 2013-11-23 17:46 - 00000761 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 4.lnk
2014-04-04 22:53 - 2010-06-06 23:33 - 00128512 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-03 21:58 - 2014-04-03 21:58 - 00000218 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
2014-04-03 09:51 - 2014-04-05 12:40 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2011-03-20 16:12 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-01 07:26 - 2014-04-01 07:26 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\DropboxMaster
2014-04-01 03:04 - 2014-04-05 12:12 - 00101664 _____ (Glarysoft Ltd) C:\WINDOWS\system32\BootDefrag.exe
2014-03-31 02:33 - 2014-04-05 12:12 - 00014784 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\BootDefragDriver.sys
2014-03-24 22:20 - 2013-11-09 21:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-23 15:07 - 2014-03-18 22:32 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-03-23 15:07 - 2011-10-28 12:56 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\AVS4YOU
2014-03-23 15:07 - 2011-10-28 12:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
2014-03-23 13:31 - 2014-03-05 22:20 - 00000821 _____ () C:\Documents and Settings\All Users\desktop\slf.lnk
2014-03-23 13:31 - 2013-04-23 21:48 - 00000821 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\slf.lnk
2014-03-15 13:35 - 2013-12-21 19:10 - 00000000 ____D () C:\Program Files\Lame For Audacity

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\AdobeUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\CCleanerUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0qfa76.dll
C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall_AdobeUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall_CCleanerUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

  1. Attach Addition.txt    Done 

 

Thank you for follow up I will now go and test my email account to see if the bug is gone

Attached Files


Edited by McAllenMobile, 13 April 2014 - 04:43 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:24 AM

Posted 14 April 2014 - 07:37 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -  No File
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @UtilityChest_49.com/Plugin - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Extension: WordOv - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\exjzanej@rsligfihubxtiyrwg.org [2013-11-02]
FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\exjzanej@rsligfihubxtiyrwg.org [2014-04-11]
CHR HKLM\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files\mystarttb\chrome-newtab-search.crx [2013-11-04]
CHR HKLM\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2011-10-10]
CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 BBUpdate; No ImagePath
S1 edrgejcj; \??\C:\WINDOWS\system32\drivers\edrgejcj.sys [X]
S3 GEARAspiWDM; No ImagePath
S1 kqkiitqy; \??\C:\WINDOWS\system32\drivers\kqkiitqy.sys [X]
S1 lqjfonfy; \??\C:\WINDOWS\system32\drivers\lqjfonfy.sys [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S4 s24trans; No ImagePath
U3 TlntSvr;
S3 UIUSys; No ImagePath
U1 WS2IFSL;
C:\Documents and Settings\Owner\Local Settings\Temp\AdobeUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\CCleanerUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0qfa76.dll
C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall_AdobeUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall_CCleanerUpdateSetup.exe

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer to reset the registry.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know of any remaining issues.

#6 TonyinTexas

TonyinTexas
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 15 April 2014 - 07:57 PM

Following described steps This post shows the fixlog.txt

Then I will rebootto change registry theen do security action and post checkup

in next post 

 

Post from FIXLOG.txt  START _______________________________________________

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by Owner at 2014-04-15 19:49:32 Run:1
Running from C:\Documents and Settings\Owner\desktop\Support Programs\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -  No File
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @UtilityChest_49.com/Plugin - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Extension: WordOv - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\exjzanej@rsligfihubxtiyrwg.org [2013-11-02]
FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\exjzanej@rsligfihubxtiyrwg.org [2014-04-11]
CHR HKLM\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files\mystarttb\chrome-newtab-search.crx [2013-11-04]
CHR HKLM\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2011-10-10]
CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 BBUpdate; No ImagePath
S1 edrgejcj; \??\C:\WINDOWS\system32\drivers\edrgejcj.sys [X]
S3 GEARAspiWDM; No ImagePath
S1 kqkiitqy; \??\C:\WINDOWS\system32\drivers\kqkiitqy.sys [X]
S1 lqjfonfy; \??\C:\WINDOWS\system32\drivers\lqjfonfy.sys [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S4 s24trans; No ImagePath
U3 TlntSvr;
S3 UIUSys; No ImagePath
U1 WS2IFSL;
C:\Documents and Settings\Owner\Local Settings\Temp\AdobeUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\CCleanerUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0qfa76.dll
C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall_AdobeUpdateSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall_CCleanerUpdateSetup.exe

End
*****************

Default URLSearchHook was restored successfully .
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Value deleted successfully.
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Key not found.
HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0 => Key deleted successfully.
C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll not found.
HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin => Key deleted successfully.
C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll not found.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tq350ajy.default-1359594411281\Extensions\exjzanej@rsligfihubxtiyrwg.org => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\exjzanej@rsligfihubxtiyrwg.org => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh => Key deleted successfully.
"C:\Program Files\mystarttb\chrome-newtab-search.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle => Key deleted successfully.
"C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle => Key deleted successfully.
"C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
BBUpdate => Service deleted successfully.
edrgejcj => Service deleted successfully.
GEARAspiWDM => Service deleted successfully.
kqkiitqy => Service deleted successfully.
lqjfonfy => Service deleted successfully.
PxHelp20 => Service deleted successfully.
s24trans => Service deleted successfully.
TlntSvr => Service deleted successfully.
UIUSys => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\AdobeUpdateSetup.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\CCleanerUpdateSetup.exe => Moved successfully.
"C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0qfa76.dll" => File/Directory not found.
C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall_AdobeUpdateSetup.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall_CCleanerUpdateSetup.exe => Moved successfully.

==== End of Fixlog ====   ++++++++++++++++++++++++++++++++++++++++++++++++++++

 

going for security step now



#7 TonyinTexas

TonyinTexas
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 15 April 2014 - 08:27 PM

Reboot completed

Results of security check

checkup.txt  START  _______________________________________________

 

 Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player     13.0.0.182  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (29.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

End checkup log ____________________________________________________________

 

 

 

The redirect on my emails persists nothing changed there . I a mcertain these steps taken are a huge benefit so I thank you however I do want to resolve the email annoyance

 

will follow up with any other steps needed



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:24 AM

Posted 16 April 2014 - 08:08 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>


Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Restart the computer normally.
===

If the redirects are still with you let me know what program you use for your e-mail service.

#9 TonyinTexas

TonyinTexas
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 16 April 2014 - 06:43 PM

Postig Results.txt from Mini Toolbox now then rebooting to evaluate if email problem  remains

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Owner (administrator) on 16-04-2014 at 18:31:18
Running from "C:\Documents and Settings\Owner\desktop\Support Programs"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
188.64.190.118 clicks.aweber.com
188.64.190.118 main.exoclick.com
188.64.190.118 www.ininbox.com
188.64.190.118 click.icptrack.com
188.64.190.118 untappedresults.ontraport.net
188.64.190.118 amviplink.ontraport.net
188.64.190.118 lurnmail.com
188.64.190.118 www.lurnmail.com
188.64.190.118 gvomail.com
188.64.190.118 www.gvomail.com

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Disconnected)
Dell Wireless 1370 WLAN Mini-PCI Card = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : owner-a18c7aa1d

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : Yes



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card

        Physical Address. . . . . . . . . : 00-14-A5-CB-EC-C9

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 209.18.47.61

                                            209.18.47.62

        Lease Obtained. . . . . . . . . . : Wednesday, April 16, 2014 6:24:32 PM

        Lease Expires . . . . . . . . . . : Wednesday, April 16, 2014 7:24:32 PM

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  74.125.225.226, 74.125.225.227, 74.125.225.228, 74.125.225.229
      74.125.225.230, 74.125.225.231, 74.125.225.232, 74.125.225.233, 74.125.225.238
      74.125.225.224, 74.125.225.225



Pinging google.com [173.194.115.37] with 32 bytes of data:



Reply from 173.194.115.37: bytes=32 time=30ms TTL=54

Reply from 173.194.115.37: bytes=32 time=27ms TTL=54



Ping statistics for 173.194.115.37:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 27ms, Maximum = 30ms, Average = 28ms

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=152ms TTL=47

Reply from 206.190.36.45: bytes=32 time=80ms TTL=47



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 80ms, Maximum = 152ms, Average = 116ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 a5 cb ec c9 ...... Dell Wireless 1370 WLAN Mini-PCI Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.2      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.255.0      192.168.0.2     192.168.0.2      25
      192.168.0.2  255.255.255.255        127.0.0.1       127.0.0.1      25
    192.168.0.255  255.255.255.255      192.168.0.2     192.168.0.2      25
        224.0.0.0        240.0.0.0      192.168.0.2     192.168.0.2      25
  255.255.255.255  255.255.255.255      192.168.0.2     192.168.0.2      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/13/2014 01:19:37 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/10/2014 10:07:09 PM) (Source: Application Error) (User: )
Description: Faulting application adobeupdatesetup.exe, version 0.0.0.0, faulting module icc.dll, version 0.0.0.0, fault address 0x00029ecc.
Processing media-specific event for [adobeupdatesetup.exe!ws!]

Error: (04/08/2014 09:42:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (04/05/2014 06:42:28 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 29.0.0.5203, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2014 05:11:04 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.9.22, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2014 05:11:04 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.9.22, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 10:55:12 PM) (Source: Application Hang) (User: )
Description: Hanging application mplayerc.exe, version 6.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 08:35:33 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6665.5003, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/27/2014 03:36:54 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10401.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/16/2014 08:22:39 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (04/16/2014 06:31:30 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:29 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:29 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:28 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:28 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:26 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:25 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:25 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:24 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (04/16/2014 06:31:23 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (10/31/2013 00:25:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: , Microsoft Office Version: 12.0.6425.1000. This session lasted 139415 seconds with 3660 seconds of active time.  This session ended with a crash.

Error: (06/22/2013 02:38:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: ???A???????????????12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35712 seconds with 300 seconds of active time.  This session ended with a crash.


**** End of log ****

 

 

Thnk you for following up with me



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:24 AM

Posted 17 April 2014 - 08:32 AM

Your Hosts file was compromised and must be reset back to the default.
How To:
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.

Keep me posted.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:24 AM

Posted 23 April 2014 - 08:07 AM

Are you still with me?

#12 TonyinTexas

TonyinTexas
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 24 April 2014 - 07:59 PM

A genuine heartfelt thank you for walking me through getting my laptop machine back in shape and helping with my redirect concern with m gmail account.

 

The gmail works as it should. I learned my machine needed several updates and I know I am in the waning days of XP.  Will be time to get a new machine soon.

 

Thank you thank you thank you  I will be happy to recommed this community t oanyone who needs help like I do



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:24 AM

Posted 25 April 2014 - 08:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users