Jump to content

search engines redirecting me


Recommended Posts

A coworker downloaded something onto my computer when I was out sick. I did a system restore and thought I had handled the problem. Now when I search through google or bing I get redirected to random pages when I click on the search results. I have tried CA's Total Defense Security, Malwarebytes Anti-Malware and Microsoft's Malicious Software Removal Tool. The first two found problems that were quarantined or removed. The last one found nothing. I'm still being redirected. Everything I've read when I searched out solutions makes me a little leery. I don't want to go messing about in my computer and screw things up worse!

I downloaded DDS and have attached the two reports. Help!

dds.txt

attach.txt

Link to post
Share on other sites

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!!

----------

TDSK.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

Hi,

Before we continue, you mentioned and I see that you have CA Antivirus on your system? Unfortunately, CA will interfere with some of our tools. Please uninstall all CA products that are on your system until we are finished. Then you can reinstall it if you like.

Once you get this finished, run a new scan with DDS and post the new logs. :)

Link to post
Share on other sites

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

----------

Link to post
Share on other sites

Solved the McAfee problem with the McAfee Consumer Product Removal Tool and was able to run ComboFix. I've attached the log.

Also, when I went looking for the log file, I noticed over a dozen folders in the C directory that have very long but random alpha-numeric names. Most contain folders with four digit file names and some have a "Windows Installer Patch". Are they supposed to be there? Can I delete these folders or are they necessary for programs or system files?

ComboFix.txt

Link to post
Share on other sites

No don't delete anything. Let me see what is there and I will let you know what to remove. :)

adwcleaner.jpgAdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

----------

Link to post
Share on other sites

Hi,

Sorry for any delays....I have been in the middle of remodeling.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    Firefox::
    FF - ProfilePath - c:\documents and settings\Maria\Application Data\Mozilla\Firefox\Profiles\dqqfnfkq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=16148
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BCPA&o=16145&locale=en_US&apn_uid=AE16CA13-B1D4-4D8D-A795-C4A7A2D9E17D&apn_ptnrs=%5EQK&apn_sauid=E681B9D1-8FF8-411A-AD06-C88F1C7D0722&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
    File::
    c:\program files\Viewpoint\Common\ViewpointService.exe
    Folder::
    c:\program files\Ask.com
    c:\documents and settings\Maria\Local Settings\Application Data\AskToolbar
    Driver::
    Viewpoint Manager Service
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running. :)

Link to post
Share on other sites

I'm seeing this box pop up frequently. I had noticed it in the past, but I've seen it at least a dozen times already today. I don't know if its related, but I figured that more information can't hurt.

wmiprvse.exe - Application Error

The instruction at "0x7c970cce" referenced memory at "0x00690054". The memory could not be "read".

Click on OK to terminate the program

Click on CANCEL to debug the program

Link to post
Share on other sites

OTL.jpgOTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

I wasn't able to run OTL by right-clicking and running as administrator (it came up with a logon failure). But I was able to run it by double-clicking the icon. Here is the OTL.txt file...

OTL logfile created on: 1/22/2013 9:34:59 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Maria\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.13% Memory free

3.83 Gb Paging File | 3.57 Gb Available in Paging File | 93.30% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.45 Gb Total Space | 44.75 Gb Free Space | 60.10% Space Free | Partition Type: NTFS

Computer Name: VICTORIA | User Name: Maria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Maria\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe (j2 Global Communications, Inc.)

PRC - C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc)

PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Iap) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (mbr) -- C:\DOCUME~1\Maria\LOCALS~1\Temp\mbr.sys File not found

DRV - (lbrtfdc) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (ASPI32) -- File not found

DRV - (dot4ufd) -- C:\WINDOWS\system32\drivers\Hppaufd0.sys (HP)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)

DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)

DRV - (hpusbfd) -- C:\WINDOWS\system32\drivers\hpusbfd.sys (Hewlett-Packard Co.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=TB50TRie7

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{5218BFE6-3E81-4389-8285-AC992432A4A7}: "URL" = http://dictionary.reference.com/browse/{searchTerms}

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{582CCE25-DD42-407E-ACB8-FF62D9C88874}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{770895B3-5352-4644-B8DA-CF275A689109}: "URL" = http://www.goodsearch.com/Search.aspx?Keywords={searchTerms}

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{8d0fa4e8-1624-4b79-b414-ce5a968d007b}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=bu10aiminstabie7

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{9D05EB6A-A2D6-4DBF-AE34-7D62942C5355}: "URL" = http://isearch.igive.com/search.cfm?q={searchTerms}&s=25

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{AE11E80B-97C3-4A4C-8BC3-6D32461E7A70}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{BDBAEF67-6128-4251-8777-AD1B7B85CE13}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: caaphishtoolbar@ca.com:2.0.0.257

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 10:51:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/05 10:51:26 | 000,000,000 | ---D | M]

[2010/07/16 15:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maria\Application Data\Mozilla\Extensions

[2013/01/17 14:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maria\Application Data\Mozilla\Firefox\Profiles\dqqfnfkq.default\extensions

[2010/09/15 07:01:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maria\Application Data\Mozilla\Firefox\Profiles\dqqfnfkq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2004/08/04 04:00:00 | 000,004,813 | ---- | M] () (No name found) -- C:\Documents and Settings\Maria\Application Data\Mozilla\Firefox\Profiles\dqqfnfkq.default\extensions\urautolpbg@urautolpbg.org.xpi

[2011/11/09 09:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/11 07:37:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/11 07:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/03/10 16:35:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/06/10 15:14:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/11/09 09:10:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-PHISHING\TOOLBAR\FIREFOX

[2010/05/12 06:55:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://www.msn.com/

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.msn.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll

CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: Stripes JH Theme = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cimfpddjmmfmihldkmkacppmedkhjkbb\1.0_0\

CHR - Extension: Poppit = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2013/01/21 09:25:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.

O3 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.

O3 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)

O4 - HKLM..\Run: [eFax 4.2] C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe (j2 Global Communications, Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brownie\BrStsWnd.exe (brother)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)

O15 - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353090754832 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9758998-B6E6-445D-B98A-25576522FAED}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Maria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 09:31:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/01/22 09:23:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maria\Desktop\OTL.exe

[2013/01/17 11:20:49 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/01/17 10:56:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/01/17 10:56:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/01/17 10:56:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/01/17 10:56:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/01/17 10:42:33 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/17 10:42:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/01/17 10:41:06 | 005,024,380 | R--- | C] (Swearware) -- C:\Documents and Settings\Maria\Desktop\ComboFix.exe

[2013/01/15 13:52:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maria\Start Menu\Programs\Administrative Tools

[2013/01/15 10:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maria\Application Data\Malwarebytes

[2013/01/15 10:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/01/15 10:02:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/01/15 10:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/01/09 07:50:35 | 000,000,000 | ---D | C] -- C:\0800bc457c33fc8d72

[2013/01/07 15:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\RegWork

[2012/12/27 07:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/12/27 07:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/12/27 07:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/22 09:31:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/22 09:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maria\Desktop\OTL.exe

[2013/01/22 09:19:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3820657097-2025010634-1550845114-1006UA.job

[2013/01/22 09:12:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/22 09:05:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2013/01/22 08:44:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8C8AB2C5-432C-4F30-B37D-C7E9B9A7D59A}.job

[2013/01/21 19:19:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3820657097-2025010634-1550845114-1006Core.job

[2013/01/21 12:04:13 | 000,055,258 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\wklnhst.dat

[2013/01/21 10:12:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/21 09:25:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Brownie.ini

[2013/01/21 09:25:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/01/21 09:25:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/21 09:25:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/21 09:25:13 | 2137,141,248 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/21 09:14:54 | 005,024,380 | R--- | M] (Swearware) -- C:\Documents and Settings\Maria\Desktop\ComboFix.exe

[2013/01/18 10:07:01 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\Microsoft Office Word 2003.lnk

[2013/01/18 07:33:50 | 000,531,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/18 07:33:50 | 000,099,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/17 14:48:43 | 000,574,677 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\AdwCleaner.exe

[2013/01/17 11:20:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/01/17 10:23:32 | 000,345,100 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc

[2013/01/16 10:14:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/01/14 18:12:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/01/11 12:35:41 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2013/01/11 09:17:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\Google Chrome.lnk

[2013/01/09 07:45:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/01/04 10:15:24 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\Regatta.lnk

[2012/12/31 09:37:45 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\Fax.lnk

[2012/12/31 09:37:12 | 000,001,198 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\Letterhead.lnk

[2012/12/31 09:36:54 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\2013.lnk

[2012/12/31 09:36:20 | 000,000,997 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\Log 2013.lnk

[2012/12/31 09:34:57 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\2013.lnk

[2012/12/27 07:53:51 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 14:48:40 | 000,574,677 | ---- | C] () -- C:\Documents and Settings\Maria\Desktop\AdwCleaner.exe

[2013/01/17 11:20:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013/01/17 11:20:53 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/01/17 10:56:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/01/17 10:56:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/01/17 10:56:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/01/17 10:56:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/01/17 10:56:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/12/31 09:36:54 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Maria\Desktop\2013.lnk

[2012/12/31 09:35:21 | 000,000,997 | ---- | C] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\Log 2013.lnk

[2012/12/31 09:34:57 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\2013.lnk

[2012/12/27 07:53:51 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/07/11 02:05:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2012/02/15 03:06:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2009/12/31 10:25:11 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Maria\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/05 13:44:50 | 021,298,554 | ---- | C] () -- C:\Documents and Settings\Maria\Local Settings\Application Data\MicroCore.4.5.8056.1-ship-WD.V1.cab

[2006/08/23 09:36:20 | 000,055,258 | ---- | C] () -- C:\Documents and Settings\Maria\Application Data\wklnhst.dat

[2006/07/17 16:42:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Maria\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/27 07:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2009/06/18 11:50:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/05/14 09:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2006/07/17 14:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup

[2006/07/20 15:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2009/04/28 08:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2011/06/10 09:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint

[2008/03/06 15:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2010/11/29 07:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/30 07:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2008/03/26 08:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Aim

[2013/01/17 14:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Canon

[2010/05/26 15:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1

[2009/04/28 08:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\DriverCure

[2006/07/17 14:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\eFax Messenger

[2008/09/29 12:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\GamesCafe

[2009/03/13 16:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\GetRightToGo

[2011/06/27 11:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Leadertech

[2006/07/17 11:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\MSNInstaller

[2008/08/28 08:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Skinux

[2009/03/10 09:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Snapfish

[2006/09/22 10:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Template

[2009/10/07 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Vu360

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

And the Extras.Txt file...

OTL Extras logfile created on: 1/22/2013 9:34:59 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Maria\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.13% Memory free

3.83 Gb Paging File | 3.57 Gb Available in Paging File | 93.30% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.45 Gb Total Space | 44.75 Gb Free Space | 60.10% Space Free | Partition Type: NTFS

Computer Name: VICTORIA | User Name: Maria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3820657097-2025010634-1550845114-1006\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite

"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{0E9804E3-1D94-4D4A-A17D-19777FEF049D}" = Weather Add-in for Windows Live Toolbar

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 29

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{331C9768-BAD9-F31B-8DA2-0268D346C702}" = Times Reader

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7

"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006

"{85A52A89-81D8-4736-BF5D-032AC2CD61E5}" = eFax Messenger 4.2

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder

"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update

"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard

"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade

"{DFF157C5-0ED2-4B3C-832C-7A7FE7CA31D1}" = Brother HL-2170W

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2

"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Google Updater" = Google Updater

"HP Scanning Software" = HP PrecisionScan Pro and Utilities

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Macromedia Shockwave Player" = Macromedia Shockwave Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Money2006b" = Microsoft Money 2006

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MP Navigator 2.0" = Canon MP Navigator 2.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PictureItPrem_v11" = Microsoft Digital Image Standard 2006

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3820657097-2025010634-1550845114-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/9/2013 9:46:17 AM | Computer Name = VICTORIA | Source = Application Hang | ID = 1002

Description = Hanging application wuauclt.exe, version 7.6.7600.256, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/9/2013 9:46:19 AM | Computer Name = VICTORIA | Source = Application Hang | ID = 1001

Description = Fault bucket -1282250031.

Error - 1/9/2013 11:31:18 AM | Computer Name = VICTORIA | Source = UmxAgent | ID = 99

Description =

Error - 1/15/2013 8:50:07 AM | Computer Name = VICTORIA | Source = UmxAgent | ID = 99

Description =

Error - 1/15/2013 1:25:16 PM | Computer Name = VICTORIA | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 1/15/2013 1:25:16 PM | Computer Name = VICTORIA | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 1/15/2013 1:26:46 PM | Computer Name = VICTORIA | Source = UmxAgent | ID = 99

Description =

Error - 1/17/2013 11:17:26 AM | Computer Name = VICTORIA | Source = MsiInstaller | ID = 11704

Description = Product: HIPS 2 -- Error 1704.An installation for Microsoft .NET Framework

2.0 Service Pack 2 is currently suspended. You must undo the changes made by that

installation to continue. Do you want to undo those changes?

Error - 1/22/2013 10:28:25 AM | Computer Name = VICTORIA | Source = Application Hang | ID = 1002

Description = Hanging application mshta.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2013 10:28:27 AM | Computer Name = VICTORIA | Source = Application Hang | ID = 1001

Description = Fault bucket 1192450841.

[ System Events ]

Error - 1/9/2013 11:26:32 AM | Computer Name = VICTORIA | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x800706be: Security Update for Microsoft .NET Framework 2.0 SP2 on

Windows Server 2003 and Windows XP x86 (KB2742596).

Error - 1/9/2013 11:29:36 AM | Computer Name = VICTORIA | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 1/15/2013 4:19:26 AM | Computer Name = VICTORIA | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 1/15/2013 1:25:00 PM | Computer Name = VICTORIA | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 1/17/2013 11:25:15 AM | Computer Name = VICTORIA | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 1/17/2013 12:15:38 PM | Computer Name = VICTORIA | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 1/17/2013 12:30:58 PM | Computer Name = VICTORIA | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 1/17/2013 12:35:53 PM | Computer Name = VICTORIA | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.4 for the Network Card with network

address 00137283416F has been denied by the DHCP server 192.168.2.1 (The DHCP Server

sent a DHCPNACK message).

Error - 1/17/2013 3:51:05 PM | Computer Name = VICTORIA | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 1/21/2013 10:25:29 AM | Computer Name = VICTORIA | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

< End of report >

Link to post
Share on other sites

Hi,

Sorry for any delays...I had classes yesterday.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

----------

OTL.jpg Run OTL.exe

  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
    IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
    IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
    IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{770895B3-5352-4644-B8DA-CF275A689109}: "URL" = http://www.goodsearc...s={searchTerms}
    IE - HKU\S-1-5-21-3820657097-2025010634-1550845114-1006\..\SearchScopes\{BDBAEF67-6128-4251-8777-AD1B7B85CE13}: "URL" = http://www.ask.com/w...src=0&o=0&l=dir
    [2004/08/04 04:00:00 | 000,004,813 | ---- | M] () (No name found) -- C:\Documents and Settings\Maria\Application Data\Mozilla\Firefox\Profiles\dqqfnfkq.default\extensions\urautolpbg@urautolpbg.org.xpi
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2009/12/31 10:25:11 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Maria\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/13 16:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\GetRightToGo
    :Files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Post the logs made by OTL and Junkware Removal Tool to your next reply and let me know how your system is running. :)

Link to post
Share on other sites

I tried to run the Junkware Removal Tool, but it doesn't seem to work. After I clicked to continue, this is what appears in the window...

Creating a registry backup

Checking Startup

Checking Modules

'reg' is not recognized as an internal or external command,

operable program or batch file.

Checking Processes

Checking Services

Checking Files

Checking Folders

Checking Registry - Quick Scan

At that point, the window closes and then nothing else happens.

I did download and run ERUNT. And then followed your instructions about downloading and running OTL - first with the quoted materials and then a second time after that. Here's the text from the new OTL log...

OTL logfile created on: 1/24/2013 11:09:51 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Maria\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.15% Memory free

3.83 Gb Paging File | 3.50 Gb Available in Paging File | 91.45% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.45 Gb Total Space | 46.00 Gb Free Space | 61.78% Space Free | Partition Type: NTFS

Computer Name: VICTORIA | User Name: Maria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Maria\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe (j2 Global Communications, Inc.)

PRC - C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll ()

MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Iap) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (ASPI32) -- File not found

DRV - (dot4ufd) -- C:\WINDOWS\system32\drivers\Hppaufd0.sys (HP)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)

DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)

DRV - (hpusbfd) -- C:\WINDOWS\system32\drivers\hpusbfd.sys (Hewlett-Packard Co.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=TB50TRie7

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{5218BFE6-3E81-4389-8285-AC992432A4A7}: "URL" = http://dictionary.reference.com/browse/{searchTerms}

IE - HKCU\..\SearchScopes\{582CCE25-DD42-407E-ACB8-FF62D9C88874}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en

IE - HKCU\..\SearchScopes\{8d0fa4e8-1624-4b79-b414-ce5a968d007b}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=bu10aiminstabie7

IE - HKCU\..\SearchScopes\{9D05EB6A-A2D6-4DBF-AE34-7D62942C5355}: "URL" = http://isearch.igive.com/search.cfm?q={searchTerms}&s=25

IE - HKCU\..\SearchScopes\{AE11E80B-97C3-4A4C-8BC3-6D32461E7A70}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: caaphishtoolbar@ca.com:2.0.0.257

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 10:51:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/05 10:51:26 | 000,000,000 | ---D | M]

[2010/07/16 15:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maria\Application Data\Mozilla\Extensions

[2013/01/17 14:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maria\Application Data\Mozilla\Firefox\Profiles\dqqfnfkq.default\extensions

[2010/09/15 07:01:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maria\Application Data\Mozilla\Firefox\Profiles\dqqfnfkq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/11/09 09:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/11 07:37:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/11 07:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/03/10 16:35:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/06/10 15:14:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/11/09 09:10:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-PHISHING\TOOLBAR\FIREFOX

[2010/05/12 06:55:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://www.msn.com/

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.msn.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll

CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: Stripes JH Theme = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cimfpddjmmfmihldkmkacppmedkhjkbb\1.0_0\

CHR - Extension: Poppit = C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2013/01/21 09:25:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)

O4 - HKLM..\Run: [eFax 4.2] C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe (j2 Global Communications, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brownie\BrStsWnd.exe (brother)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: //@install.mar@ ([]msni in My Computer)

O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353090754832 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9758998-B6E6-445D-B98A-25576522FAED}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Maria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/24 11:04:01 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/01/24 11:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2013/01/24 09:45:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/01/24 09:44:31 | 000,000,000 | ---D | C] -- C:\JRT

[2013/01/24 09:34:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Maria\Desktop\erunt-setup.exe

[2013/01/24 09:26:55 | 000,499,147 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Maria\Desktop\JRT.exe

[2013/01/22 09:31:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/01/22 09:23:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maria\Desktop\OTL.exe

[2013/01/17 11:20:49 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/01/17 10:56:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/01/17 10:56:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/01/17 10:56:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/01/17 10:56:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/01/17 10:42:33 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/17 10:42:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/01/17 10:41:06 | 005,024,380 | R--- | C] (Swearware) -- C:\Documents and Settings\Maria\Desktop\ComboFix.exe

[2013/01/15 13:52:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maria\Start Menu\Programs\Administrative Tools

[2013/01/15 10:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maria\Application Data\Malwarebytes

[2013/01/15 10:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/01/15 10:02:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/01/15 10:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/01/09 07:50:35 | 000,000,000 | ---D | C] -- C:\0800bc457c33fc8d72

[2012/12/27 07:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/12/27 07:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/12/27 07:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2013/01/24 11:12:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/24 11:06:24 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Brownie.ini

[2013/01/24 11:06:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/24 11:05:28 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/24 11:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/24 11:05:23 | 2137,141,248 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/24 10:40:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8C8AB2C5-432C-4F30-B37D-C7E9B9A7D59A}.job

[2013/01/24 10:31:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/24 10:19:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3820657097-2025010634-1550845114-1006UA.job

[2013/01/24 10:17:22 | 000,047,028 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\JRT screenshot.JPG

[2013/01/24 10:05:01 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2013/01/24 09:34:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Maria\Desktop\erunt-setup.exe

[2013/01/24 09:27:35 | 000,499,147 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Maria\Desktop\JRT.exe

[2013/01/23 19:19:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3820657097-2025010634-1550845114-1006Core.job

[2013/01/23 10:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/01/22 12:03:38 | 000,055,266 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\wklnhst.dat

[2013/01/22 09:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maria\Desktop\OTL.exe

[2013/01/21 09:25:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/01/21 09:14:54 | 005,024,380 | R--- | M] (Swearware) -- C:\Documents and Settings\Maria\Desktop\ComboFix.exe

[2013/01/18 10:07:01 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\Microsoft Office Word 2003.lnk

[2013/01/18 07:33:50 | 000,531,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/18 07:33:50 | 000,099,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/17 14:48:43 | 000,574,677 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\AdwCleaner.exe

[2013/01/17 11:20:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/01/17 10:23:32 | 000,345,100 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc

[2013/01/14 18:12:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/01/11 12:35:41 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2013/01/11 09:17:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\Google Chrome.lnk

[2013/01/09 07:45:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/01/04 10:15:24 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\Regatta.lnk

[2012/12/31 09:37:45 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\Fax.lnk

[2012/12/31 09:37:12 | 000,001,198 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\Letterhead.lnk

[2012/12/31 09:36:54 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Maria\Desktop\2013.lnk

[2012/12/31 09:36:20 | 000,000,997 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\Log 2013.lnk

[2012/12/31 09:34:57 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\2013.lnk

[2012/12/27 07:53:51 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2013/01/24 10:17:22 | 000,047,028 | ---- | C] () -- C:\Documents and Settings\Maria\Desktop\JRT screenshot.JPG

[2013/01/17 14:48:40 | 000,574,677 | ---- | C] () -- C:\Documents and Settings\Maria\Desktop\AdwCleaner.exe

[2013/01/17 11:20:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013/01/17 11:20:53 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/01/17 10:56:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/01/17 10:56:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/01/17 10:56:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/01/17 10:56:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/01/17 10:56:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/12/31 09:36:54 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Maria\Desktop\2013.lnk

[2012/12/31 09:35:21 | 000,000,997 | ---- | C] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\Log 2013.lnk

[2012/12/31 09:34:57 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Maria\Application Data\Microsoft\Internet Explorer\Quick Launch\2013.lnk

[2012/12/27 07:53:51 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/07/11 02:05:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2012/02/15 03:06:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2008/09/05 13:44:50 | 021,298,554 | ---- | C] () -- C:\Documents and Settings\Maria\Local Settings\Application Data\MicroCore.4.5.8056.1-ship-WD.V1.cab

[2006/08/23 09:36:20 | 000,055,266 | ---- | C] () -- C:\Documents and Settings\Maria\Application Data\wklnhst.dat

[2006/07/17 16:42:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Maria\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/27 07:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2009/06/18 11:50:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2006/07/17 14:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup

[2006/07/20 15:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2009/04/28 08:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2011/06/10 09:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint

[2008/03/06 15:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2010/11/29 07:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/30 07:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2008/03/26 08:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Aim

[2013/01/17 14:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Canon

[2010/05/26 15:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1

[2006/07/17 14:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\eFax Messenger

[2008/09/29 12:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\GamesCafe

[2011/06/27 11:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Leadertech

[2006/07/17 11:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\MSNInstaller

[2008/08/28 08:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Skinux

[2009/03/10 09:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Snapfish

[2006/09/22 10:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Template

[2009/10/07 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Vu360

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Ok that is what I was thinking.... The fastest and easiest way to fix up Google Chrome is to uninstall it and then reinstall a fresh copy. Export your Bookmarks so you don't lose those with the instructions found here and then put the new Chrome on your system. Let me know if this fixes up your Google Chrome.

Link to post
Share on other sites

I re-installed Chrome and now both Internet Explorer and Chrome are working correctly. No more redirecting!
Great!! :)

---------

java-1.jpgJava

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see. There is an exploit of Java right now that has no fix for it. For the time being it is advisable to leave Java off your system.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.