laptop won't connect to internet

TheRanger53 · January 28, 2014

Older Dell laptop running XP Pro service pack 3 There is something redirecting the browser to mywebsearch and then get message that the web site cannot be found. Here are the dds scan results:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/20/2005 4:35:31 PM
System Uptime: 1/28/2014 4:33:28 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0W9260
Processor: Intel® Pentium® M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 53.557 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP221: 5/5/2013 6:37:28 PM - Software Distribution Service 3.0
RP222: 5/11/2013 6:40:53 PM - Software Distribution Service 3.0
RP223: 5/12/2013 8:36:48 AM - Software Distribution Service 3.0
RP224: 5/13/2013 6:42:24 PM - Software Distribution Service 3.0
RP225: 5/17/2013 7:11:59 PM - Software Distribution Service 3.0
RP226: 5/19/2013 7:38:33 AM - Software Distribution Service 3.0
RP227: 5/20/2013 7:18:56 PM - Software Distribution Service 3.0
RP228: 6/14/2013 8:51:37 PM - Software Distribution Service 3.0
RP229: 6/14/2013 9:37:44 PM - Software Distribution Service 3.0
RP230: 7/13/2013 8:50:15 PM - Software Distribution Service 3.0
RP231: 7/14/2013 6:38:28 AM - Software Distribution Service 3.0
RP232: 7/15/2013 7:40:22 PM - Software Distribution Service 3.0
RP233: 7/23/2013 7:29:38 AM - Software Distribution Service 3.0
RP234: 8/2/2013 9:29:02 PM - System Checkpoint
RP235: 8/15/2013 7:46:45 PM - Software Distribution Service 3.0
RP236: 8/18/2013 11:57:22 AM - Software Distribution Service 3.0
RP237: 8/29/2013 7:12:39 PM - Software Distribution Service 3.0
RP238: 9/14/2013 8:06:03 PM - Software Distribution Service 3.0
RP239: 9/16/2013 7:16:51 PM - Software Distribution Service 3.0
RP240: 9/18/2013 7:29:28 PM - Software Distribution Service 3.0
RP241: 9/20/2013 6:42:23 PM - Software Distribution Service 3.0
RP242: 10/12/2013 7:56:54 PM - Software Distribution Service 3.0
RP243: 10/15/2013 7:55:07 AM - Software Distribution Service 3.0
RP244: 10/16/2013 6:11:01 PM - Software Distribution Service 3.0
RP245: 10/17/2013 7:15:32 PM - Software Distribution Service 3.0
RP246: 10/18/2013 6:48:46 PM - Software Distribution Service 3.0
RP247: 10/21/2013 7:00:19 PM - Software Distribution Service 3.0
RP248: 11/17/2013 12:16:47 PM - Software Distribution Service 3.0
RP249: 11/19/2013 9:28:48 AM - Software Distribution Service 3.0
RP250: 11/22/2013 5:09:11 PM - Software Distribution Service 3.0
RP251: 12/14/2013 9:34:22 AM - Software Distribution Service 3.0
RP252: 12/17/2013 9:26:04 AM - Software Distribution Service 3.0
RP253: 12/17/2013 9:47:57 AM - Software Distribution Service 3.0
RP254: 12/17/2013 11:39:39 AM - Software Distribution Service 3.0
RP255: 12/24/2013 10:52:04 PM - Software Distribution Service 3.0
RP256: 12/26/2013 12:02:18 AM - Software Distribution Service 3.0
RP257: 1/15/2014 8:25:44 PM - Software Distribution Service 3.0
RP258: 1/20/2014 7:22:37 PM - Software Distribution Service 3.0
RP259: 1/23/2014 1:52:07 PM - Software Distribution Service 3.0
RP260: 1/23/2014 2:41:11 PM - Removed Norton Security Center
RP261: 1/28/2014 2:55:40 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Acrobat - Reader 6.0.2 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 12 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
ALOT Toolbar
ALPS Touch Pad Driver
AOL Explorer
AOL Uninstaller
AOLIcon
AppGraffiti
ASPCA TriMini Reminder by We-Care.com v5.0.5.1
Broadcom Management Programs 2
CC_ccProxyExt
ccCommon
ccPxyCore
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
Digital Line Detect
EpicPlay
Free File Opener
Freeze.com NetAssistant
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Inbox Toolbar
InstallVC90Support
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Loki ActiveX Control
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Streets and Trips 2005
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
MSRedist
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
mWlsSafe
mXML
mZConfig
NetAssistant
NetWaiting
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Palm
PowerDVD 5.5
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834902-v2)
Security Update for Windows Media Player (KB2834902)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
Sprint Mobile Broadband (Novatel Wireless)
Sprint SmartView
Symantec Network Drivers Update
Symantec Script Blocking Installer
SymNet
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
VNC 3.3.6
WeatherBlink
WebFldrs XP
Windows Desktop Search 3.01
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Works Upgrade
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/28/2014 5:10:55 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SymWSC service.
1/28/2014 2:55:37 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 82960da0, parameter3 82960f14, parameter4 805c876c.
1/28/2014 2:51:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
1/28/2014 2:51:28 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/28/2014 2:51:27 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
1/27/2014 11:21:25 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2014 11:21:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/23/2014 2:41:19 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/23/2014 2:16:06 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/23/2014 2:02:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/23/2014 2:02:13 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Pam Kingery at 17:15:37 on 2014-01-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.274 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\WEATHE~2\bar\2.bin\gcbrmon.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\PROGRA~1\INBOXT~1\Inbox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
uURLSearchHooks: <No Name>: {8ba2cfef-a1bc-4964-aadc-33be1ae5a33c} - c:\program files\weatherblink\bar\2.bin\gcSrcAs.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
dURLSearchHooks: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: ALOT Toolbar Helper: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: EpicPlay Games: {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - c:\program files\epicplay\epicPlayGames.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll
BHO: Search Assistant BHO: {9b9dcae3-be34-424c-8d73-75e305a9e091} - c:\program files\weatherblink\bar\2.bin\gcSrcAs.dll
BHO: CNisExtBho Class: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - LocalServer32 - <no file>
BHO: CNavExtBho Class: {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\program files\norton internet security\norton antivirus\NAVSHEXT.DLL
BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - LocalServer32 - <no file>
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Toolbar BHO: {dc9051c2-8f55-479a-97a4-747980d9047f} - c:\program files\weatherblink\bar\2.bin\gcbar.dll
BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Norton Internet Security: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\program files\norton internet security\norton antivirus\NAVSHEXT.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: WeatherBlink: {F20DE5E0-2A6E-4C54-985F-1CF59551CE39} - c:\program files\weatherblink\bar\2.bin\gcbar.dll
TB: Norton Internet Security: {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\program files\norton internet security\norton antivirus\NAVSHEXT.DLL
TB: WeatherBlink: {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - c:\program files\weatherblink\bar\2.bin\gcbar.dll
TB: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - c:\program files\alot\bin\alot.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [WeatherBlink Browser Plugin Loader] c:\progra~1\weathe~2\bar\2.bin\gcbrmon.exe
mRun: [sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [inboxToolbar] "c:\progra~1\inboxt~1\Inbox.exe" /STARTUP
mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://tbedits.weatherblink.com/one-toolbaredits/menusearch.jhtml?s=100000413&p=XNxdm003YYUS&a=7F4E5337-141A-4A84-965D-B3FAA2E07DDA&n=2010101612&cv=1
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: NameServer = 184.63.0.68 184.63.0.69
TCP: Interfaces\{9811CF4A-18FA-44AB-9E22-8FCCF471EF0A} : DHCPNameServer = 184.63.0.68 184.63.0.69
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\program files\inbox toolbar\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - LocalServer32 - <no file>
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2005-3-15 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-3-15 185960]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-3-15 239264]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-3-15 177768]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.exe [2005-3-15 128160]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061115.018\NAVENG.Sys [2006-11-20 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061115.018\NavEx15.Sys [2006-11-20 831880]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2005-3-15 334984]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-3-11 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-3-15 83560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-23 40776]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-8-16 13824]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-8-16 99200]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2005-3-15 198368]
.
=============== Created Last 30 ================
.
2014-01-28 22:39:56   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-01-28 22:39:55   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-23 20:43:28   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-23 20:43:09   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-23 20:43:08   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-23 20:05:28   --------   d-----w-   c:\documents and settings\pam kingery\application data\Malwarebytes
2014-01-23 19:52:18   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2014-01-21 01:22:48   --------   d-----w-   C:\1994cd8026d23ca8d732
.
==================== Find3M ====================
.
2013-11-27 20:21:06   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42   150528   ----a-w-   c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
2012-09-23 11:00:49   4096000   ----a-w-   c:\program files\GUT1C.tmp
.
============= FINISH: 17:17:58.93 ===============

jeffce · January 29, 2014

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------

Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
Scan your system for malware
If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------

TheRanger53 · January 29, 2014

Here are the scans you requested. The mbar scan encountered several problems including a message entitled" windows Delayed Write Failed" this has happened several times before the scan also.:

# AdwCleaner v3.010 - Report created 28/01/2014 at 19:13:32
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Pam Kingery - DFFHPP71
# Running from : C:\Documents and Settings\Pam Kingery\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Pam Kingery\Desktop\Free Dolphin Screensaver.lnk
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\AppGraffiti
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\AppGraffiti
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Found C:\Documents and Settings\Pam Kingery\Application Data\AppGraffiti
Folder Found C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar
Folder Found C:\Documents and Settings\Pam Kingery\Local Settings\Application Data\PackageAware
Folder Found C:\Program Files\AppGraffiti
Folder Found C:\Program Files\Free Offers from Freeze.com
Folder Found C:\Program Files\Freeze.com
Folder Found C:\Program Files\Inbox Toolbar
Folder Found C:\Program Files\Viewpoint

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\alot
Key Found : HKCU\Software\AppGraffiti
Key Found : HKCU\Software\Inbox Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NetAssistant 3.8.3
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\Software\AppGraffiti
Key Found : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Found : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Key Found : HKLM\SOFTWARE\Classes\RebateI.Rebate Informer BHO
Key Found : HKLM\SOFTWARE\Classes\RebateI.RebateInformImageGen
Key Found : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Found : HKLM\Software\CToolbar
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [inboxToolbar]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WeatherBlink Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp1950@crossrider.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v19.0 (en-US)

[ File : C:\Documents and Settings\Pam Kingery\Application Data\Mozilla\Firefox\Profiles\otkp96zw.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [14133 octets] - [28/01/2014 19:13:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14194 octets] ##########

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 527822848, free: 297521152

Downloaded database version: v2014.01.28.10
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/28/2014 19:36:09
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
BMLoad.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\w29n51.sys
\SystemRoot\system32\drivers\STAC97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\HSFHWICH.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\iwca.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\pctnullport.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\tcpipBM.SYS
\SystemRoot\System32\Drivers\SYMTDI.SYS
\??\C:\Program Files\Symantec\SYMEVENT.SYS
\SystemRoot\System32\Drivers\SYMREDRV.SYS
\SystemRoot\System32\Drivers\SYMDNS.SYS
\SystemRoot\System32\Drivers\SYMNDIS.SYS
\SystemRoot\System32\Drivers\SYMFW.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\SYMIDS.SYS
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\symlcbrd.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NavEx15.Sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVENG.Sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR6
Upper Device Object: 0xffffffffff3a9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009d\
Lower Device Object: 0xffffffffff3b5ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82b5eab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82bacb58
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82b5eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82bac4a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82b5eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82bacb58, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user read failed: C:\WINDOWS\SYSTEM32\drivers\bthport.sys (0x00000017)
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\bthport.sys
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 112392

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 112455 Numsec = 147781935
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 147894390 Numsec = 8401995

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffffff3a9030, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffffff2789d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffffff3a9030, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffffff2975e0, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffffff3b5ea0, DeviceName: \Device\0000009d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064 Numsec = 31268992

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 16013852672 bytes
Sector size: 512 bytes

Done!
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [Hijack.StartPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchBar]
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-112455-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

jeffce · January 29, 2014

Hi,

Well done getting these logs.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------

TheRanger53 · January 29, 2014

I can't get it to run the chkdsk /F command because something else is using the system. I tried to run it after a restart but no go there either. I uninstalled the Nortons because it kept interfereing with the combofix.

TheRanger53 · January 29, 2014

Combofix finally completed:

.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pam Kingery\Application Data\alot
c:\documents and settings\Pam Kingery\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Pam Kingery\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Pam Kingery\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Pam Kingery\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Pam Kingery\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Pam Kingery\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\products\products.xml
c:\documents and settings\Pam Kingery\Application Data\alot\products\products.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_10\images\2671_icon.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_10\images\2671_icon.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\clear.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\cloudy.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\foggy.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\haze.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\mcloud.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\nclear.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\nhaze.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\nmcloud.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\ntstorm.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\pcloud.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\rain.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\shower.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\snow.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_3\images\tstorm.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_4\images\3951_icon.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_4\images\3951_icon.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_5\images\5809_icon.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_5\images\5809_icon.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_6\images\3562_icon.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_6\images\3562_icon.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_7\images\default_2254_email.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_7\images\default_2254_email.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_7\images\icon_configure.JPG
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_8\images\4298_icon.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_8\images\4298_icon.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_9\images\2838_icon.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Button_9\images\2838_icon.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Pam Kingery\Application Data\alot\SiteMetrics\SiteMetrics.xml
c:\documents and settings\Pam Kingery\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Pam Kingery\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\toolbar.xml
c:\documents and settings\Pam Kingery\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Pam Kingery\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Pam Kingery\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Pam Kingery\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Pam Kingery\Application Data\alot\Updater\Updater.xml.backup
c:\progra~1\WEATHE~2\bar\2.bin\gcBAr.dll
c:\progra~1\WEATHE~2\bar\2.bin\gcbrmon.exe
c:\program files\EpicPlay\epICplaygames.dll
c:\program files\Freeze.com\NetAssistant\NeTAssistant.dll
c:\program files\HeadlineAlley_29EI
c:\program files\WeatherBlink
c:\program files\WeatherBlink\bar\1.bin\chrome\gcffxtbr.jar
c:\program files\WeatherBlink\bar\1.bin\T8FFTBPR.DLL
c:\program files\WeatherBlink\bar\1.bin\T8PATCH.DLL
c:\program files\WeatherBlink\bar\2.bin\CHROME.MANIFEST
c:\program files\WeatherBlink\bar\2.bin\chrome\gcffxtbr.jar
c:\program files\WeatherBlink\bar\2.bin\gcauxstb.dll
c:\program files\WeatherBlink\bar\2.bin\gcBAr.dll
c:\program files\WeatherBlink\bar\2.bin\gcbarsvc.exe
c:\program files\WeatherBlink\bar\2.bin\gcbrmon.exe
c:\program files\WeatherBlink\bar\2.bin\gcbrstub.dll
c:\program files\WeatherBlink\bar\2.bin\gcDAtact.dll
c:\program files\WeatherBlink\bar\2.bin\gcDLghk.dll
c:\program files\WeatherBlink\bar\2.bin\gcDYn.dll
c:\program files\WeatherBlink\bar\2.bin\gcfeedmg.dll
c:\program files\WeatherBlink\bar\2.bin\gchighin.exe
c:\program files\WeatherBlink\bar\2.bin\gchtml.dll
c:\program files\WeatherBlink\bar\2.bin\gchtmlmu.dll
c:\program files\WeatherBlink\bar\2.bin\gcHTtpct.dll
c:\program files\WeatherBlink\bar\2.bin\gcidle.dll
c:\program files\WeatherBlink\bar\2.bin\gcimpipe.exe
c:\program files\WeatherBlink\bar\2.bin\gcmedint.exe
c:\program files\WeatherBlink\bar\2.bin\gcMLbtn.dll
c:\program files\WeatherBlink\bar\2.bin\gcMSg.dll
c:\program files\WeatherBlink\bar\2.bin\gcPlugin.dll
c:\program files\WeatherBlink\bar\2.bin\gcRAdio.dll
c:\program files\WeatherBlink\bar\2.bin\gcregfft.dll
c:\program files\WeatherBlink\bar\2.bin\gcregiet.dll
c:\program files\WeatherBlink\bar\2.bin\gcscript.dll
c:\program files\WeatherBlink\bar\2.bin\gcskin.dll
c:\program files\WeatherBlink\bar\2.bin\gcskplay.exe
c:\program files\WeatherBlink\bar\2.bin\gcSrcAs.dll
c:\program files\WeatherBlink\bar\2.bin\gcTPinst.dll
c:\program files\WeatherBlink\bar\2.bin\gcuabtn.dll
c:\program files\WeatherBlink\bar\2.bin\INSTALL.RDF
c:\program files\WeatherBlink\bar\2.bin\LOGO.BMP
c:\program files\WeatherBlink\bar\2.bin\NPgcStub.dll
c:\program files\WeatherBlink\bar\2.bin\T8FFtbpr.dll
c:\program files\WeatherBlink\bar\2.bin\T8PATCH.DLL
c:\program files\WeatherBlink\bar\2.bin\T8UNPAT.DLL
c:\program files\WeatherBlink\bar\Cache\0003DFA3.bmp
c:\program files\WeatherBlink\bar\Cache\00041559.bmp
c:\program files\WeatherBlink\bar\Cache\00046C72.bmp
c:\program files\WeatherBlink\bar\Cache\000493D0.bmp
c:\program files\WeatherBlink\bar\Cache\000496CE.bmp
c:\program files\WeatherBlink\bar\Cache\0004A574.bmp
c:\program files\WeatherBlink\bar\Cache\0004AAA4.bmp
c:\program files\WeatherBlink\bar\Cache\0004B34E.bmp
c:\program files\WeatherBlink\bar\Cache\0005AC06.bmp
c:\program files\WeatherBlink\bar\Cache\0006320F.bmp
c:\program files\WeatherBlink\bar\Cache\0006593E.bmp
c:\program files\WeatherBlink\bar\Cache\0006A9FE.bmp
c:\program files\WeatherBlink\bar\Cache\0006B4EB.bmp
c:\program files\WeatherBlink\bar\Cache\0006BA59.bmp
c:\program files\WeatherBlink\bar\Cache\0006D18B.bmp
c:\program files\WeatherBlink\bar\Cache\0006E784.jhtml
c:\program files\WeatherBlink\bar\Cache\0007028E.bmp
c:\program files\WeatherBlink\bar\Cache\00070397.bmp
c:\program files\WeatherBlink\bar\Cache\0007050E.bmp
c:\program files\WeatherBlink\bar\Cache\00070637.bmp
c:\program files\WeatherBlink\bar\Cache\00070770.bmp
c:\program files\WeatherBlink\bar\Cache\0007084B.bmp
c:\program files\WeatherBlink\bar\Cache\0007148F.bmp
c:\program files\WeatherBlink\bar\Cache\0007178D.bmp
c:\program files\WeatherBlink\bar\Cache\00072316.bmp
c:\program files\WeatherBlink\bar\Cache\0007A0A3.bmp
c:\program files\WeatherBlink\bar\Cache\00081759
c:\program files\WeatherBlink\bar\Cache\00089E7B
c:\program files\WeatherBlink\bar\Cache\000B9489
c:\program files\WeatherBlink\bar\Cache\000E3A45
c:\program files\WeatherBlink\bar\Cache\0010F1A5
c:\program files\WeatherBlink\bar\Cache\002166E7
c:\program files\WeatherBlink\bar\Cache\0022406E
c:\program files\WeatherBlink\bar\Cache\0026553B
c:\program files\WeatherBlink\bar\Cache\0027A088
c:\program files\WeatherBlink\bar\Cache\0027C006
c:\program files\WeatherBlink\bar\Cache\00280DB9
c:\program files\WeatherBlink\bar\Cache\0029E1CD
c:\program files\WeatherBlink\bar\Cache\002A67D5
c:\program files\WeatherBlink\bar\Cache\002ABB64
c:\program files\WeatherBlink\bar\Cache\0049343C
c:\program files\WeatherBlink\bar\Cache\files.ini
c:\program files\WeatherBlink\bar\History\search3
c:\program files\WeatherBlink\bar\Message\COMMON.T8S
c:\program files\WeatherBlink\bar\Message\COMMON\8_step1.gif
c:\program files\WeatherBlink\bar\Message\COMMON\index.htm
c:\program files\WeatherBlink\bar\Message\COMMON\rebut4b.htm
c:\program files\WeatherBlink\bar\Message\COMMON\shield.png
c:\program files\WeatherBlink\bar\Settings\prevcfg2.htm
c:\program files\WeatherBlink\bar\Settings\s_locale.dat
c:\program files\WeatherBlink\bar\Settings\s_locale.dat.bak
c:\program files\WeatherBlink\bar\Settings\s_pid.dat
c:\program files\WeatherBlink\bar\Settings\s_uLoc.dat
c:\program files\WeatherBlink\bar\Settings\s_unit.dat
c:\program files\WeatherBlink\bar\Settings\s_w1.dat
c:\program files\WeatherBlink\bar\Settings\s_w1.dat.bak
c:\program files\WeatherBlink\bar\Settings\s_w2.dat
c:\program files\WeatherBlink\bar\Settings\s_w2.dat.bak
c:\program files\WeatherBlink\bar\Settings\setting3.htm
c:\program files\WeatherBlink\bar\Settings\setting3.htm.bak
c:\program files\WeatherBlink\Shared\Cache\PopupProperties100016374.html
c:\program files\WeatherBlink\Shared\Cache\PopupProperties100016377.html
c:\program files\WeatherBlink\Shared\Cache\PopupProperties100016379.html
c:\program files\WeatherBlink\Shared\Cache\PopupProperties100016381.html
c:\program files\WeatherBlink\Shared\Cache\PopupProperties100065008.html
c:\program files\WeatherBlink\Shared\Cache\PopupProperties200821773.html
c:\program files\WeatherBlink\Shared\Cache\Radio.html
c:\program files\WeatherBlinkEI
c:\windows\system32\setb5.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WEATHERBLINKSERVICE
-------\Service_WeatherBlinkService
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-29 )))))))))))))))))))))))))))))))
.
.
2014-01-29 16:23 . 2014-01-29 16:25   --------   d-----w-   c:\documents and settings\Administrator
2014-01-29 01:36 . 2014-01-29 03:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-29 01:31 . 2014-01-29 01:31   52312   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-01-29 01:02 . 2014-01-29 01:14   --------   d-----w-   C:\AdwCleaner
2014-01-28 23:23 . 2014-01-28 23:23   --------   d-----w-   c:\documents and settings\Pam Kingery\Local Settings\Application Data\Mozilla
2014-01-28 23:22 . 2014-01-28 23:22   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2014-01-28 22:39 . 2014-01-28 22:39   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-01-28 22:39 . 2014-01-28 22:39   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-23 20:43 . 2014-01-29 01:36   107224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-23 20:43 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-23 20:43 . 2014-01-23 20:43   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-23 20:05 . 2014-01-23 20:05   --------   d-----w-   c:\documents and settings\Pam Kingery\Application Data\Malwarebytes
2014-01-23 19:52 . 2014-01-23 19:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-21 01:22 . 2014-01-21 01:22   --------   d-----w-   C:\1994cd8026d23ca8d732
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-27 20:21 . 2004-08-10 17:51   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2004-08-10 17:51   150528   ----a-w-   c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-10 17:51   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-04-17 19:29   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
2012-09-23 11:00 . 2012-09-23 11:00   4096000   ----a-w-   c:\program files\GUT1C.tmp
2013-02-16 00:35 . 2014-01-28 23:22   263064   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08   110592   ----a-w-   c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 21:33   155648   ----a-w-   c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-03-04 16:26   606208   ----a-w-   c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05   127035   ----a-w-   c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmMgr]
2004-11-13 03:36   414208   ----a-w-   c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19   53248   ------w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-09-09 14:21   32360   ----a-w-   c:\program files\Common Files\AOL\1127864100\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-02-15 20:02   126976   ----a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-02-15 20:02   155648   ----a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar]
2013-12-02 10:04   1380328   ----a-w-   c:\progra~1\INBOXT~1\Inbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-30 19:59   385024   ----a-w-   c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50   221184   ----a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50   81920   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-06-11 19:00   98304   ----a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2010-12-15 20:54   316736   ----a-w-   c:\program files\Sprint\Sprint SmartView\RDVCHG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-06-11 18:59   26112   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2010-12-15 20:54   75072   ----a-w-   c:\program files\Sprint\Sprint SmartView\SprintSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48   32881   ----a-w-   c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-27 04:22   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2002-11-27 18:47   335872   ----a-w-   c:\program files\RealVNC\WinVNC\winvnc.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 2:10 PM 82944]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [8/16/2007 2:24 PM 13824]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 17:47]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 17:47]
.
.
------- Supplementary Scan -------
.

TCP: DhcpNameServer = 184.63.0.68 184.63.0.69

FF - ProfilePath - c:\documents and settings\Pam Kingery\Application Data\Mozilla\Firefox\Profiles\otkp96zw.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{CCB69577-088B-4004-9ED8-FF5BCC83A039} - (no file)
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-WeatherBlink Browser Plugin Loader - c:\progra~1\WEATHE~2\bar\2.bin\gcbrmon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-29 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-01-29 14:35:36 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-29 20:35
.
Pre-Run: 58,209,464,320 bytes free
Post-Run: 58,107,318,272 bytes free
.
- - End Of File - - 8E22C6A706EB56D59156EF6B96DA40B2
EA478E71E39AE36BCF8908F8EE718FD3

jeffce · January 29, 2014

Good job getting this....

ComboFix

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
ClearJavaCache::

DDS::
uURLSearchHooks: <No Name>: {8ba2cfef-a1bc-4964-aadc-33be1ae5a33c} - c:\program files\weatherblink\bar\2.bin\gcSrcAs.dll
dURLSearchHooks: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: ALOT Toolbar Helper: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: EpicPlay Games: {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - c:\program files\epicplay\epicPlayGames.dll
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll
BHO: Search Assistant BHO: {9b9dcae3-be34-424c-8d73-75e305a9e091} - c:\program files\weatherblink\bar\2.bin\gcSrcAs.dll
BHO: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - LocalServer32 - <no file>
BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - LocalServer32 - <no file>
BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: WeatherBlink: {F20DE5E0-2A6E-4C54-985F-1CF59551CE39} - c:\program files\weatherblink\bar\2.bin\gcbar.dll
TB: WeatherBlink: {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - c:\program files\weatherblink\bar\2.bin\gcbar.dll
TB: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - c:\program files\alot\bin\alot.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
mRun: [WeatherBlink Browser Plugin Loader] c:\progra~1\weathe~2\bar\2.bin\gcbrmon.exe
mRun: [inboxToolbar] "c:\progra~1\inboxt~1\Inbox.exe" /STARTUP

File::
c:\progra~1\INBOXT~1\Inbox.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar]
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update; please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Post the new ComboFix log and let me know how your system is running now.

TheRanger53 · January 30, 2014

Ok combofix ran pretty smoothly this time but I keep getting delayed write errors popping up. I am not sure if that affects the way the scan ran but if you see something funny in the log that may be why.

ComboFix 14-01-29.01 - Pam Kingery 01/29/2014 17:54:46.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.298 [GMT -6:00]
Running from: c:\documents and settings\Pam Kingery\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pam Kingery\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\progra~1\INBOXT~1\Inbox.exe"
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-30 )))))))))))))))))))))))))))))))
.
.
2014-01-29 21:09 . 2014-01-29 21:09   --------   d-----w-   c:\documents and settings\Pam Kingery\Application Data\AVAST Software
2014-01-29 20:59 . 2014-01-29 20:59   57672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2014-01-29 20:59 . 2014-01-29 20:59   775952   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2014-01-29 20:59 . 2014-01-29 20:59   180248   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2014-01-29 20:59 . 2014-01-29 20:58   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2014-01-29 20:59 . 2014-01-29 20:58   410784   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2014-01-29 20:59 . 2014-01-29 20:58   67824   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2014-01-29 20:59 . 2014-01-29 20:58   54832   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2014-01-29 20:59 . 2014-01-29 20:58   270240   ----a-w-   c:\windows\system32\aswBoot.exe
2014-01-29 20:58 . 2014-01-29 20:58   43152   ----a-w-   c:\windows\avastSS.scr
2014-01-29 20:54 . 2014-01-29 20:54   --------   d-----w-   c:\program files\AVAST Software
2014-01-29 20:49 . 2014-01-29 20:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2014-01-29 16:23 . 2014-01-29 16:25   --------   d-----w-   c:\documents and settings\Administrator
2014-01-29 01:36 . 2014-01-29 03:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-29 01:31 . 2014-01-29 01:31   52312   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-01-29 01:02 . 2014-01-29 01:14   --------   d-----w-   C:\AdwCleaner
2014-01-28 23:23 . 2014-01-28 23:23   --------   d-----w-   c:\documents and settings\Pam Kingery\Local Settings\Application Data\Mozilla
2014-01-28 23:22 . 2014-01-28 23:22   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2014-01-28 22:39 . 2014-01-28 22:39   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-01-28 22:39 . 2014-01-28 22:39   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-23 20:43 . 2014-01-29 01:36   107224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-23 20:43 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-23 20:43 . 2014-01-23 20:43   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-23 20:05 . 2014-01-23 20:05   --------   d-----w-   c:\documents and settings\Pam Kingery\Application Data\Malwarebytes
2014-01-23 19:52 . 2014-01-23 19:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-21 01:22 . 2014-01-21 01:22   --------   d-----w-   C:\1994cd8026d23ca8d732
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-27 20:21 . 2004-08-10 17:51   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2004-08-10 17:51   150528   ----a-w-   c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-10 17:51   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-04-17 19:29   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
2012-09-23 11:00 . 2012-09-23 11:00   4096000   ----a-w-   c:\program files\GUT1C.tmp
2013-02-16 00:35 . 2014-01-28 23:22   263064   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-29 20:58   259464   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-29 3767096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08   110592   ----a-w-   c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 21:33   155648   ----a-w-   c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-03-04 16:26   606208   ----a-w-   c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05   127035   ----a-w-   c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmMgr]
2004-11-13 03:36   414208   ----a-w-   c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19   53248   ------w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-09-09 14:21   32360   ----a-w-   c:\program files\Common Files\AOL\1127864100\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-02-15 20:02   126976   ----a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-02-15 20:02   155648   ----a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-30 19:59   385024   ----a-w-   c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50   221184   ----a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50   81920   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-06-11 19:00   98304   ----a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2010-12-15 20:54   316736   ----a-w-   c:\program files\Sprint\Sprint SmartView\RDVCHG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-06-11 18:59   26112   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2010-12-15 20:54   75072   ----a-w-   c:\program files\Sprint\Sprint SmartView\SprintSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48   32881   ----a-w-   c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2002-11-27 18:47   335872   ----a-w-   c:\program files\RealVNC\WinVNC\winvnc.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1/29/2014 2:59 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1/29/2014 2:59 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/29/2014 2:59 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/29/2014 2:59 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [1/29/2014 2:59 PM 67824]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 2:10 PM 82944]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [8/16/2007 2:24 PM 13824]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWSP
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-29 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-29 20:58]
.
.
------- Supplementary Scan -------
.

TCP: DhcpNameServer = 184.63.0.68 184.63.0.69

FF - ProfilePath - c:\documents and settings\Pam Kingery\Application Data\Mozilla\Firefox\Profiles\otkp96zw.default\
FF - ExtSQL: 2014-01-29 14:59; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-29 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'explorer.exe'(3408)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2014-01-29 18:18:30
ComboFix-quarantined-files.txt 2014-01-30 00:18
ComboFix2.txt 2014-01-29 20:35
.
Pre-Run: 57,529,954,304 bytes free
Post-Run: 57,517,965,312 bytes free
.
- - End Of File - - 151DC23CE49051C6B6A4EC90C81C3F2F
EA478E71E39AE36BCF8908F8EE718FD3

jeffce · January 30, 2014

Hi,

Looking better....let's see if there is anything else in there hiding.

Please download Malwarebytes Anti-Malware to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.

----------

jeffce · February 1, 2014

Still with me?

LDTate · February 2, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

TheRanger53 · February 7, 2014

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.02.01.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Pam Kingery :: DFFHPP71 [administrator]

1/31/2014 9:15:18 PM

mbam-log-2014-01-31 (21-15-18).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 247589

Time elapsed: 32 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 28

HKCR\CLSID\{042DA63B-0933-403D-9395-B49307691690} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKCR\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKCR\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKCR\Inbox.CoInboxJS (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKCR\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

HKCR\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6} (PUP.Optional.RebateInformer.A) -> Quarantined and deleted successfully.

HKCR\RebateI.RebateInformImageGen (PUP.Optional.RebateInformer.A) -> Quarantined and deleted successfully.

HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

HKCR\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

HKCR\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

HKCR\Interface\{022C9F90-2E96-47D6-A971-107650154563} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

HKCR\AppGraffiti.AppGraffitiJS (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

HKCU\Software\Inbox Toolbar (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\INBOX TOOLBAR (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\PCPOWERSPEED (PUP.Optional.PCPowerSpeed.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Inbox Toolbar|FF_INSTAL (PUP.Optional.InboxToolBar.A) -> Data: 1 -> Quarantined and deleted successfully.

HKLM\SOFTWARE\PCPowerSpeed|PHONE_NUMBER (PUP.Optional.PCPowerSpeed.A) -> Data: 1-866-231-7627 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://www.inbox.com/homepage.aspx?tbid=80273&lng=en) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 3

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\Update (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

Files Detected: 22

C:\Program Files\Inbox Toolbar\Inbox.dll (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\buttons.xml (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\butpos.ini (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\config.ini (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\mail.ini (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\mail_plugin_big_dyn.xml (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\mail_plugin_dyn.xml (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\music_rss.rss (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\skin.xml (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\skins.xml (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pam Kingery\Application Data\Inbox Toolbar\translate.ini (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\unins000.dat (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\AppGraffiti.dll (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\AppGraffiti.exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\AppGraffiti._exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\AppGraffiti64.dll (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\CHR_Install.cab (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\config.dat (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

C:\Program Files\AppGraffiti\unins000.exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.

(end)

C:\Documents and Settings\Pam Kingery\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.dll   a variant of Win32/Adware.Gamevance.BR potentially unwanted application
C:\Program Files\EpicPlay\epicRemoval.exe   a variant of Win32/Adware.Gamevance.BN potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\EpicPlay\epICplaygames.dll.vir   a variant of Win32/Adware.Gamevance.BR potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\WeatherBlink\bar\2.bin\gcDAtact.dll.vir   a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\WeatherBlink\bar\2.bin\gchtml.dll.vir   probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\WeatherBlink\bar\2.bin\gchtmlmu.dll.vir   probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\WeatherBlink\bar\2.bin\gcPlugin.dll.vir   a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\WeatherBlink\bar\2.bin\gcregfft.dll.vir   Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\WeatherBlink\bar\2.bin\gcskin.dll.vir   a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~1\WEATHE~2\bar\2.bin\gcBAr.dll.vir   a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP259\A0264476.dll   a variant of Win32/Toolbar.Inbox.B potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP259\A0264477.exe   a variant of Win32/Toolbar.Inbox.B potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0269686.dll   a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0269688.dll   a variant of Win32/Adware.Gamevance.BR potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0269696.dll   a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0269701.dll   probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0269702.dll   probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0269709.dll   a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0269711.dll   Win32/Toolbar.MyWebSearch potentially unwanted application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0269714.dll   a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application

TheRanger53 · February 7, 2014

the computer is running back to what I think is good for an older machine with far less ram than I would have in it if it were mine.

jeffce · February 7, 2014

Good to hear!

Let's remove these two entries and then from what I can see you should be good to go.

First open a command prompt > Click Start > Run > and type cmd and press Enter.
This will open the command prompt.

Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)

del "C:\Documents and Settings\Pam Kingery\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.dll"del "C:\Program Files\EpicPlay\epicRemoval.exe"

Close the Command Prompt box.

TheRanger53 · February 7, 2014

Ok Done

jeffce · February 7, 2014

Are you experiencing any more malware related problems?

TheRanger53 · February 7, 2014

No, It seems to be running fine now. Thanks again for your help.

jeffce · February 8, 2014

Fantastic!!

Providing there are no other malware related problems...

IT APPEARS THAT THE LOGS WE HAVE NOW ARE NOW CLEAN! GREAT JOB!!

This infection appears to have been cleared, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Press the Windows key + R and this will open the Run text box. Copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)

----------

AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

--------------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.
----------

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
----------

TheRanger53 · February 8, 2014

The problems have been resolved. Thanks again for all the help, you guys are the best.

jeffce · February 8, 2014

You are very welcome!

AdvancedSetup · February 8, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

laptop won't connect to internet

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information