Solved Chrome issues & possible virus?

T

top_model_guy

Posts: 79   +0
Hey everyone,
For the past few weeks I have been having the worst internet browsing experience and believe the culprit could be some form of virus or malware. For one my Google Chrome browser has not been able to load any Google websites such as gmail. I researched some online solutions such as deleting my browsing history and cookies, but this did not solve the problem. I then reinstalled the browser, but that also did not fix the problem. I then downloaded Firefox for browsing purposes--it has been able to open gmail--but that browser is also generally having a very slow browsing experience as well as experiencing many delays and glitches such as not being able to keep up with the writing of this message and webpages freezing and the browser crashing and rebooting.
Thanks for any help in advance.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Jill Cowan :: JILLCOWAN-PC [administrator]

11/15/2012 12:50:20 PM
mbam-log-2012-11-15 (12-50-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207022
Time elapsed: 29 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\Jill Cowan\Local Settings\Application Data\ShamrockSpringSA (Adware.HotBar.SS) -> Quarantined and deleted successfully.
C:\Users\Jill Cowan\Local Settings\Application Data\ShamrockSpringSA\bin (Adware.HotBar.SS) -> Quarantined and deleted successfully.
C:\Users\Jill Cowan\Local Settings\Application Data\ShamrockSpringSA\bin\1.0.18.0 (Adware.HotBar.SS) -> Quarantined and deleted successfully.
C:\Users\Jill Cowan\AppData\Local\ShamrockSpringSA (Adware.HotBar.SS) -> Quarantined and deleted successfully.
C:\Users\Jill Cowan\AppData\Local\ShamrockSpringSA\bin (Adware.HotBar.SS) -> Quarantined and deleted successfully.
C:\Users\Jill Cowan\AppData\Local\ShamrockSpringSA\bin\1.0.18.0 (Adware.HotBar.SS) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Jill Cowan\Local Settings\Application Data\ShamrockSpringSA\bin\1.0.18.0\shamrockspringSAHook.dll (Adware.HotBar.SS) -> Quarantined and deleted successfully.
C:\Users\Jill Cowan\AppData\Local\ShamrockSpringSA\bin\1.0.18.0\shamrockspringSAHook.dll (Adware.HotBar.SS) -> Quarantined and deleted successfully.

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-11-15 13:42:26
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP
Running: 5oy3ecuq.exe; Driver: C:\Users\JILLCO~1\AppData\Local\Temp\pwryauow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----


DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by Jill Cowan at 13:50:14 on 2012-11-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1167 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alothome.com/en-us
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\jill cowan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 65.208.187.211 206.124.64.253
TCP: Interfaces\{26A7A8A4-5669-4C19-A352-26D43C6A12C6} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8E1146BC-55D6-4CD0-A8D6-B206C31F2D0B} : DHCPNameServer = 65.208.187.211 206.124.64.253
TCP: Interfaces\{8E1146BC-55D6-4CD0-A8D6-B206C31F2D0B}\2456C6B696E6F5E4B2F5246323243434 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{8E1146BC-55D6-4CD0-A8D6-B206C31F2D0B}\D427E2022516765627D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jill cowan\appdata\roaming\mozilla\firefox\profiles\cfpv5fn9.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jill cowan\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\jill cowan\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\jill cowan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jill cowan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-10-07 10:31; {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2012-11-03 15:34; adblockpopups@jessehakanen.net; c:\users\jill cowan\appdata\roaming\mozilla\firefox\profiles\cfpv5fn9.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2012-11-03 15:34; spellcheckerimproved@mozilla.firefox; c:\users\jill cowan\appdata\roaming\mozilla\firefox\profiles\cfpv5fn9.default\extensions\spellcheckerimproved@mozilla.firefox.xpi
FF - ExtSQL: 2012-11-15 12:45; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2011-01-21 18:49; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-15 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-15 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-15 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-15 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-15 44808]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-6 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-28 1343400]
.
=============== Created Last 30 ================
.
2012-11-15 20:41:02 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-15 20:40:57 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-15 20:40:53 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-15 20:39:28 41224 ----a-w- c:\windows\avastSS.scr
2012-11-15 20:39:10 -------- d-----w- c:\programdata\AVAST Software
2012-11-15 20:39:10 -------- d-----w- c:\program files\AVAST Software
2012-11-15 20:22:02 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3078c717-1e9c-4627-9d66-30495bbb431b}\mpengine.dll
2012-11-03 22:41:27 -------- d-----w- c:\users\jill cowan\appdata\local\Macromedia
2012-11-03 21:53:02 -------- d-----w- c:\windows\tiinst
.
==================== Find3M ====================
.
2012-11-03 22:40:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-03 22:40:59 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57:48 981504 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:20:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 20:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-04-18 03:23:22 3993600 ----a-w- c:\program files\GUT454C.tmp
.
============= FINISH: 13:52:24.65 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/26/2010 9:59:19 AM
System Uptime: 11/15/2012 1:38:06 PM (0 hours ago)
.
Motherboard: TOSHIBA | | IAKAA
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U2E1 | 1733/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 30.264 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C7200 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP232: 10/30/2012 9:06:26 AM - Windows Update
RP233: 11/3/2012 2:02:01 PM - Windows Update
RP235: 11/3/2012 2:52:30 PM - Installed TIPCI
RP236: 11/7/2012 12:19:08 PM - Windows Update
RP237: 11/15/2012 12:20:30 PM - Windows Update
RP238: 11/15/2012 12:38:53 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
BufferChm
C5200
C5200_Help
C7200
C7200_Help
Copy
Destinations
DeviceDiscovery
DivX Setup
DocProc
EpicBot
EPSON NX410 Series Printer Uninstall
EPSON Scan
Facebook Video Calling 1.2.0.287
Fax
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iCloud
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 13.0
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shop for HP Supplies
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Spotmau Wincare 2008
Status
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VirtualCloneDrive
Vorton Financial Tools
Vuze
WebReg
WinRAR 4.20 beta 2 (32-bit)
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 1:35:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MALDA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8E1146BC-55D6-4CD0-A8D6-B206C31F2. The master browser is stopping or an election is being forced.
11/15/2012 12:15:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
11/15/2012 12:15:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Security Scan Component Host Service service to connect.
11/15/2012 12:15:48 PM, Error: Service Control Manager [7000] - The McAfee Security Scan Component Host Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/15/2012 1:22:56 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/15/2012 1:22:56 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
11/15/2012 1:22:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
11/10/2012 2:24:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8E1146BC-55D6-4CD0-A8D6-B206C31F2. The master browser is stopping or an election is being forced.
11/10/2012 12:07:06 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jill Cowan [Admin rights]
Mode : Scan -- Date : 11/16/2012 11:24:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Jill Cowan\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringSA.exe" -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
--- User ---
[MBR] 6eddaf9ca75b304476d4a6ad5a7397a3
[BSP] 8529171cb2a38ca0961adabbbb654461 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112972 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11162012_02d1124.txt >>
RKreport[1]_S_11162012_02d1124.txt


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jill Cowan [Admin rights]
Mode : Remove -- Date : 11/16/2012 11:25:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Jill Cowan\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringSA.exe" -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
--- User ---
[MBR] 6eddaf9ca75b304476d4a6ad5a7397a3
[BSP] 8529171cb2a38ca0961adabbbb654461 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112972 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11162012_02d1125.txt >>
RKreport[1]_S_11162012_02d1124.txt ; RKreport[2]_D_11162012_02d1125.txt


After completing this step, Chrome still will not open gmail and browsing experience still seems slow. Will continue on with next steps.
 
During the aswMBR.exe scan, my computer crashed and a blue screen appeared. Upon rebooting a Windows Solution window appeared with the following:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 0113FE58
BCP2: 00000002
BCP3: 00000000
BCP4: 893CBFB6
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\111612-23478-01.dmp
C:\Users\Jill Cowan\AppData\Local\Temp\WER-47985-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
 
I re-ran aswMBR in safe mode and here are the results:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 13:28:25
-----------------------------
13:28:25.069 OS Version: Windows 6.1.7601 Service Pack 1
13:28:25.069 Number of processors: 2 586 0xE0C
13:28:25.069 ComputerName: JILLCOWAN-PC UserName: Jill Cowan
13:29:00.075 Initialize success
13:29:02.259 AVAST engine defs: 12111600
13:29:13.273 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:29:13.288 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7DP Size: 114473MB BusType: 3
13:29:13.319 Disk 0 MBR read successfully
13:29:13.319 Disk 0 MBR scan
13:29:13.943 Disk 0 Windows 7 default MBR code
13:29:13.975 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:29:14.786 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
13:29:14.911 Disk 0 scanning sectors +234440704
13:29:15.503 Disk 0 scanning C:\Windows\system32\drivers
13:29:34.629 Service scanning
13:30:04.378 Modules scanning
13:30:14.316 Disk 0 trace - called modules:
13:30:14.362 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
13:30:14.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e2d948]
13:30:14.394 3 CLASSPNP.SYS[8928f59e] -> nt!IofCallDriver -> [0x840a5838]
13:30:14.409 5 ACPI.sys[88a173d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d4d580]
13:30:14.784 AVAST engine scan C:\Windows
13:30:16.827 AVAST engine scan C:\Windows\system32
13:33:11.126 AVAST engine scan C:\Windows\system32\drivers
13:33:24.917 AVAST engine scan C:\Users\Jill Cowan
13:44:28.557 File: C:\Users\Jill Cowan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\40dbdf4b-5d37eb93 **INFECTED** Win32:MalOb-GR [Cryp]
13:47:54.930 AVAST engine scan C:\ProgramData
13:49:17.096 Scan finished successfully
13:49:35.519 Disk 0 MBR has been saved successfully to "C:\Users\Jill Cowan\Desktop\MBR.dat"
13:49:35.519 The log file has been saved successfully to "C:\Users\Jill Cowan\Desktop\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here is the Combofix log. Chrome still is not able to load Gmail. Was I supposed to do the rKill program as well or was that just if I was unable to run Combofix?

ComboFix 12-11-16.02 - Jill Cowan 11/16/2012 15:54:18.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1179 [GMT -8:00]
Running from: c:\users\Jill Cowan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\BasicScan
c:\program files\BasicScan\uninstall.exe
c:\programdata\fadc28b75271e62aca46418fa472a1e8_c
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-17 01:12 . 2012-11-17 01:12 -------- d-----w- c:\users\Jill Cowan\AppData\Local\temp
2012-11-17 01:12 . 2012-11-17 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 21:51 . 2012-11-17 01:13 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3078C717-1E9C-4627-9D66-30495BBB431B}\offreg.dll
2012-11-15 20:41 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-15 20:41 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-15 20:41 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-15 20:41 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-15 20:40 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-15 20:40 . 2012-10-30 23:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-15 20:39 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-15 20:39 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-15 20:39 . 2012-11-15 20:39 -------- d-----w- c:\programdata\AVAST Software
2012-11-15 20:39 . 2012-11-15 20:39 -------- d-----w- c:\program files\AVAST Software
2012-11-15 20:22 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3078C717-1E9C-4627-9D66-30495BBB431B}\mpengine.dll
2012-11-03 22:41 . 2012-11-03 22:41 -------- d-----w- c:\users\Jill Cowan\AppData\Local\Macromedia
2012-11-03 22:22 . 2012-11-03 22:22 -------- d-----w- c:\users\Jill Cowan\AppData\Local\Mozilla
2012-11-03 22:22 . 2012-11-03 22:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-03 21:54 . 2012-11-03 21:54 -------- d-----w- c:\program files\InstallShield Installation Information
2012-11-03 21:53 . 2012-11-03 21:53 -------- d-----w- c:\windows\tiinst
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 22:40 . 2012-07-21 14:03 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-03 22:40 . 2011-06-15 16:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 03:54 . 2012-01-03 16:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28 . 2012-10-10 16:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 16:23 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 16:23 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 16:23 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57 . 2012-10-10 16:24 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-09-22 15:49 981504 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 15:20 . 2012-09-22 15:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 16:00 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 16:00 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 16:00 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 16:00 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 15:45 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 20:01 . 2012-09-19 05:06 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 20:01 . 2012-07-20 15:15 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-20 17:40 . 2012-10-10 16:23 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 16:23 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 16:23 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 16:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 16:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 16:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-04-18 03:23 . 2012-04-18 02:34 3993600 ----a-w- c:\program files\GUT454C.tmp
2012-10-24 17:50 . 2012-11-03 22:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jill Cowan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\Jill Cowan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 04:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX410 Series]
2008-10-01 13:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFCA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-13 17:23 138096 ----atw- c:\users\Jill Cowan\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-24 19:39 136176 ----atw- c:\users\Jill Cowan\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 07:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 23:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 19:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 06:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-12-27 15:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-07-17 23:11 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 22:40]
.
2012-11-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000Core.job
- c:\users\Jill Cowan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-27 17:23]
.
2012-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000UA.job
- c:\users\Jill Cowan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-27 17:23]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 15:47]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 15:47]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000Core.job
- c:\users\Jill Cowan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:39]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000UA.job
- c:\users\Jill Cowan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alothome.com/en-us
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.208.187.211 206.124.64.253
FF - ProfilePath - c:\users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\
FF - ExtSQL: 2012-10-07 10:31; {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-11-03 15:34; spellcheckerimproved@mozilla.firefox; c:\users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\extensions\spellcheckerimproved@mozilla.firefox.xpi
FF - ExtSQL: 2012-11-15 12:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-15 14:51; printPages2Pdf@reinhold.ripper; c:\users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\extensions\printPages2Pdf@reinhold.ripper
FF - ExtSQL: 2012-11-15 14:51; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: !HIDDEN! 2011-01-21 18:49; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Spotmau WinCare 2008_is1 - c:\program files\Spotmau WinCare 2008\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\01\06\0e\15\0a6Í"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 17:16:11
ComboFix-quarantined-files.txt 2012-11-17 01:16
.
Pre-Run: 42,635,739,136 bytes free
Post-Run: 44,388,433,920 bytes free
.
- - End Of File - - 3D3519C9BF2693E8AA79C11F9F68946C
 
Looks good.

Uninstall McAfee Security Scan Plus, typical foistware.

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 11/17/2012 4:23:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jill Cowan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.47% Memory free
3.98 Gb Paging File | 3.17 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 39.71 Gb Free Space | 35.99% Space Free | Partition Type: NTFS

Computer Name: JILLCOWAN-PC | User Name: Jill Cowan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/17 16:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jill Cowan\Desktop\OTL.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/06/20 07:14:00 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 18:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 18:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2012/11/17 16:01:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/28 08:34:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JILLCO~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/01 21:52:48 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 08:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/21 14:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/11/09 02:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/07/06 12:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/17 03:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 03:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 03:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 03:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en-us
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 4D A3 3D 8A DC CC 01 [binary data]
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{945EAF50-7F8C-42DB-9D1B-54F31F23035E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=6ADB5E7F-8A75-4655-9790-7916B4B16558
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searc...id=30028&camp_id=4714&tb_version=1.2.2000.2(B
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: spellcheckerimproved@mozilla.firefox:1.0.0
FF - prefs.js..extensions.enabledAddons: printPages2Pdf@reinhold.ripper:0.1.8.0
FF - prefs.js..extensions.enabledAddons: {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}:0.7.7
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jill Cowan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jill Cowan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jill Cowan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jill Cowan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jill Cowan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/21 18:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/15 12:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/07 09:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 12:39:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/03 14:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/21 18:49:04 | 000,000,000 | ---D | M]

[2012/11/03 14:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\Extensions
[2012/11/15 14:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\Firefox\Profiles\cfpv5fn9.default\extensions
[2012/11/15 14:51:18 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\Firefox\Profiles\cfpv5fn9.default\extensions\printPages2Pdf@reinhold.ripper
[2012/11/03 14:34:47 | 000,020,035 | ---- | M] () (No name found) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\firefox\profiles\cfpv5fn9.default\extensions\spellcheckerimproved@mozilla.firefox.xpi
[2012/11/15 14:51:18 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\firefox\profiles\cfpv5fn9.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/11/03 14:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.alothome.com/en-us
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.alothome.com/en-us
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jill Cowan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jill Cowan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jill Cowan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: IMVU Inc = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb\2.3.17.1_0\
CHR - Extension: YouTube = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/16 17:12:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.208.187.211 206.124.64.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E1146BC-55D6-4CD0-A8D6-B206C31F2D0B}: DhcpNameServer = 65.208.187.211 206.124.64.253
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/17 16:21:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jill Cowan\Desktop\OTL.exe
[2012/11/17 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/11/17 15:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/11/16 17:16:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/16 17:16:13 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\AppData\Local\temp
[2012/11/16 15:51:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/16 15:51:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/16 15:51:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/16 15:50:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/16 15:50:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 15:48:09 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Jill Cowan\Desktop\ComboFix.exe
[2012/11/16 12:02:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/11/16 11:36:48 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jill Cowan\Desktop\aswMBR.exe
[2012/11/16 11:24:15 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\Desktop\RK_Quarantine
[2012/11/15 13:48:12 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Jill Cowan\Desktop\dds.com
[2012/11/15 12:41:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/11/15 12:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/15 12:41:06 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/11/15 12:41:02 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/11/15 12:41:00 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/11/15 12:40:57 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/11/15 12:40:53 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/11/15 12:39:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/15 12:39:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/11/15 12:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/15 12:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/10 11:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/03 14:41:27 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\AppData\Local\Macromedia
[2012/11/03 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\AppData\Local\Mozilla
[2012/11/03 14:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/03 14:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/03 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/03 13:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2012/11/03 13:53:02 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
[2012/11/02 11:30:14 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\AppData\Roaming\Mozilla
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/17 16:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jill Cowan\Desktop\OTL.exe
[2012/11/17 16:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/17 16:07:22 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/17 15:53:57 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 15:53:57 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 15:49:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 15:46:56 | 000,001,418 | ---- | M] () -- C:\Users\Jill Cowan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/17 15:46:43 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/17 15:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/17 15:45:50 | 274,672,921 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/17 15:44:58 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/17 15:30:33 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000UA.job
[2012/11/17 15:23:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/11/17 15:19:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2012/11/17 14:08:52 | 000,426,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/17 13:58:56 | 000,627,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/17 13:58:56 | 000,107,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/17 13:28:02 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000UA.job
[2012/11/16 17:12:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/16 17:10:33 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000Core.job
[2012/11/16 15:49:04 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Jill Cowan\Desktop\ComboFix.exe
[2012/11/16 13:49:35 | 000,000,512 | ---- | M] () -- C:\Users\Jill Cowan\Desktop\MBR.dat
[2012/11/16 11:37:27 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jill Cowan\Desktop\aswMBR.exe
[2012/11/16 11:22:37 | 000,673,280 | ---- | M] () -- C:\Users\Jill Cowan\Desktop\RogueKiller.exe
[2012/11/16 11:13:25 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000Core.job
[2012/11/15 13:48:33 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Jill Cowan\Desktop\dds.com
[2012/11/15 13:30:44 | 000,302,592 | ---- | M] () -- C:\Users\Jill Cowan\Desktop\5oy3ecuq.exe
[2012/11/15 12:48:51 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 12:41:07 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/15 12:40:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/11/10 11:21:37 | 000,002,246 | ---- | M] () -- C:\Users\Jill Cowan\Desktop\Google Chrome.lnk
[2012/11/03 14:22:26 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/30 15:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 15:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/26 11:57:37 | 000,442,368 | ---- | M] () -- C:\Users\Jill Cowan\Documents\Database1.accdb
[2012/10/23 23:10:01 | 000,348,160 | ---- | M] () -- C:\Users\Jill Cowan\Documents\Contacts.accdb
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/17 15:49:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 15:23:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/11/17 15:19:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2012/11/17 13:52:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 13:49:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/16 15:51:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/16 15:51:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/16 15:51:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/16 15:51:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/16 15:51:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/16 13:49:35 | 000,000,512 | ---- | C] () -- C:\Users\Jill Cowan\Desktop\MBR.dat
[2012/11/16 12:01:53 | 274,672,921 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/16 11:22:21 | 000,673,280 | ---- | C] () -- C:\Users\Jill Cowan\Desktop\RogueKiller.exe
[2012/11/15 13:30:41 | 000,302,592 | ---- | C] () -- C:\Users\Jill Cowan\Desktop\5oy3ecuq.exe
[2012/11/15 12:48:51 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 12:41:07 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/10 11:21:37 | 000,002,246 | ---- | C] () -- C:\Users\Jill Cowan\Desktop\Google Chrome.lnk
[2012/11/03 14:22:26 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/03 14:22:25 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/26 10:43:06 | 000,442,368 | ---- | C] () -- C:\Users\Jill Cowan\Documents\Database1.accdb
[2012/10/23 14:24:06 | 000,348,160 | ---- | C] () -- C:\Users\Jill Cowan\Documents\Contacts.accdb
[2012/07/30 08:36:35 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/07/30 08:36:35 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/07/30 08:36:35 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/07/30 08:36:35 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/07/30 08:36:35 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/07/30 08:36:35 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/07/30 08:36:35 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/07/30 08:36:35 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/07/30 08:36:35 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/07/30 08:36:35 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/07/30 08:36:35 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/07/30 08:36:35 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/07/30 08:36:35 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/07/30 08:36:35 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/07/30 08:36:35 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/07/30 08:36:35 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/01/02 20:20:23 | 000,010,552 | -HS- | C] () -- C:\Users\Jill Cowan\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[2012/01/02 20:20:23 | 000,010,552 | -HS- | C] () -- C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[2011/07/04 19:57:00 | 000,000,129 | ---- | C] () -- C:\Users\Jill Cowan\jagex_runescape_preferences2.dat
[2011/07/04 19:55:43 | 000,000,035 | ---- | C] () -- C:\Users\Jill Cowan\jagex_runescape_preferences.dat
[2011/06/06 15:56:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/06 15:54:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/21 18:36:40 | 000,210,948 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/01/21 18:36:40 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010/12/26 15:40:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/22 22:13:53 | 000,000,000 | ---D | M] -- C:\Users\Jill Cowan\AppData\Roaming\Azureus
[2011/08/07 21:39:05 | 000,000,000 | ---D | M] -- C:\Users\Jill Cowan\AppData\Roaming\EpicBot

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 11/17/2012 4:23:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jill Cowan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.47% Memory free
3.98 Gb Paging File | 3.17 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 39.71 Gb Free Space | 35.99% Space Free | Partition Type: NTFS

Computer Name: JILLCOWAN-PC | User Name: Jill Cowan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08675A4D-FC10-42BA-9DE3-7C3962A23908}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17604521-AC19-4553-B76F-FDE13F56BE03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17E5B689-B7FD-4306-8B05-568FA892C35C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3C2F6B16-09D8-4E86-9CF0-FC2A4FF01E81}" = rport=139 | protocol=6 | dir=out | app=system |
"{4EF2B9C9-E0BF-4E25-9A79-60262CB7910D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5D2DA3B2-B191-4897-B0DA-04203D7F3149}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5ED0A6CF-A0C8-4124-8380-5F1FB942CDA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{623300EC-1597-44CD-B98C-30B1BD214C0B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{86C07C1C-42E0-4030-9181-D5B2B83EECF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{892EFE00-7F7A-4D6E-AC1D-FCE6D5CAD609}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{8A1E0E3E-4327-4BA6-9BCD-962B620AFA74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{91C296A5-20B8-4530-A6EE-D39C82C9E163}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9850B788-AE0F-4EFE-A2EB-ABF4151ED865}" = rport=445 | protocol=6 | dir=out | app=system |
"{99148EE9-866E-461E-ABBE-DA31E58FCFED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A2FE561C-8348-4AC0-9311-08708C33B23D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAD8D0E4-C46A-4B50-B5D6-E7C11C571731}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2DC105E-8D60-4C72-9E12-E563CA992B24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAABB4EB-3168-46F5-9919-A05B797E37B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE57F6C8-19C0-4DB3-9615-1C3482534550}" = lport=445 | protocol=6 | dir=in | app=system |
"{C25E4731-BA8E-441F-8657-3918824A3BF4}" = lport=138 | protocol=17 | dir=in | app=system |
"{C2979ABE-9298-4979-849D-7B6EE8286636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C75BD92D-4A2A-44BA-8C6F-6CA97A87F38C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DFADED73-1AA0-45A1-9A1F-B9EBB7362BB5}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC7D2CFE-CBD3-4BF0-99E7-D7ABF66E6E6B}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0026DAD9-DE65-4ECF-BEAE-97A76B0D10CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{05E32643-56C4-4FD9-B0FD-4A6544165F5E}" = protocol=6 | dir=in | app=c:\users\jill cowan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{074171C3-2104-4055-9D60-99F8450DAEB5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{100BCBAD-B4FB-4C8A-A6EC-A9FDE2CF89E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{29943595-F445-4DFF-BA8F-4BDFD5E6EDEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{2E62A508-A720-4E81-B923-7406C12C6BB7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{32E8258A-5B0A-48F6-A4C2-D9AC7BDFC95F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{36C9E619-0A59-4E84-A5AE-DC2E40712748}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3B0FC70C-FEC2-4D9C-AFBA-24CA957E2C5E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3B5D2ECC-8482-48BC-88D0-B869E7FC9FC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{401B48AD-89D9-4075-ACB9-D3F5A928FD7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F43F628-77FE-4FE6-90B5-78C6DAF622F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{80040EE2-059D-4BC4-BD9B-B3A41F6863A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{85E58E6E-C636-418B-8C69-D6BAFB1EB966}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{86AF6A91-A729-4C2C-85DD-FFDDA95BEB3C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{878219FF-48DF-4C29-8A52-B05D8B702DEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F40C640-B17B-41AF-BC48-B507EA242723}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{90287C08-5BA2-4F5C-819C-9D4F302E54A6}" = dir=in | app=c:\users\jill cowan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{92A2F68F-7758-4F86-8828-4FB7A918BF66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{952F0EF3-A660-4889-988D-F1F5CACD68CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99692A04-B99D-4D70-AD0F-9EBDBE74E373}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9A778F31-08E7-4072-931B-91FD142DBFB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{9C4F1535-EC66-44DC-A029-8D43BBAAB4CB}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{A361C52A-C37C-47E8-9EAB-08E63BFAB147}" = protocol=17 | dir=in | app=c:\users\jill cowan\frostwire 5\frostwire.exe |
"{A6B96D05-623C-492D-A538-49837413A71A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{A7249485-D458-45EF-98DB-531E59894AA7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A8358088-F96D-4D35-B661-9FE9D2C5DA20}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A8DB0A88-2381-4FD2-B2E7-C657D540B412}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{AAB9190B-84FB-4EC1-AA5E-BD163715B10A}" = protocol=6 | dir=in | app=c:\users\jill cowan\frostwire 5\frostwire.exe |
"{AB0734F9-7C2C-4BD2-9E8A-A895608D17C2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{ACF1162D-E0A3-46C6-9107-6E79DFF94889}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{AD49E0CE-1319-48E1-BE42-EDE7136C5B86}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B693BD12-36BA-49AC-984E-157BDB5FF8D8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BB1D4937-2CC6-4194-AC1F-3B3DC75867AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFD67AC6-D287-476B-91EF-B3D30EAF8380}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C48B9CD7-1261-45E9-88D8-1437EA689731}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C6ED3866-4EBD-41B5-A928-AFC200188026}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C800DB2D-BADA-42B4-BF66-FFF1605A7061}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{C8205C57-EB5A-424D-85C9-DF039867237C}" = protocol=17 | dir=in | app=c:\users\jill cowan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CAED5B71-6A38-4224-826F-0D17D2AA438F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{D3668499-3A9F-408C-9F73-0327860931E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA9DC8F4-71A2-46CE-A39D-474B6750CAB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC8F71F4-E071-48A7-A379-EDC3865C92C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{E4E17BDC-C382-4F41-8D6F-F2FDA08A9044}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E672C89D-1B75-4B5E-80C4-85D5B021BE9F}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F040879C-751B-45DB-B715-46640CE0B5EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F3F6C465-CC16-420F-813F-F2AA56B83D42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{F8C1B134-4D72-48AB-BE63-3B91FAADDBFD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"TCP Query User{4DCFCFB7-C599-415A-A7AA-217DE7F7ACD6}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{F408CD64-D86B-4F2E-B9EB-87F2E024FDBC}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907611B4-1B1B-4810-88CD-965FA49F35F6}" = C5200
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"DivX Setup" = DivX Setup
"EpicBot" = EpicBot
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 15.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VirtualCloneDrive" = VirtualCloneDrive
"Vorton Financial Tools" = Vorton Financial Tools
"WinRAR archiver" = WinRAR 4.20 beta 2 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2012 7:30:51 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 100839

Error - 11/16/2012 7:30:51 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 100839

Error - 11/16/2012 7:30:52 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/16/2012 7:30:52 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 101853

Error - 11/16/2012 7:30:52 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 101853

Error - 11/16/2012 7:30:53 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/16/2012 7:30:53 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 102851

Error - 11/16/2012 7:30:53 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 102851

Error - 11/16/2012 9:10:22 PM | Computer Name = JillCowan-PC | Source = Google Update | ID = 20
Description =

Error - 11/16/2012 11:28:06 PM | Computer Name = JillCowan-PC | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 3/30/2012 6:22:14 PM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 11:16:35 AM - Error connecting to the internet. 11:16:35 AM - Unable
to contact server..

Error - 3/30/2012 6:22:38 PM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 6:22:29 PM - Error connecting to the internet. 6:22:29 PM - Unable
to contact server..

Error - 4/2/2012 3:47:37 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 3:47:37 AM - Error connecting to the internet. 3:47:37 AM - Unable
to contact server..

Error - 4/2/2012 3:47:48 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 3:47:42 AM - Error connecting to the internet. 3:47:42 AM - Unable
to contact server..

Error - 4/2/2012 4:47:52 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 4:47:52 AM - Error connecting to the internet. 4:47:52 AM - Unable
to contact server..

Error - 4/2/2012 4:47:59 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 4:47:58 AM - Error connecting to the internet. 4:47:58 AM - Unable
to contact server..

Error - 4/2/2012 5:52:20 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 5:52:20 AM - Error connecting to the internet. 5:52:20 AM - Unable
to contact server..

Error - 4/2/2012 5:52:27 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 5:52:25 AM - Error connecting to the internet. 5:52:25 AM - Unable
to contact server..

Error - 4/2/2012 6:52:31 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 6:52:31 AM - Error connecting to the internet. 6:52:31 AM - Unable
to contact server..

Error - 4/2/2012 6:52:37 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
Description = 6:52:36 AM - Error connecting to the internet. 6:52:36 AM - Unable
to contact server..

[ System Events ]
Error - 11/17/2012 8:12:41 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:12:45 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:12:49 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:12:54 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:12:58 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:13:02 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:13:06 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:13:11 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:13:15 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/17/2012 8:13:19 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/02 20:20:23 | 000,010,552 | -HS- | C] () -- C:\Users\Jill Cowan\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[2012/01/02 20:20:23 | 000,010,552 | -HS- | C] () -- C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I ran the OTL fix and the computed rebooted on its own, however I do not see the log I need to post with the results.
Should I continue with next scans or wait until I am able to locate or re-run the OTL fix?
 
Re-ran OTL in safe mode and here are the log results:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Users\Jill Cowan\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o not found.
File C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jill Cowan
->Temp folder emptied: 104427 bytes
->Temporary Internet Files folder emptied: 244237363 bytes
->Java cache emptied: 38261943 bytes
->FireFox cache emptied: 87045710 bytes
->Google Chrome cache emptied: 148158580 bytes
->Flash cache emptied: 120850 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28788264 bytes
RecycleBin emptied: 17531 bytes

Total Files Cleaned = 521.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jill Cowan
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jill Cowan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11202012_181106

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
SecurityCheck log results:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player11.5.502.110
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
FSS log:

Farbar Service Scanner Version: 09-11-2012
Ran by Jill Cowan (administrator) on 20-11-2012 at 18:30:29
Running from "C:\Users\Jill Cowan\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-11-15 12:31] - [2012-10-03 08:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 08:23] - [2012-06-01 20:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
AdwCleaner Log:

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 18:33:05
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Jill Cowan - JILLCOWAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Jill Cowan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Jill Cowan\AppData\Local\APN
Folder Deleted : C:\Users\Jill Cowan\AppData\Local\Conduit
Folder Deleted : C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
Folder Deleted : C:\Users\Jill Cowan\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Jill Cowan\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2608 octets] - [20/11/2012 18:33:05]

########## EOF - C:\AdwCleaner[S1].txt - [2668 octets] ##########
 
I've followed each of the steps and am still not able to open Gmail in Chrome

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f86b1e017be3aa41b41e3c8f5dd470b0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-22 04:25:59
# local_time=2012-11-21 08:25:59 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 105080461 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=431837
# found=2
# cleaned=2
# scan_time=22704
C:\Users\Jill Cowan\Documents\CouponAlert.exeWin32/AdInstaller application (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\Windows.old\Documents and Settings\jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1a25d2cf-37ccf54dmultiple threats (deleted - quarantined)00000000000000000000000000000000C
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=============================

Uninstall Chrome...

  1. Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
  2. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
  3. Select the default browser you'd like to use.
  4. Click OK in the confirmation prompt.
  5. The uninstall process will begin.
Install fresh copy.
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=============================

Uninstall Chrome...

  1. Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
  2. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
  3. Select the default browser you'd like to use.
  4. Click OK in the confirmation prompt.
  5. The uninstall process will begin.
Install fresh copy.
 
Completed the Java update and remove steps as well as uninstalling and installing a fresh version of Chrome. I am still unable to open Gmail in Chrome.
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back