Jump to content

Internet Explorer Cannot Display Web Page error after infection


Melitta
 Share

Recommended Posts

Hi! My computer was infected a few days ago. The infection was removed, but I am getting Internet Explorer can not display web pages when surfing the Internet. I was told it could be left over malware issues causing this problem. Here are the logs I was told to post. Thank you to anyone who can help!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jacque at 15:34:05 on 2012-02-01

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4261 [GMT -6:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe

C:\Windows\CNYHKey.exe

C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\MHotkey.exe

C:\Windows\ModLedKey.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\ChiFuncExt.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe

C:\Windows\CNYHKey.exe

C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe

C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Windows\ehome\ehmsas.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Windows\MHotkey.exe

C:\Windows\ModLedKey.exe

C:\Windows\ChiFuncExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

TB: {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - No File

TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [LchDrvKey] LchDrvKey.exe

mRun: [LedKey] CNYHKey.exe

mRun: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe

mRun: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A

mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [info Center] "C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~2.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2FC6B3EB-D5AC-4AF8-944D-1F82FBE7CA60} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO-X64: Ad-Aware Security Toolbar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

TB-X64: {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - No File

TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File

mRun-x64: [LchDrvKey] LchDrvKey.exe

mRun-x64: [LedKey] CNYHKey.exe

mRun-x64: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe

mRun-x64: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A

mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [info Center] "C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRunOnce-x64: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jacque\AppData\Roaming\Mozilla\Firefox\Profiles\fsgyl71l.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-30 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]

S3 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2011-1-30 24576]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-30 135664]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-3-9 92592]

S3 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-3-31 428640]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-3-14 278528]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-31 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-01-31 18:32:33 -------- d-----w- C:\Users\Jacque\AppData\Local\{CE38DC45-4D62-44E4-82FD-979DF9E9648F}

2012-01-31 18:32:23 -------- d-----w- C:\Users\Jacque\AppData\Local\{A3159902-850E-42F7-B5EF-BB07F33FCED7}

2012-01-31 16:48:21 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A299BB79-B26E-4EA1-8FBC-1AC3911BBFBA}\mpengine.dll

2012-01-29 19:11:03 -------- d-----w- C:\Users\Jacque\AppData\Local\{BDD7FD9F-5424-45D3-B9C2-8455F9F6D779}

2012-01-29 19:10:53 -------- d-----w- C:\Users\Jacque\AppData\Local\{C013603A-A8FF-487C-B0C7-885676CA6937}

2012-01-26 02:55:35 -------- d-----w- C:\Users\Jacque\AppData\Local\{517C4FD2-919B-4619-B0D3-BA90AE4C9066}

2012-01-26 02:55:22 -------- d-----w- C:\Users\Jacque\AppData\Local\{FBC6492A-98E6-4EC3-BCBE-1978FFB51238}

2012-01-25 18:09:55 -------- d-----w- C:\Users\Jacque\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2012-01-25 14:54:58 -------- d-----w- C:\Users\Jacque\AppData\Local\{1AE1C039-30BA-4F85-A0B0-43C7E6997C00}

2012-01-25 14:54:48 -------- d-----w- C:\Users\Jacque\AppData\Local\{48BA095E-068C-4CCC-9A2C-6D243346C8EC}

2012-01-24 20:07:37 -------- d-sh--w- C:\$RECYCLE.BIN

2012-01-24 20:03:03 -------- d-----w- C:\Users\Jacque\AppData\Local\temp

2012-01-24 17:43:56 -------- d-----w- C:\Users\Jacque\AppData\Local\{D5C135FF-D3FA-48A8-9C3B-7B850E25BE20}

2012-01-24 17:43:45 -------- d-----w- C:\Users\Jacque\AppData\Local\{FF45F0BA-CD6C-4C4F-BC3D-3E8AC267492E}

2012-01-23 21:21:15 -------- d-----w- C:\Users\Jacque\AppData\Local\{C848C340-B701-4838-B439-06592D21FBCC}

2012-01-23 21:21:04 -------- d-----w- C:\Users\Jacque\AppData\Local\{3B4CA9DF-8BF4-4190-856C-9A6464AF376D}

2012-01-20 23:10:43 -------- d-----w- C:\Users\Jacque\AppData\Local\{52CD958B-F522-43A0-A814-3E4FC350952B}

2012-01-20 23:10:33 -------- d-----w- C:\Users\Jacque\AppData\Local\{BD9FF549-D072-4793-8F13-AE7C2F1808DB}

2012-01-19 22:21:05 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-01-19 22:21:05 442368 ----a-w- C:\Windows\System32\winhttp.dll

2012-01-19 22:21:05 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll

2012-01-19 22:21:05 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-01-19 22:21:05 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-01-19 22:21:05 1689600 ----a-w- C:\Windows\System32\lsasrv.dll

2012-01-19 22:21:04 94720 ----a-w- C:\Windows\System32\secur32.dll

2012-01-19 22:21:04 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-01-19 22:21:04 11264 ----a-w- C:\Windows\System32\lsass.exe

2012-01-19 21:16:23 -------- d-----w- C:\Users\Jacque\AppData\Local\{61EDE3C9-838C-4388-8829-602BC3657153}

2012-01-19 21:16:01 -------- d-----w- C:\Users\Jacque\AppData\Local\{E3596003-7C15-4DA7-A34D-08075E1C1282}

2012-01-18 20:32:15 16432 ----a-w- C:\Windows\System32\lsdelete.exe

2012-01-18 17:06:39 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-01-18 17:03:38 -------- d-----w- C:\Users\Jacque\AppData\Local\adaware

2012-01-18 17:03:36 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2012-01-18 17:03:12 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2012-01-18 17:03:08 -------- d-----w- C:\Program Files (x86)\adawaretb

2012-01-18 17:03:03 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2012-01-18 17:02:58 -------- d-----w- C:\Program Files (x86)\Lavasoft

2012-01-17 17:41:48 -------- d-----w- C:\Users\Jacque\AppData\Local\{5AA522B9-5F7F-475F-9606-5E995B3FFF8F}

2012-01-17 17:41:32 -------- d-----w- C:\Users\Jacque\AppData\Local\{D659AEA5-7B25-441F-9FBF-D04CC2818E47}

2012-01-16 17:45:11 -------- d-----w- C:\Users\Jacque\AppData\Local\{571680A1-2D9C-47B3-BCB3-B7F51E82CEDC}

2012-01-16 17:45:01 -------- d-----w- C:\Users\Jacque\AppData\Local\{839AE9E8-D18D-4364-A17C-0399419C49A1}

2012-01-13 23:13:47 -------- d-----w- C:\Users\Jacque\AppData\Local\{D9D4B3DD-BD26-40DF-8FE8-FDF6D47B19EE}

2012-01-13 23:13:37 -------- d-----w- C:\Users\Jacque\AppData\Local\{861D2DA2-4FF1-4312-84AD-66C8812EB7F6}

2012-01-13 01:23:23 -------- d-----w- C:\Users\Jacque\AppData\Local\{45125803-159C-4EFE-B780-D6877C79B36A}

2012-01-13 01:23:13 -------- d-----w- C:\Users\Jacque\AppData\Local\{D7EBF19E-0D30-4370-97A3-DC429D3FD74D}

2012-01-11 21:00:29 -------- d-----w- C:\Users\Jacque\AppData\Local\{567FA963-E4BF-4045-A497-87F01CE02A81}

2012-01-11 21:00:18 -------- d-----w- C:\Users\Jacque\AppData\Local\{1B88770F-108C-42A2-B56A-B58F23FC124D}

2012-01-09 17:39:41 -------- d-----w- C:\Users\Jacque\AppData\Local\{D87BB675-9529-4CFE-8AB5-0175D03E53A4}

2012-01-09 17:39:31 -------- d-----w- C:\Users\Jacque\AppData\Local\{DA22553F-C228-4458-93BB-BE29B8977E50}

2012-01-07 17:54:06 98816 ----a-w- C:\Windows\sed.exe

2012-01-07 17:54:06 518144 ----a-w- C:\Windows\SWREG.exe

2012-01-07 17:54:06 256000 ----a-w- C:\Windows\PEV.exe

2012-01-07 17:54:06 208896 ----a-w- C:\Windows\MBR.exe

2012-01-07 17:49:46 -------- d-----w- C:\Users\Jacque\AppData\Local\{BFA1F461-13B7-47A1-8D84-1208CE2AEA0D}

2012-01-07 17:49:29 -------- d-----w- C:\Users\Jacque\AppData\Local\{7EA1BD2A-7DC3-402C-8752-1545B69638EE}

2012-01-06 15:33:57 -------- d-----w- C:\Users\Jacque\AppData\Local\{D9E5DCC9-C1AA-4910-81AA-A99936465817}

2012-01-06 15:33:46 -------- d-----w- C:\Users\Jacque\AppData\Local\{732D6F1D-E7FA-4AE5-BFEA-F30D48097215}

2012-01-05 21:15:26 -------- d-----w- C:\Users\Jacque\AppData\Local\{97E5EECA-5E97-434B-B7B0-24D14374E477}

2012-01-05 21:15:16 -------- d-----w- C:\Users\Jacque\AppData\Local\{469CFA3E-64EC-4F4D-BE9D-5EE8A7743F65}

2012-01-05 18:17:33 -------- d-----w- C:\Users\Jacque\AppData\Local\{D22E78B1-83FD-41B6-ACC7-EDCF5617AF6B}

2012-01-04 18:17:08 -------- d-----w- C:\Users\Jacque\AppData\Local\{29D0207A-23E8-4C8C-A1FB-8A252433A154}

2012-01-04 18:16:54 -------- d-----w- C:\Users\Jacque\AppData\Local\{7A90DB7F-BE6A-4DCA-A6EC-1B5F8D768B2C}

.

==================== Find3M ====================

.

2011-12-13 14:10:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-07 16:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-02 00:03:03 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-12-02 00:03:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-11-25 21:35:05 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll

2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys

2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll

2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll

2011-11-16 18:53:45 5359888 ----a-w- C:\Windows\uninst.exe

2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 15:34:35.69 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/30/2011 12:16:39 PM

System Uptime: 2/1/2012 2:23:47 PM (1 hours ago)

.

Motherboard: Gateway | | G33M05G1

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1600/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 586 GiB total, 477.431 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is FIXED (NTFS) - 466 GiB total, 414.832 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: NETGEAR WPN311 RangeMax Wireless PCI Adapter

Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5E001385&REV_01\4&31E4133E&0&08F0

Manufacturer: Atheros Communications Inc.

Name: NETGEAR WPN311 RangeMax Wireless PCI Adapter #3

PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5E001385&REV_01\4&31E4133E&0&08F0

Service: athr

.

==== System Restore Points ===================

.

RP586: 1/26/2012 11:14:15 AM - Scheduled Checkpoint

RP587: 1/27/2012 2:30:30 PM - Windows Update

RP588: 1/28/2012 8:59:17 PM - Scheduled Checkpoint

RP589: 1/29/2012 5:47:52 PM - Scheduled Checkpoint

RP590: 1/30/2012 4:38:29 PM - Scheduled Checkpoint

RP591: 1/31/2012 10:47:50 AM - Windows Update

.

==== Installed Programs ======================

.

Ad-Aware

Ad-Aware Security Toolbar

Adobe AIR

Adobe Reader 8.1.2

Apple Application Support

Apple Software Update

CameraHelperMsi

Canon MP Navigator EX 2.0

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Carbonite Online Backup Setup

Click to Call with Skype

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

CyberLink Power2Go

D3DX10

DING!

erLT

ESET Online Scanner v3

Freemake Video Converter version 2.1.0

GameSpy Arcade

Gateway Games

Gateway Recovery Management

Google Toolbar for Internet Explorer

Google Update Helper

Graboid Video 2.01

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

I Can Color!

iLivid

Info Center 1.0.0.7

IrfanView (remove only)

Junk Mail filter update

KB0817 Keyboard Driver

LabelPrint

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Run Time Lib Setup

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

muvee Reveal Seagate Edition

Napster

Napster Burn Engine

NETGEAR WNA3100 wireless USB 2.0 adapter

NETGEAR WPN311 Wireless Adapter

OpenOffice.org 3.3

Photo Explosion Deluxe

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Samsung PC Studio 3 USB Driver Installer

Seagate Manager Installer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Segoe UI

Skype™ 5.5

Smart Copy 3.1.1.1

Stronghold Crusader Extreme

TomTom HOME 2.8.1.2218

TomTom HOME Visual Studio Merge Modules

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update Installer for WildTangent Games App

Veetle TV

VLC media player 1.0.1

vShare.tv plugin 1.3

Wheel Of Fortune

WildTangent Games App (Gateway Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wizard101

.

==== Event Viewer Messages From Past Week ========

.

2/1/2012 2:24:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

2/1/2012 2:24:11 PM, Error: Service Control Manager [7000] - The int15 service failed to start due to the following error: A device attached to the system is not functioning.

1/30/2012 4:38:52 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

1/26/2012 10:02:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 10:01:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/26/2012 10:01:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/26/2012 10:01:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

1/26/2012 10:01:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Beep DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2012 10:01:24 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2012 1:39:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/26/2012 1:39:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/26/2012 1:39:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/26/2012 1:39:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/26/2012 1:39:27 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

1/26/2012 1:39:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep spldr Wanarpv6

1/26/2012 1:39:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Melitta! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Let's take a deeper look.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Hi Maniac! Thank you so much for helping! Here are the log files you asked for.

OTL logfile created on: 2/2/2012 6:12:56 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jacque\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 68.24% Memory free

12.09 Gb Paging File | 10.19 Gb Available in Paging File | 84.30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 586.40 Gb Total Space | 476.42 Gb Free Space | 81.25% Space Free | Partition Type: NTFS

Drive D: | 79.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive I: | 465.76 Gb Total Space | 414.83 Gb Free Space | 89.07% Space Free | Partition Type: NTFS

Computer Name: JACQUE-PC | User Name: Jacque | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 18:11:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jacque\Desktop\OTL.exe

PRC - [2011/12/01 18:03:04 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011/11/01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

PRC - [2011/10/21 03:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

PRC - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

PRC - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

PRC - [2009/12/18 13:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe

PRC - [2008/05/21 16:36:36 | 000,053,248 | ---- | M] (IOI) -- C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe

PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe

PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe

PRC - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe

PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/01 12:22:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll

MOD - [2011/11/01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

MOD - [2011/11/01 12:22:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll

MOD - [2011/11/01 12:22:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll

MOD - [2011/11/01 12:22:00 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll

MOD - [2011/11/01 12:22:00 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll

MOD - [2011/11/01 12:22:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll

MOD - [2011/11/01 12:22:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll

MOD - [2011/10/12 17:47:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MOD - [2011/10/12 17:44:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MOD - [2011/10/12 17:43:47 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011/10/12 17:43:36 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011/10/12 17:43:21 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll

MOD - [2011/10/12 17:42:29 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011/10/12 17:42:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll

MOD - [2009/03/29 23:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe

MOD - [2008/05/21 16:36:34 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\IOI\Smart Copy\IOIUSBLib.dll

MOD - [2008/05/21 16:36:34 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\IOI\Smart Copy\IOIHIDLib.dll

MOD - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/06/29 11:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)

SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011/03/31 23:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/03/09 06:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)

SRV - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

SRV - [2009/03/29 23:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)

DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2011/03/31 23:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)

DRV:64bit: - [2011/03/31 23:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2010/09/29 11:05:16 | 001,244,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2010/06/25 16:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/05 16:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)

DRV:64bit: - [2009/06/10 15:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2008/12/04 22:55:28 | 000,303,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®

DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/03/24 19:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007/07/03 19:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV:64bit: - [2007/06/29 11:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)

DRV:64bit: - [2007/06/20 06:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2007/06/20 06:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)

DRV:64bit: - [2007/06/20 06:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2007/05/02 11:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm)

DRV:64bit: - [2007/05/02 11:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV:64bit: - [2007/05/02 11:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl)

DRV:64bit: - [2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\scmndisp.sys -- (SCMNdisP)

DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

DRV - [2012/01/18 11:06:39 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)

DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 9F 5C 40 48 D8 CB 01 [binary data]

IE - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files (x86)\Guffins\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/01 18:03:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/18 14:54:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacque\AppData\Roaming\Mozilla\Extensions

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacque\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

[2012/01/18 11:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacque\AppData\Roaming\Mozilla\Firefox\Profiles\fsgyl71l.default\extensions

[2012/01/18 11:03:09 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Jacque\AppData\Roaming\Mozilla\Firefox\Profiles\fsgyl71l.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

[2011/11/18 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/24 14:00:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O3:64bit: - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()

O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)

O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.)

O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1643210993-2232105442-2364694577-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC6B3EB-D5AC-4AF8-944D-1F82FBE7CA60}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/10/03 09:16:48 | 002,129,920 | R--- | M] (Fuji Photo Film USA) - D:\AUTORUN.EXE -- [ CDFS ]

O32 - AutoRun File - [2006/10/03 09:16:48 | 000,004,710 | R--- | M] () - D:\AUTORUN.ICO -- [ CDFS ]

O32 - AutoRun File - [2006/10/03 09:16:48 | 000,000,431 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2012/01/24 13:30:29 | 000,000,062 | ---- | M] () - I:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 18:11:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jacque\Desktop\OTL.exe

[2012/02/02 18:06:34 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{F93648B9-8A81-43E1-860B-88FF033C0A38}

[2012/02/02 18:06:23 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{BDBBCC36-0299-4D61-A669-495E170DA7ED}

[2012/02/01 16:43:52 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{BBB75232-46A9-4C55-B15E-E97AFB666BE9}

[2012/02/01 16:43:39 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{BC1BDDF3-EF3C-4CC6-8DA9-06044F3FC5B6}

[2012/02/01 15:33:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jacque\Desktop\dds.com

[2012/01/31 12:32:33 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{CE38DC45-4D62-44E4-82FD-979DF9E9648F}

[2012/01/31 12:32:23 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{A3159902-850E-42F7-B5EF-BB07F33FCED7}

[2012/01/29 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{BDD7FD9F-5424-45D3-B9C2-8455F9F6D779}

[2012/01/29 13:10:53 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{C013603A-A8FF-487C-B0C7-885676CA6937}

[2012/01/25 20:55:35 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{517C4FD2-919B-4619-B0D3-BA90AE4C9066}

[2012/01/25 20:55:22 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{FBC6492A-98E6-4EC3-BCBE-1978FFB51238}

[2012/01/25 12:09:55 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012/01/25 08:54:58 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{1AE1C039-30BA-4F85-A0B0-43C7E6997C00}

[2012/01/25 08:54:48 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{48BA095E-068C-4CCC-9A2C-6D243346C8EC}

[2012/01/24 14:07:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/01/24 14:03:03 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/01/24 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\temp

[2012/01/24 12:06:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jacque\Desktop\aswMBR.exe

[2012/01/24 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{D5C135FF-D3FA-48A8-9C3B-7B850E25BE20}

[2012/01/24 11:43:45 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{FF45F0BA-CD6C-4C4F-BC3D-3E8AC267492E}

[2012/01/23 15:21:15 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{C848C340-B701-4838-B439-06592D21FBCC}

[2012/01/23 15:21:04 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{3B4CA9DF-8BF4-4190-856C-9A6464AF376D}

[2012/01/20 17:10:43 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{52CD958B-F522-43A0-A814-3E4FC350952B}

[2012/01/20 17:10:33 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{BD9FF549-D072-4793-8F13-AE7C2F1808DB}

[2012/01/19 15:16:23 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{61EDE3C9-838C-4388-8829-602BC3657153}

[2012/01/19 15:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{E3596003-7C15-4DA7-A34D-08075E1C1282}

[2012/01/18 11:06:39 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2012/01/18 11:03:38 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\adaware

[2012/01/18 11:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012/01/18 11:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner

[2012/01/18 11:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb

[2012/01/18 11:03:03 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

[2012/01/18 11:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2012/01/18 11:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2012/01/18 11:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2012/01/17 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{5AA522B9-5F7F-475F-9606-5E995B3FFF8F}

[2012/01/17 11:41:32 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{D659AEA5-7B25-441F-9FBF-D04CC2818E47}

[2012/01/16 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{571680A1-2D9C-47B3-BCB3-B7F51E82CEDC}

[2012/01/16 11:45:01 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{839AE9E8-D18D-4364-A17C-0399419C49A1}

[2012/01/13 17:13:47 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{D9D4B3DD-BD26-40DF-8FE8-FDF6D47B19EE}

[2012/01/13 17:13:37 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{861D2DA2-4FF1-4312-84AD-66C8812EB7F6}

[2012/01/12 19:23:23 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{45125803-159C-4EFE-B780-D6877C79B36A}

[2012/01/12 19:23:13 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{D7EBF19E-0D30-4370-97A3-DC429D3FD74D}

[2012/01/11 15:00:29 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{567FA963-E4BF-4045-A497-87F01CE02A81}

[2012/01/11 15:00:18 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{1B88770F-108C-42A2-B56A-B58F23FC124D}

[2012/01/09 11:39:41 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{D87BB675-9529-4CFE-8AB5-0175D03E53A4}

[2012/01/09 11:39:31 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{DA22553F-C228-4458-93BB-BE29B8977E50}

[2012/01/07 13:17:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jacque\Desktop\HijackThis.exe

[2012/01/07 11:54:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/01/07 11:54:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/01/07 11:54:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/01/07 11:53:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/01/07 11:53:21 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/01/07 11:49:46 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{BFA1F461-13B7-47A1-8D84-1208CE2AEA0D}

[2012/01/07 11:49:29 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{7EA1BD2A-7DC3-402C-8752-1545B69638EE}

[2012/01/06 09:33:57 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{D9E5DCC9-C1AA-4910-81AA-A99936465817}

[2012/01/06 09:33:46 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{732D6F1D-E7FA-4AE5-BFEA-F30D48097215}

[2012/01/05 15:15:26 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{97E5EECA-5E97-434B-B7B0-24D14374E477}

[2012/01/05 15:15:16 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{469CFA3E-64EC-4F4D-BE9D-5EE8A7743F65}

[2012/01/05 12:17:33 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{D22E78B1-83FD-41B6-ACC7-EDCF5617AF6B}

[2012/01/04 12:17:08 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{29D0207A-23E8-4C8C-A1FB-8A252433A154}

[2012/01/04 12:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jacque\AppData\Local\{7A90DB7F-BE6A-4DCA-A6EC-1B5F8D768B2C}

========== Files - Modified Within 30 Days ==========

[2012/02/02 18:15:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/02 18:11:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jacque\Desktop\OTL.exe

[2012/02/02 18:10:36 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/02 18:10:36 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/02 18:10:36 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/02 18:05:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/02 18:04:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/02 18:04:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/02 18:04:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/01 15:33:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jacque\Desktop\dds.com

[2012/02/01 14:24:15 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat

[2012/02/01 14:24:15 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat

[2012/01/30 20:37:33 | 000,053,248 | ---- | M] () -- C:\Users\Jacque\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/29 13:11:51 | 000,000,235 | ---- | M] () -- C:\Windows\ulead32.ini

[2012/01/26 14:09:06 | 000,693,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/01/26 13:45:04 | 000,000,680 | ---- | M] () -- C:\Users\Jacque\AppData\Local\d3d9caps.dat

[2012/01/24 14:00:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/01/24 12:46:46 | 000,000,487 | ---- | M] () -- C:\Users\Jacque\Documents\MBR.zip

[2012/01/24 12:42:56 | 000,000,512 | ---- | M] () -- C:\Users\Jacque\Documents\MBR.dat

[2012/01/24 12:06:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jacque\Desktop\aswMBR.exe

[2012/01/18 11:06:39 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2012/01/18 11:06:38 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe

[2012/01/18 11:03:05 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2012/01/07 13:17:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jacque\Desktop\HijackThis.exe

[2012/01/07 11:56:45 | 000,000,561 | ---- | M] () -- C:\Users\Jacque\Desktop\ComboFix.exe - Shortcut.lnk

[2012/01/05 18:35:47 | 000,005,835 | ---- | M] () -- C:\Users\Jacque\Documents\My Movie.wlmp

[2012/01/05 12:32:57 | 000,000,530 | ---- | M] () -- C:\Users\Jacque\Desktop\TFC - Shortcut.lnk

[2012/01/05 12:19:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/01/05 10:25:02 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/01/26 13:40:03 | 000,000,680 | ---- | C] () -- C:\Users\Jacque\AppData\Local\d3d9caps.dat

[2012/01/24 12:46:46 | 000,000,487 | ---- | C] () -- C:\Users\Jacque\Documents\MBR.zip

[2012/01/21 11:04:07 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2012/01/21 11:04:07 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2012/01/18 14:32:15 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe

[2012/01/18 11:03:05 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2012/01/07 11:56:45 | 000,000,561 | ---- | C] () -- C:\Users\Jacque\Desktop\ComboFix.exe - Shortcut.lnk

[2012/01/07 11:54:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/01/07 11:54:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/01/07 11:54:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/01/07 11:54:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/01/07 11:54:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/01/05 16:09:13 | 000,005,835 | ---- | C] () -- C:\Users\Jacque\Documents\My Movie.wlmp

[2012/01/05 12:32:57 | 000,000,530 | ---- | C] () -- C:\Users\Jacque\Desktop\TFC - Shortcut.lnk

[2011/11/18 17:34:13 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini

[2011/09/14 20:14:40 | 000,000,274 | ---- | C] () -- C:\Windows\disney.ini

[2011/09/03 11:45:35 | 000,000,328 | ---- | C] () -- C:\Windows\wininit.ini

[2011/06/26 15:52:52 | 000,016,703 | ---- | C] () -- C:\Windows\cscmondump.bin

[2011/04/15 19:35:03 | 000,000,235 | ---- | C] () -- C:\Windows\ulead32.ini

[2011/03/31 23:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2011/03/31 23:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011/03/31 23:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2011/03/15 19:38:35 | 000,053,248 | ---- | C] () -- C:\Users\Jacque\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/21 15:57:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/01/31 16:40:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011/01/31 16:40:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011/01/31 16:39:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011/01/31 10:02:31 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011/01/30 17:31:52 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/01/30 12:56:38 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007/01/02 03:12:02 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe

[2007/01/02 03:12:02 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll

[2007/01/02 03:12:02 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe

[2007/01/02 03:12:02 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini

[2007/01/02 02:26:58 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin

[2007/01/02 02:26:58 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin

[2007/01/02 02:26:58 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin

[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== LOP Check ==========

[2011/09/27 09:20:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Canon

[2011/12/25 09:52:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\HTC

[2011/08/24 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org

[2011/09/11 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Template

[2011/12/17 08:19:24 | 000,000,000 | ---D | M] -- C:\Users\Harley\AppData\Roaming\HTC

[2011/11/20 09:28:13 | 000,000,000 | ---D | M] -- C:\Users\Harley\AppData\Roaming\IObit

[2011/09/06 20:49:13 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\Bandoo

[2011/02/22 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\Canon

[2011/12/14 08:12:12 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\HTC

[2012/01/25 12:09:55 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2011/11/18 19:36:58 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\IObit

[2011/06/01 14:22:12 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\IrfanView

[2011/01/31 19:09:30 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\Leadertech

[2011/02/21 19:24:04 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\Ludia

[2011/11/24 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\muvee Technologies

[2011/02/10 14:18:32 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\OpenOffice.org

[2011/11/16 12:54:15 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\PC Cleaners

[2011/02/12 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\PlayFirst

[2011/06/17 10:34:58 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\School Zone Preferences

[2011/04/06 09:04:33 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\Southwest Airlines

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\TomTom

[2011/06/09 21:00:11 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\Wal-Mart Digital Photo Viewer

[2011/01/31 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\Jacque\AppData\Roaming\Windows Live Writer

[2011/12/19 15:09:37 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\HTC

[2012/02/01 21:34:02 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 2/2/2012 6:12:56 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jacque\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 68.24% Memory free

12.09 Gb Paging File | 10.19 Gb Available in Paging File | 84.30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 586.40 Gb Total Space | 476.42 Gb Free Space | 81.25% Space Free | Partition Type: NTFS

Drive D: | 79.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive I: | 465.76 Gb Total Space | 414.83 Gb Free Space | 89.07% Space Free | Partition Type: NTFS

Computer Name: JACQUE-PC | User Name: Jacque | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = C9 7E C3 1B 9B C1 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2906035B-DCB4-469F-8E84-7CE85EA83DDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A5514C4E-29B4-4267-AEAD-60396649E3EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{097E7410-03F2-49BE-BC6B-F0CF23D0216C}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |

"{23E88A3F-7FA6-4D40-9B4A-634BD7A1A5BF}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |

"{35F4D5FB-2EFD-4CB6-96F2-C9F78E09AAE4}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |

"{5FCF8F2D-0DFF-46BE-9E57-C91A08741F9F}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |

"{613FCBE0-D706-4D4F-969A-13B03CA4A0D6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{679510C9-CB34-4D3B-9CB6-5C6F530C79BE}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |

"{7322E954-9A2F-473F-BF02-5CC571B1C623}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{A2E0EB4B-E9DC-40C4-8646-4FC0CFE201A9}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |

"{A313061B-5DA4-40ED-9164-3EE0917F823E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{B1AD5252-78A8-4489-91DB-E8EBD5FD8C90}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |

"{B39388D0-4B76-4099-965D-607AE610E22F}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |

"{BB4B48A5-C3EE-4078-9B97-CB855FB71E5E}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{EDBCC59C-0162-4AF9-903F-DA56B9513F64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F461624C-BB3A-44D5-8674-A047A731BBAC}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |

"{F979252F-ADBF-4FB7-9A0B-60DE3B6DB791}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{090A4D4C-24B2-4248-BFF2-AC30D2E0676B}" = Marvell® Wireless Card Software Package

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety

"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java 7 Update 1 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"1EFD9305E55D6B6233B8B05A64C497A2FA674940" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/07/2011 6.0.1.6410)

"36BAD5F3BCA713E142BDC6797544DECF1FFC04E1" = Windows Driver Package - Intel (e1express) Net (12/04/2008 9.12.36.0)

"960276D4468F51B7508C913F37271CDEB08036BF" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (04/06/2011 6.0.1.6343)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"C050A7EC6F54B7E81493084506AEEC2EFD133BA0" = Windows Driver Package - Intel USB (12/03/2008 8.3.1.1011)

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP

"E02E735B11724817C79FED4CEFF02A592A2F171E" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/14/2011 6.0.1.6392)

"E855F98789D51B470CD6AA7B23BC1768738E0811" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (08/30/2011 6.0.1.6449)

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"PROSet" = Intel® Network Connections Drivers

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{526B2AE8-73DF-4CE0-B140-9968677A7C93}" = HTC Sync

"{5360DF11-A876-460B-9953-6817AA2BF9D5}" = Photo Explosion Deluxe

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme

"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup

"{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"adawaretb" = Ad-Aware Security Toolbar

"Adobe AIR" = Adobe AIR

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Carbonite Setup Lite" = Carbonite Online Backup Setup

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ESET Online Scanner" = ESET Online Scanner v3

"Freemake Video Converter_is1" = Freemake Video Converter version 2.1.0

"GameSpy Arcade" = GameSpy Arcade

"Graboid Video" = Graboid Video 2.01

"I Can Color!" = I Can Color!

"iLivid" = iLivid

"Info Center_is1" = Info Center 1.0.0.7

"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer

"InstallShield_{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter

"IrfanView" = IrfanView (remove only)

"Logitech Vid" = Logitech Vid HD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Money2007b" = Microsoft Money Essentials

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"Smart Copy" = Smart Copy 3.1.1.1

"TomTom HOME" = TomTom HOME 2.8.1.2218

"Veetle TV" = Veetle TV

"VLC media player" = VLC media player 1.0.1

"vShare.tv plugin" = vShare.tv plugin 1.3

"Wheel Of Fortune" = Wheel Of Fortune

"WildTangent gateway Master Uninstall" = Gateway Games

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1643210993-2232105442-2364694577-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/21/2012 12:24:20 PM | Computer Name = Jacque-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/22/2012 12:28:39 PM | Computer Name = Jacque-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/22/2012 3:13:43 PM | Computer Name = Jacque-PC | Source = Application Error | ID = 1000

Description = Faulting application WNA3100.exe, version 1.1.2.16, time stamp 0x4b56d06c,

faulting module WNA3100.exe, version 1.1.2.16, time stamp 0x4b56d06c, exception

code 0x40000015, fault offset 0x000725a2, process id 0xce4, application start time

0x01ccd92302998978.

Error - 1/23/2012 5:19:05 PM | Computer Name = Jacque-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/24/2012 12:45:26 PM | Computer Name = Jacque-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/24/2012 2:29:41 PM | Computer Name = Jacque-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/24/2012 3:30:29 PM | Computer Name = Jacque-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/24/2012 10:52:34 PM | Computer Name = Jacque-PC | Source = Application Error | ID = 1000

Description = Faulting application WNA3100.exe, version 1.1.2.16, time stamp 0x4b56d06c,

faulting module WNA3100.exe, version 1.1.2.16, time stamp 0x4b56d06c, exception

code 0x40000015, fault offset 0x000725a2, process id 0xf74, application start time

0x01ccdad2c9f7279e.

Error - 1/25/2012 10:51:45 AM | Computer Name = Jacque-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/25/2012 10:57:52 AM | Computer Name = Jacque-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 2/1/2012 4:24:13 PM | Computer Name = Jacque-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 2/2/2012 11:56:24 AM | Computer Name = Jacque-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/2/2012 11:56:24 AM | Computer Name = Jacque-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 2/2/2012 11:56:24 AM | Computer Name = Jacque-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 2/2/2012 11:56:26 AM | Computer Name = Jacque-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 2/2/2012 8:04:21 PM | Computer Name = Jacque-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:00:11 AM on 2/2/2012 was unexpected.

Error - 2/2/2012 8:04:28 PM | Computer Name = Jacque-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/2/2012 8:04:28 PM | Computer Name = Jacque-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 2/2/2012 8:04:29 PM | Computer Name = Jacque-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 2/2/2012 8:04:30 PM | Computer Name = Jacque-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

< End of report >

Link to post
Share on other sites

Please uninstall Ad-Aware Security Toolbar and next:

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files (x86)\Guffins\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
[2012/01/26 13:40:03 | 000,000,680 | ---- | C] () -- C:\Users\Jacque\AppData\Local\d3d9caps.dat

:files
C:\Program Files (x86)\Guffins
C:\Program Files (x86)\MyWebSearch
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply and let me know if there is any change.

Link to post
Share on other sites

Here is the log. I am still getting the error :( I really appreciate you trying to help!

All processes killed

========== OTL ==========

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files (x86)\Guffins\bar\1.bin not found.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin not found.

File C:\Users\Jacque\AppData\Local\d3d9caps.dat not found.

========== FILES ==========

File\Folder C:\Program Files (x86)\Guffins not found.

File\Folder C:\Program Files (x86)\MyWebSearch not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Jacque\Desktop\cmd.bat deleted successfully.

C:\Users\Jacque\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

->Temp folder emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Harley

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jacque

->Temp folder emptied: 1854758 bytes

->Temporary Internet Files folder emptied: 4971977 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 661 bytes

User: KC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3576 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02032012_141237

Files\Folders moved on Reboot...

File\Folder C:\Users\Jacque\AppData\Local\Temp\~DF9DF1.tmp not found!

File\Folder C:\Users\Jacque\AppData\Local\Temp\~DF9DFB.tmp not found!

File\Folder C:\Users\Jacque\AppData\Local\Temp\~DFA38F.tmp not found!

File\Folder C:\Users\Jacque\AppData\Local\Temp\~DFA39C.tmp not found!

File\Folder C:\Users\Jacque\AppData\Local\Temp\~DFAC96.tmp not found!

File\Folder C:\Users\Jacque\AppData\Local\Temp\~DFACAF.tmp not found!

File\Folder C:\Users\Jacque\AppData\Local\Temp\~DFB421.tmp not found!

File\Folder C:\Users\Jacque\AppData\Local\Temp\~DFB426.tmp not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

ComboFix 12-01-23.02 - Jacque 02/03/2012 19:32:54.5.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4157 [GMT -6:00]

Running from: c:\users\Jacque\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

I:\autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))

.

.

2012-02-04 01:42 . 2012-02-04 01:43 -------- d-----w- c:\users\Jacque\AppData\Local\temp

2012-02-04 01:42 . 2012-02-04 01:42 -------- d-----w- c:\users\KC\AppData\Local\temp

2012-02-04 01:42 . 2012-02-04 01:42 -------- d-----w- c:\users\Harley\AppData\Local\temp

2012-02-04 01:42 . 2012-02-04 01:42 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-02-04 01:42 . 2012-02-04 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-03 20:10 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EC3EF72-C57D-47D1-ADD9-3CACA6943147}\mpengine.dll

2012-02-03 19:46 . 2012-02-03 19:46 -------- d-----w- C:\_OTL

2012-02-01 20:24 . 2012-02-01 20:27 -------- d-----w- c:\users\Guest\AppData\Local\adaware

2012-01-31 02:27 . 2012-01-31 02:27 -------- d-----w- c:\users\Public\New Folder (2)

2012-01-31 02:27 . 2012-01-31 02:27 -------- d-----w- c:\users\Public\New Folder

2012-01-30 00:04 . 2012-01-30 00:04 -------- d-----w- c:\users\KC\AppData\Local\adaware

2012-01-25 18:09 . 2012-01-25 18:09 -------- d-----w- c:\users\Jacque\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2012-01-20 00:46 . 2012-01-22 16:30 -------- d-----w- c:\users\Harley\AppData\Local\Windows Live

2012-01-19 22:21 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-19 22:21 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll

2012-01-19 22:21 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll

2012-01-19 22:21 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-19 22:21 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll

2012-01-19 22:21 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll

2012-01-19 22:21 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll

2012-01-19 22:21 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll

2012-01-19 22:21 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe

2012-01-19 00:13 . 2012-01-19 00:13 -------- d-----w- c:\users\Harley\AppData\Local\Mozilla

2012-01-18 22:11 . 2012-01-18 22:11 -------- d-----w- c:\users\Harley\AppData\Local\adaware

2012-01-18 17:06 . 2012-01-18 17:06 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-01-18 17:03 . 2012-01-18 17:03 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-01-18 17:02 . 2012-02-04 01:30 -------- d-----w- c:\programdata\Lavasoft

2012-01-18 17:02 . 2012-01-18 17:02 -------- d-----w- c:\program files (x86)\Lavasoft

2012-01-15 03:09 . 2012-01-15 03:10 -------- d-----w- c:\users\KC\AppData\Roaming\vlc

2012-01-15 00:40 . 2012-01-15 00:40 -------- d-----w- c:\users\KC\AppData\Local\Mozilla

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 06:52 . 2011-01-30 23:47 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-15 22:12 . 2011-12-15 22:12 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-13 14:10 . 2011-06-02 12:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-12 03:29 . 2011-12-12 03:29 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-12-12 03:29 . 2011-12-12 03:29 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

2011-12-10 21:24 . 2011-11-19 00:19 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-02 00:03 . 2011-12-02 00:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-12-02 00:03 . 2011-12-02 00:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-11-28 18:01 . 2011-11-30 18:19 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-25 21:35 . 2011-11-25 21:35 627600 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-23 13:57 . 2011-12-15 20:01 2764800 ----a-w- c:\windows\system32\win32k.sys

2011-11-16 18:53 . 2011-11-16 18:54 5359888 ----a-w- c:\windows\uninst.exe

2011-11-08 14:58 . 2011-12-15 20:02 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-08 14:42 . 2011-12-15 20:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-01-24_18.37.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 03:20 . 2012-02-03 20:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2012-01-24 18:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-20 19:57 . 2012-02-03 20:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-01-20 19:57 . 2012-01-24 18:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2012-02-03 20:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-01-21 03:20 . 2012-01-24 18:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2012-02-03 20:15 68460 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2006-11-02 15:45 . 2012-01-24 16:56 75016 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-02-03 20:15 75016 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-12 14:10 . 2012-01-30 21:23 10800 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1643210993-2232105442-2364694577-1002_UserData.bin

+ 2011-01-30 18:24 . 2012-02-03 20:15 15620 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1643210993-2232105442-2364694577-1000_UserData.bin

+ 2009-06-10 21:46 . 2009-06-10 21:46 31744 c:\windows\system32\drivers\ANDROIDUSB.sys

+ 2011-01-30 18:21 . 2012-02-03 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-30 18:21 . 2012-01-22 16:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-02-03 20:31 . 2012-02-03 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-01-20 22:56 . 2012-01-22 16:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-01-30 18:21 . 2012-02-03 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-30 18:21 . 2012-01-22 16:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-02-01 21:10 . 2012-02-01 21:10 22016 c:\windows\Installer\2ae038.msi

+ 2011-03-05 14:51 . 2012-02-02 15:58 6780 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1643210993-2232105442-2364694577-501_UserData.bin

+ 2012-02-03 19:57 . 2012-02-03 20:10 2538 c:\windows\SoftwareDistribution\EventCache\{093D390F-A1DB-4888-B734-3F9498710899}.bin

- 2012-01-24 18:29 . 2012-01-24 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-04 01:43 . 2012-02-04 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-04 01:43 . 2012-02-04 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-24 18:29 . 2012-01-24 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 12:46 . 2012-02-03 20:18 604502 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2012-01-24 18:34 604502 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2012-01-24 18:34 104202 c:\windows\system32\perfc009.dat

+ 2006-11-02 12:46 . 2012-02-03 20:18 104202 c:\windows\system32\perfc009.dat

+ 2006-11-02 15:21 . 2012-01-26 20:09 693664 c:\windows\system32\FNTCACHE.DAT

- 2006-11-02 15:21 . 2011-12-16 01:21 693664 c:\windows\system32\FNTCACHE.DAT

- 2011-02-01 04:52 . 2012-01-24 18:28 517432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-01 04:52 . 2012-02-04 01:42 517432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-06-09 19:41 . 2009-06-09 19:41 1122664 c:\windows\system32\WdfCoInstaller01007.dll

+ 2011-09-02 04:22 . 2012-02-02 03:34 6003608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643210993-2232105442-2364694577-501-8192.dat

+ 2011-05-09 02:24 . 2012-02-04 01:42 4625504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643210993-2232105442-2364694577-1002-8192.dat

+ 2011-04-27 02:07 . 2012-02-03 19:53 8526468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643210993-2232105442-2364694577-1000-12288.dat

- 2011-04-27 02:07 . 2012-01-05 18:51 8526468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643210993-2232105442-2364694577-1000-12288.dat

+ 2011-06-05 04:24 . 2012-02-04 01:42 10792420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643210993-2232105442-2364694577-1001-8192.dat

+ 2011-02-01 04:52 . 2012-02-04 01:42 13798384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643210993-2232105442-2364694577-1000-8192.dat

+ 2011-04-27 02:07 . 2012-02-04 01:42 39818576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643210993-2232105442-2364694577-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-30 68856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]

"LedKey"="CNYHKey.exe" [2008-04-24 339968]

"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]

"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-21 53248]

"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2011-09-26 24216]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-02 296056]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-3-14 4562944]

NETGEAR WPN311 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WPN311\wlancfg5.exe [2007-4-10 1695744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 02:40]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 02:40]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 138264]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Jacque\AppData\Roaming\Mozilla\Firefox\Profiles\fsgyl71l.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

c:\windows\MHotKey.exe

c:\windows\ChiFuncExt.exe

c:\windows\CNYHKey.exe

c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\windows\ModLedKey.exe

.

**************************************************************************

.

Completion time: 2012-02-03 19:48:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-04 01:48

ComboFix2.txt 2012-01-24 20:03

ComboFix3.txt 2012-01-24 18:40

ComboFix4.txt 2012-01-07 18:52

.

Pre-Run: 521,165,152,256 bytes free

Post-Run: 520,919,814,144 bytes free

.

- - End Of File - - F5BDC7FD25508DCE159C94E60D41E57F

Link to post
Share on other sites

I'm not getting the errors as frequently, but I am still getting them. I'm able to switch between more pages before I get the error and so far, I've only had to hit refresh once and the page loads. Before I would have to hit the refresh button almost ever time I changed pages and then I would have to refresh one page several times before it would load...so it's getting better. I really, really appreciate you helping!

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

I'm not sure why, but Eset did not give me a log. The scan said nothing was found and nothing was removed.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.04.03

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Jacque :: JACQUE-PC [administrator]

2/4/2012 9:34:00 AM

mbam-log-2012-02-04 (09-34-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 243071

Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Everytime I try to post the Kaspersky log, I copy and paste and after about 5 minutes I get...Malwarebytes.org is not responding. I've tried this several times and each time I get the not responding message. The Kaspersky log reported there were not any detections, if that helps.

Link to post
Share on other sites

I'm not getting the errors as frequently, but I am still getting them. I'm able to switch between more pages before I get the error and so far, I've only had to hit refresh once and the page loads. Before I would have to hit the refresh button almost ever time I changed pages and then I would have to refresh one page several times before it would load...so it's getting better. I really, really appreciate you helping!

Do you experience the problem with specific browser or with all of them?

Link to post
Share on other sites

I use IE 99% of the time, just because it is the one I am most familiar with. When I did try and use FireFox, I would get the "session timed out" error. HOWEVER, I think somehow we may have got what was causing the problem. I haven't had an IE error in 2 days. Granted I haven't been on here (my kids are out of school for 3 days), but I've been watching them play on the computer and I didn't see them get the error either. I thank you SO much for helping me out. Just out of curiousity, could it have been my Netgear wireless adapter causing it? I had an update for it Monday, I tried to install it. Install failed and it disconnected my wireless signal. I managed to get the signal back, but the install kept failing. After trying to do the install, I haven't had an IE error since then. Does it make sence that my wireless signal would cause the IE error?

Link to post
Share on other sites

This is no reason, do not worry. Let's try something with your router:

Go to Start => Control Panel, and choose Network Connections.

Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.

Click the Networking tab

Double-click on the Internet Protocol (TCP/IP) item.

Write down the settings in case you should need to change them back.

Select the radio button that says "Obtain DNS servers automatically".

Click OK twice to get out of the properties screen and restart your computer.

If not prompted to reboot go ahead and reboot manually.

Next,

In FireFox

Click on Tools => Options => Advanced => Network and there Setttings…

the No Proxy option should be selected.

Next,

Let’s try to reset the router to its default configuration.

This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.

Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

If you don’t know the router's default password, you can look it up. HERE

You also need to reconfigure any security settings you had in place prior to the reset.

You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Let me know.

Link to post
Share on other sites

Everything seems to be the same. I haven't gotten an error today, but got 2 yesterday. I did a lot of use of the computer yesterday and to only get two erros was fantastic! LOL. The other problem I have right now, is everytime I start up the computer the Kaspersky Removal Tool wants to load. I have search files and programs, but I am not finding anything Kaspersky. At start up, it flashes on the desktop, I have to either continue or cancel it everytime. Is there a way to remove it? Again, thank you so much for all of your help!

Link to post
Share on other sites

I reset IE 9, but even before I did that, my computer is doing horrible now. I can't switch pages or even load my home page without getting the IE error. I did the IE reset, I didn't check the Delete Personal Settings box. Should I do another reset and check that box? Will I lose all my bookmarks if I delete the Personal Settings? I am going to run Malwarebytes and Ad Aware full scans and see if something comes up. I have no idea why one day the computer works just fine, then the next it is doing horrible. I am so sorry to be such a pain to you. :(

Link to post
Share on other sites

  1. Double click the aswMBR.exe to run it
    aswMBR1.png
  2. Click the [scan] button to start scan
    aswMBR2.png
  3. On completion of the scan click [save log], save it to your desktop and post in your next reply.

Next,

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Post both of them in your next reply.

Link to post
Share on other sites

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software

Run date: 2012-02-10 16:37:06

-----------------------------

16:37:06.857 OS Version: Windows x64 6.0.6002 Service Pack 2

16:37:06.857 Number of processors: 4 586 0xF0B

16:37:06.857 ComputerName: JACQUE-PC UserName: Jacque

16:37:09.072 Initialize success

16:38:43.724 AVAST engine defs: 12021001

16:38:57.873 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

16:38:57.873 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3

16:38:57.873 Disk 0 MBR read successfully

16:38:57.889 Disk 0 MBR scan

16:38:57.889 Disk 0 unknown MBR code

16:38:57.889 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63

16:38:57.905 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096

16:38:57.920 Service scanning

16:38:59.059 Modules scanning

16:38:59.059 Disk 0 trace - called modules:

16:38:59.059 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

16:38:59.075 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008195790]

16:38:59.075 3 CLASSPNP.SYS[fffffa6000eb2c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006748050]

16:39:00.822 AVAST engine scan C:\Windows

16:39:04.925 AVAST engine scan C:\Windows\system32

16:40:18.806 AVAST engine scan C:\Windows\system32\drivers

16:40:38.150 AVAST engine scan C:\Users\Jacque

16:42:22.530 Disk 0 MBR has been saved successfully to "C:\Users\Jacque\Desktop\MBR.dat"

16:42:22.545 The log file has been saved successfully to "C:\Users\Jacque\Desktop\aswMBR.txt"

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: Phoenix Technologies, LTD

System Manufacturer: Gateway

System Product Name: DX4710-05

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 143):

0x0280A000 \SystemRoot\system32\ntoskrnl.exe

0x02D22000 \SystemRoot\system32\hal.dll

0x0060B000 \SystemRoot\system32\kdcom.dll

0x00615000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00650000 \SystemRoot\system32\PSHED.dll

0x00664000 \SystemRoot\system32\CLFS.SYS

0x006C1000 \SystemRoot\system32\CI.dll

0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008AB000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008BA000 \SystemRoot\system32\drivers\acpi.sys

0x00910000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00919000 \SystemRoot\system32\drivers\msisadrv.sys

0x00923000 \SystemRoot\system32\drivers\pci.sys

0x00953000 \SystemRoot\System32\drivers\partmgr.sys

0x00968000 \SystemRoot\system32\drivers\volmgr.sys

0x0097C000 \SystemRoot\System32\drivers\volmgrx.sys

0x009E2000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A0F000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x00B12000 \SystemRoot\system32\drivers\atapi.sys

0x00B1A000 \SystemRoot\system32\drivers\ataport.SYS

0x00B3E000 \SystemRoot\system32\drivers\fltmgr.sys

0x00B85000 \SystemRoot\system32\drivers\fileinfo.sys

0x00B99000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x00BAE000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x00773000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00C0B000 \SystemRoot\system32\drivers\ndis.sys

0x00E08000 \SystemRoot\system32\drivers\msrpc.sys

0x00E58000 \SystemRoot\system32\drivers\NETIO.SYS

0x0100E000 \SystemRoot\System32\drivers\tcpip.sys

0x01182000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x011AE000 \SystemRoot\system32\DRIVERS\scmndisp.sys

0x0120E000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0138E000 \SystemRoot\system32\drivers\volsnap.sys

0x013D2000 \SystemRoot\System32\Drivers\spldr.sys

0x013DA000 \SystemRoot\System32\Drivers\mup.sys

0x011B8000 \SystemRoot\System32\drivers\ecache.sys

0x013EC000 \SystemRoot\system32\drivers\disk.sys

0x00EB1000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x01200000 \SystemRoot\system32\drivers\crcdisk.sys

0x011F2000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x01000000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x00FE0000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x02605000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x02E07000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x02EEA000 \SystemRoot\System32\drivers\watchdog.sys

0x02EFA000 \SystemRoot\system32\DRIVERS\e1e6032e.sys

0x02F47000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x02F53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02F99000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0300E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x030FB000 \SystemRoot\system32\DRIVERS\CAXHWBS2.sys

0x0316A000 \SystemRoot\system32\DRIVERS\ks.sys

0x03202000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x0340C000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x034D7000 \SystemRoot\system32\drivers\modem.sys

0x034E6000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x034F8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x03508000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03524000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x0355D000 \SystemRoot\system32\DRIVERS\storport.sys

0x035BA000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x035C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x035EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03374000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x033A5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x033B5000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x033D3000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x033EB000 \SystemRoot\system32\DRIVERS\termdd.sys

0x0319E000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03400000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x035F6000 \SystemRoot\system32\DRIVERS\swenum.sys

0x031AC000 \SystemRoot\system32\DRIVERS\circlass.sys

0x031BD000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x031C8000 \SystemRoot\system32\DRIVERS\umbus.sys

0x02FAA000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x031D8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04005000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x042F1000 \SystemRoot\system32\drivers\portcls.sys

0x0432C000 \SystemRoot\system32\drivers\drmk.sys

0x0434F000 \SystemRoot\system32\drivers\ksthunk.sys

0x04355000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x0435F000 \SystemRoot\System32\Drivers\Null.SYS

0x04373000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x0437B000 \SystemRoot\System32\drivers\vga.sys

0x04389000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x043AE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x043B7000 \SystemRoot\system32\drivers\rdpencdd.sys

0x043C0000 \SystemRoot\System32\Drivers\Msfs.SYS

0x043CB000 \SystemRoot\System32\Drivers\Npfs.SYS

0x043DC000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x02D61000 \SystemRoot\system32\DRIVERS\tdx.sys

0x043E5000 \SystemRoot\system32\DRIVERS\smb.sys

0x02D7E000 \SystemRoot\system32\drivers\afd.sys

0x00BBA000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04368000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x00DCE000 \SystemRoot\system32\DRIVERS\pacer.sys

0x031EC000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04405000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04420000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x0446D000 \SystemRoot\system32\drivers\nsiproxy.sys

0x04479000 \SystemRoot\System32\Drivers\dfsc.sys

0x04496000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x044B2000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x044BB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x044CD000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x044CF000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x044DA000 \SystemRoot\System32\Drivers\crashdmp.sys

0x044E8000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x0480D000 \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys

0x0493E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x04956000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04972000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x0497D000 \SystemRoot\system32\drivers\RTSTOR64.SYS

0x00040000 \SystemRoot\System32\win32k.sys

0x04991000 \SystemRoot\System32\drivers\Dxapi.sys

0x0499D000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00440000 \SystemRoot\System32\TSDDD.dll

0x00660000 \SystemRoot\System32\cdd.dll

0x049B0000 \SystemRoot\system32\drivers\luafv.sys

0x00EDD000 \SystemRoot\system32\drivers\spsys.sys

0x049D2000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x00F77000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x049E6000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x00FAB000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x15C05000 \SystemRoot\system32\drivers\HTTP.sys

0x15CA8000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x15CD1000 \SystemRoot\system32\DRIVERS\bowser.sys

0x15CEF000 \SystemRoot\System32\drivers\mpsdrv.sys

0x15D09000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x15D32000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x15D7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x15D9A000 \SystemRoot\System32\DRIVERS\srv2.sys

0x15E06000 \SystemRoot\System32\DRIVERS\srv.sys

0x15EB1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x15EB6000 \SystemRoot\system32\drivers\peauth.sys

0x15F6C000 \SystemRoot\System32\Drivers\secdrv.SYS

0x15F77000 \SystemRoot\System32\drivers\tcpipreg.sys

0x15F87000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x15FA7000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0x15FBD000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x15FC5000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

0x15FCC000 \??\C:\Users\Jacque\AppData\Local\Temp\aswMBR.sys

0x77770000 \Windows\System32\ntdll.dll

Processes (total 74):

0 System Idle Process

4 System

472 C:\Windows\System32\smss.exe

568 csrss.exe

604 C:\Windows\System32\wininit.exe

624 csrss.exe

660 C:\Windows\System32\services.exe

672 C:\Windows\System32\lsass.exe

680 C:\Windows\System32\lsm.exe

788 C:\Windows\System32\winlogon.exe

864 C:\Windows\System32\svchost.exe

928 C:\Windows\System32\svchost.exe

972 C:\Windows\System32\svchost.exe

248 C:\Windows\System32\svchost.exe

336 C:\Windows\System32\svchost.exe

332 C:\Windows\System32\svchost.exe

912 C:\Windows\System32\audiodg.exe

368 C:\Windows\System32\svchost.exe

1028 C:\Windows\System32\SLsvc.exe

1080 C:\Windows\System32\svchost.exe

1188 C:\Windows\System32\svchost.exe

1424 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

1432 C:\Windows\System32\wlanext.exe

1624 C:\Windows\System32\spoolsv.exe

1648 C:\Windows\System32\svchost.exe

1920 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

2028 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

1684 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

1312 C:\Windows\System32\svchost.exe

860 C:\Windows\System32\svchost.exe

528 C:\Windows\System32\svchost.exe

2064 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2116 C:\Windows\System32\SearchIndexer.exe

2172 C:\Windows\System32\drivers\XAudio64.exe

2296 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2424 WUDFHost.exe

2544 unsecapp.exe

2620 WmiPrvSE.exe

2112 C:\Windows\System32\dwm.exe

2416 C:\Windows\System32\taskeng.exe

2400 C:\Windows\System32\taskeng.exe

1464 C:\Windows\explorer.exe

3052 C:\Windows\System32\taskeng.exe

3080 C:\Windows\mHotkey.exe

3264 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3276 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

3288 C:\Windows\ChiFuncExt.exe

3300 C:\Windows\System32\igfxtray.exe

3316 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

3348 C:\Windows\ehome\ehtray.exe

3376 C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

3384 C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe

3476 C:\Windows\CNYHKey.exe

3508 C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe

3516 C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

3524 C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

3540 C:\Windows\ehome\ehmsas.exe

3548 C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

3556 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

3564 C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

3572 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

3608 C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

3104 C:\Windows\ModLEDKey.exe

3724 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

3604 C:\Windows\System32\svchost.exe

4704 C:\Program Files (x86)\Internet Explorer\ielowutil.exe

1040 C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

5008 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

1300 C:\Windows\System32\SearchProtocolHost.exe

3068 C:\Windows\System32\SearchFilterHost.exe

4180 C:\Windows\System32\dllhost.exe

4536 dllhost.exe

4244 dllhost.exe

3196 C:\Users\Jacque\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71200000 (NTFS)

\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-22A7B0, Rev: 01.03B01

PhysicalDrive1 Model Number: SeagateFreeAgent Go, Rev: 0148

Size Device Name MBR Status

--------------------------------------------

596 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 575F7AD225D93BEFACE9A814B790D9E59B2C2206

465 GB \\.\PhysicalDrive1 RE: Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

  • Please run mbrCheck again.
  • At "Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit", type Y and hit the "Enter".
  • At "Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.
    Enter your choice", type 1 and hit "Enter".
  • At "Enter the physical disk number to fix (0-99, -1 to cancel):" Enter 0 for drive C:
  • At "Enter filename to dump to:" Type mbr-dump.dat and press Enter
  • At "Enter the physical disk number to fix (0-99, -1 to cancel):" Enter -1
  • At the next prompt, press ENTER.
  • A file mbr-dump.dat will be produced on the desktop. Now you have to compress this file:
    Right click on it
    Navigate and select Send to
    Then navigate and select Compressed (zipped) Folder
    A file mbr-dump.zip will be produced on the desktop
    Please attach this file (mbr-dump.zip) in your next reply.

Link to post
Share on other sites

I can no longer access IE. I am in safe mode with networking now. I've tried several times to attach the zip file and post it, but when I post reply, I get the IE error. I am going to try and post it in another post. Just wanted you to know, I am having trouble getting it posted here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.